Browse Prior Art Database

Secure Content Image Management for Pause and Resume of System Images

IP.com Disclosure Number: IPCOM000236363D
Publication Date: 2014-Apr-22
Document File: 2 page(s) / 35K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method for secure content image management for pause and resume of system images is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 82% of the total text.

Page 01 of 2

Secure Content Image Management for Pause and Resume of System Images

Disclosed is a system and method for secure content image management for pause and resume of system images.

There is historically a trade off between security and performance, in particular

cryptography and performance. An example is, with Power

                                     ® Logical Partition (LPAR) pause and resume feature. When an LPAR is paused the system image is stored on the Virtual IO Server (VIOS). This system image is a memory snap shot which could very well contain passwords and cryptography keys. Because of performance requirements at resume time, the image need be stored in the clear. This means a VIOS padmin could examine the stored system image and use a key/password discovery tool which searches files for known formatted keys or clear passwords under the memory context of the login process.

The disclosed method uses the same key/password discovery technology to find areas of sensitive data and encrypt only those areas when an image is paused. Upon system resume these areas are decrypted. The key to encrypt the sensitive data would be unique to image and only the Hardware Management Console (HMC) would have protected and automated access to these key. The padmins would still be able to access the paused system images but would not be able to access any sensitive data within those image.

Figure 1 depicts a Central Electronic Complex (CEC) having multiple Virtual System (VS) images. A single (randomly create...