Providing Security to paged out pages to Virtual IO Server paging space partition in Active Memory Sharing environment
Publication Date: 2014-Apr-24
The IP.com Prior Art Database
In the current implementation of AMS (Active memory sharing), there is no security provided with respect to the pages that are paged out to the VIOS paging space partition. Since the VIOS paging space partition is nothing but the disks belonging to the VIOS, a VIOS administrator can easily get access to the memory contents of the VIOClient, via the contents paged out to the paging space. The main objective of VIOS is to provide only Virtual IO to the clients, and not be able to access any data written by the clients to the exported IO (network or disk). This problem of the administrator being able to access the paged out data becomes even more of a security concern in the following two scenarios: 1. The page that is paged out to the paging space partition was an EFS file in the LPAR, that is in decrypted form in the AMS memory pool 2. When AMS is used in conjuncture with SSP (Shared Storage Pools), any administrator who has access to any VIOS in the SSP cluster can see the data written to these AMS paging space partition by any VIOclient. There is no solution to the problem stated above as of today. The article provides a novel solution to address this problem. This idea can be extended to encrypt all or any pages that are paged out to the VIOS paging space partition disk. But this article concentrates on encrypted pages. Because, encrypted file pages come from encrypted file systems and are meant to be in encrypted form when there are present in the disk blocks. Also, if we try to encrypt the entire paging space on VIOS there will be a performance impact, but the idea can be extended to do so.