Browse Prior Art Database

Method and System for Controlling Guest Operating System Using A Covert Channel

IP.com Disclosure Number: IPCOM000239041D
Publication Date: 2014-Oct-03
Document File: 3 page(s) / 48K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system is disclosed for controlling guest operating system using a covert channel.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 39% of the total text.

Page 01 of 3

Method and System for Controlling Guest Operating System Using A Covert Channel

Disclosed is a method and system for controlling guest operating systems (OS) using a covert channel. The method and system proactively sets up a covert channel between multiple levels of systems as, for example 1st level, 2nd level, etc. A controller

continuously monitors, via the covert channel, activities of one or more guest OS running on any of the multiple levels of systems such as, for example on 2nd level systems. Monitored activities are thus evaluated and analyzed for controlling guest OS by the 1st level controller. The key aspect of controlling is messaging the systems when to start or stop, what memory configuration to use, and what workload to run, along with requesting status reports and receiving responses to those requests via the covert channel. Optionally, a plurality of controllers may issue requests and note responses. Third-level and higher systems may be controlled in the same manner, and by the same 1st level controller, by using the same CP1STLVL exit described later to pass through intervening levels.

The covert channel employed is a pair of 1st level commands SET/QUERY PRODUCT,

whose original use was to indicate to guests whether a particular product was licensed

to run. The use of the commands is redirected by specifying a phony product with a name chosen to correspond to a guest hosting a 2nd level OS. Except in the unlikely case that it conflicts with an actual product name, the phony product name chosen is the same as the 1st level UserID (Host UserID) hosting the 2nd level OS. Two key elements of control enabled via this channel are specification of the initial memory configuration of the 2nd level OS, and on-going status reports, load reconfiguration, etc.

A guest, in particular a server, on the 2nd level system cannot normally issue commands (in particular SET/QUERY PRODUCT) to the 1st level system, so a CP exit, CP1STLVL, is added to the 2nd level OS to make possible the issuing of 1st level commands by a 2nd level guest. The covert channel communication mechanism depends on the 1st-level operating system having some function like SET/QUERY PRODUCT that allows guests to leave messages lying around for each other, and the 2nd-level operating system having a capability like CP1STLVL to allow its guest OS to issue 1st-level commands.

In accordance with the method and system, a configuration file is created which predefines a set of workloads. The configuration file is then placed on a storage disk for allowing it to be read-only to the 2nd-level systems and read-write to a controller.

This allows the 2nd level systems to be directed to employ a particular workload to run, instead of needing to communicate workload details to the 2nd level system. Further, start and stop of guest operating system can be controlled by having the 2nd-level system come up automatically whenever a host user is logged in. For example, when

th...