Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Providing Security to paged out pages to Virtual IO Server paging space partition in Active Memory Sharing environment

IP.com Disclosure Number: IPCOM000236398D
Publication Date: 2014-Apr-24
Document File: 8 page(s) / 77K

Publishing Venue

The IP.com Prior Art Database

Abstract

In the current implementation of AMS (Active memory sharing), there is no security provided with respect to the pages that are paged out to the VIOS paging space partition. Since the VIOS paging space partition is nothing but the disks belonging to the VIOS, a VIOS administrator can easily get access to the memory contents of the VIOClient, via the contents paged out to the paging space. The main objective of VIOS is to provide only Virtual IO to the clients, and not be able to access any data written by the clients to the exported IO (network or disk). This problem of the administrator being able to access the paged out data becomes even more of a security concern in the following two scenarios: 1. The page that is paged out to the paging space partition was an EFS file in the LPAR, that is in decrypted form in the AMS memory pool 2. When AMS is used in conjuncture with SSP (Shared Storage Pools), any administrator who has access to any VIOS in the SSP cluster can see the data written to these AMS paging space partition by any VIOclient. There is no solution to the problem stated above as of today. The article provides a novel solution to address this problem. This idea can be extended to encrypt all or any pages that are paged out to the VIOS paging space partition disk. But this article concentrates on encrypted pages. Because, encrypted file pages come from encrypted file systems and are meant to be in encrypted form when there are present in the disk blocks. Also, if we try to encrypt the entire paging space on VIOS there will be a performance impact, but the idea can be extended to do so.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 30% of the total text.

Page 01 of 8

Providing Security to paged out pages to Virtual IO Server paging space partition in Active Memory Sharing environment

There is no solution to the problem stated in abstract as of today. This article provides a novel solution to address this problem.

There are four novelty points in this article to resolve the problem indicated above.

1. Addition of a new filed in the inode to make out if the file is an EFS file or otherwise.

2. Addition of a new field "EFS" in the Page Frame table entry (PFT) local to the LPAR.

3. Addition of a new filed "EFS bit" in the Hypervisor translation page table entry maintained by the Hypervisor.

4. Addition of a new filed "EFS Key" in the Hypervisor translation page table entry maintained by the Hypervisor.

One of the advantages is:
EFS file pages will be secured (in encrypted form) even when they are paged out to

VIOS paging space partition which is accessible by the VIOS administrator.

This idea can be extended to any pages and need not be restricted to EFS pages.

Other advantages are listed towards the end of the article.

Expansion of Abbreviations used

VIOS: Virtual I/O Server

VIOC: Virtual I/O Client

AMS: Active Memory Sharing SSP: Shared Storage Pool EFS: Encrypted File system

VFS: Virtual File system PFT: Page Frame Table LPAR: Logical Partition

Implementation details:

The following diagram (figure 1) identifies the files which belong to EFS filesystem and mark the corresponding inode of these file as EFS file. Using the EFS value in the inode this file can be identified as an EFS file or otherwise.

1


Page 02 of 8

figure(1)

Once the open system call is called for an efs file, the user file descriptor (ufd) pointer is obtained, which will be mapped to system file table. The system file table is global for all the files and directories which are opened by any process on the system. From the system file table the vnode of the file can be identified. From this vnode, inturn the VFS structure of the file system is identified. If the VFS type in the VFS structure is EFS, this article proposes to make an entry in the inode of the file indicating that it is an EFS file.

This new inode entry for EFS will be used to communicate to the hypervisor, which will enable the hypervisor to differentiate between efs pages and non-efs pages.

2


Page 03 of 8

figure(2)

In the figure (2), Disk block descriptors 1, 5 & 6 are efs file descriptor blocks which are in encrypted form. But once they are loaded into memory, the memory pages of these file descriptor blocks (efs files) will be in decrypted form, which are represented as P1, P2 & P3 in the above diagram. This article proposes that, the page frame table entry (PFT) will have a new entry "EFS" in the page frame table. This entry will indicate if the page loaded was from efs file descriptor blocks or otherwise.

The valid values for this entry are 1 and 0. A value of 1 indicates that the page is efs file page.

A value of 0 indicates otherwise.

3


Page 04 of 8

figure(3...