Browse Prior Art Database

Selective Secure Partition Mobility Disclosure Number: IPCOM000236597D
Publication Date: 2014-May-05
Document File: 2 page(s) / 34K

Publishing Venue

The Prior Art Database


A method for selective secure partition mobility is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 64% of the total text.

Page 01 of 2

Selective Secure Partition Mobility

Disclosed is a method for selective secure partition mobility.

Virtual system motion has an inherent security issue: all of the memory pages are transported over the network in the clear. All memory, which may include passwords, crypto keys, credit card numbers, or account numbers, are transported over the network in clear text form. In some systems, an Internet Protocol Security ( IPsec) tunnel may be automatically set up between two virtual operating systems involved in LPM (Live Partition Mobility). The problem with that solution is that Virtual Motion is very time sensitive. The longer the transfer takes, the more likely the source page will become dirty and need to be retransmitted. These re-transmissions plus the cryptography performance impact can lead to very lengthy Virtual Motions and even time outs.

The disclosed solution is a method of marking pages with sensitive data, and only encrypting these pages. This provides the best performance by completely skipping encryption of those pages without sensitive data, and providing strong encryption for data needing privacy.

There are methods and products that exist today to detect sensitive data such as credit

card numbers, social security numbers, etc. The IBM

® Guardium

                ® kernel system layer and examines data being accessed by a database. It issues alerts if it sees sensitive data in the clear. This allows the Database (DB) administrator to turn on encryption to protect...