(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2015/0033221 A1
`Chari et al.
`(43) Pub. Date:
`Jan. 29, 2015
`
`US 20150.033221A1
`
`(54) SANITIZATION OF VIRTUAL MACHINE
`IMAGES
`
`(71) Applicant: International Business Machines
`Corporation, Armonk, NY (US)
`
`(72) Inventors: Suresh N. Chari, Tarrytown, NY (US);
`Ashish Kundu, Elmsford, NY (US)
`(73) Assignee: stational styhis
`orporation, Armonk,
`(US)
`21) Appl. No.: 13/950,014
`(21) Appl. No
`9
`(22) Filed:
`Jul. 24, 2013
`
`Publication Classification
`
`(51) Int. Cl.
`G06F 9/455
`
`(2006.01)
`
`(52) U.S. Cl.
`CPC .................................. G06F 9/45533 (2013.01)
`USPC .............................................................. 718/1
`
`(57)
`
`ABSTRACT
`
`Sanitizing a virtual machine image of sensitive data is pro
`vided. A label for a sensitivity level is attached to identified
`sensitive data contained within each Software component in a
`plurality of software components of a software stack in a
`virtual machine image based on labeling policies. In response
`to receiving an input to perform a sanitization of the identified
`sensitive data having attached sensitivity level labels con
`tained within software components of the software stack in
`the virtual machine image, the sanitization of the identified
`sensitive data having the attached sensitivity level labels con
`tained within the software components of the software stack
`in the virtual machine image is performed based on sanitiza
`tion policies.
`
`DATAPROCESSING | STORAGE
`SYSTEM
`DEVICES
`200
`216
`
`
`
`204
`
`
`
`206
`
`
`
`228
`
`222
`
`LABELER
`
`230
`
`232
`
`LABELINGSCRIPTS
`
`LABELINGPOLICIES
`
`LABELING SCRIPT
`EXECUTION POLICIES
`
`224
`
`234
`\
`SANTIZATION
`SCRIPTS
`
`SANITIZER 236
`/
`
`SANTIZATION
`POLICIES
`
`238
`/
`SANTIZATIONSCRIPT
`EXECUTION POLICIES
`
`PROCESSORUNIT
`
`MEMORY
`
`SPECIFIC INSTANCE OF AVMIMAGE
`
`226
`
`210 COMMUNICATIONS UNIT
`
`
`
`202
`COMMUNICATIONS
`FABRIC
`
`INPUTIOUTPUT UNIT
`
`DISPLAY
`
`
`
`214
`
`COMPUTER PROGRAMPRODUCT
`
`COMPUTER-READABLESIGNAL MEDIA
`
`PROGRAMCODE COMPUTER-READABLESTORAGEMEDIA
`COMPUTER
`242
`READABLE MEDIA PA
`
`244
`
`240
`
`246
`
`248
`
`WIZ, Inc. EXHIBIT - 1056
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 1 of 10
`
`US 2015/0033221 Al
`
`
`
`
`
`104 ~]
`
`
`
`
`
`
`
`
`
`
`
`SERVER
`
`
`
`
`
`106 ~|
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CLIENT
`
`
`
`SERVER
`
`
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 2 of 10
`
`US 2015/0033221 Al
`
` FIG, 2
`
`
`
`
`
`
`
`248
`\
`
`READABLE MEDIA 242
`
`COMPUTER-
`
`
`
`
`
`
`
`COMPUTER PROGRAM PRODUCT
`
`
`
`
`
`
`
`
`
`
`214
`
`
`
`
`
`
`
`DISPLAY
`
`
`
`
`
`
`
`%
`
`INPUT/OUTPUT UNIT -212
`
`
`
`
`
`
`
`
`
`
`
`
`
`二
`
`%
`
`NX 296
`
`SPECIFIC INSTANCE OF A VM IMAGE
`
`
`
`
`EXECUTION POLICIES
`SANITIZATION SCRIPT
`
`
`
`
`
`
`
`POLICIES
`
`SANITIZATION
`
`
`
`
`
`
`
`
`
`
`ee
` 204
`
`2
`238
`
`2
`236
`
`SANITIZER
`
`
`
`
`EXECUTION POLICIES
`
`LABELING SCRIPT
`
`/
`232
`
`
`
`
`
`
`
`LABELING POLICIES
`
`
`
`
`
`
`
`/
`[230
`
`LABELER
`
`222
`
`\
`234
`
`\
`228
`
`218~| VM IMAGE MANAGER | | VM IMAGE 一 220
`
`
`
`
`
`
`
`
`
`
`
`
`
`PERSISTENT STORAGE
`
`
`
`
`
`
`
`此
`
`
`
`
`
`
`
`
`
`
`一
`
`PROCESSOR UNIT
`
`\
`204
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`LABELING SCRIPTS
`
`
`
`
`
`
`
`216
`
`200
`
`DEVICES
`DATA PROCESSING | STORAGE
`
`SYSTEM
`
`
`
`
`208
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`240
`7
`
`
`
`
`
`
`
`
`
`
`yy
`
`244
`
`PROGRAM CODE || COMPUTER-READABLE STORAGE MEDIA || COMPUTER-READABLE SIGNAL MEDIA
`
`246
`7
`
`
`
`
`
`
`
`
`
`
`
`
`
`COMMUNICATIONS
`
`FABRIC
`
`
`
`
`
`
`
`210- 一 COMMUNICATIONS UNIT
`
`
`
`
`
`
`
`
`
`
`
`
`
`2
`
`4
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`SCRIPTS
`
`SANITIZATION
`
`
`
`
`
`
`
`
`
`
`MEMORY
`
`\
`206
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 3 of 10
`
`US 2015/0033221 Al
`
`
`
`
`
`
`
`
`
`
`
`
`ONLLNdWOO qnoro
`
`JN3NNOJIAN3
`
`00€
`
`S3CON 9NllndWoo
`
`qnon19
`OLE
`
`WALSAS
`ONISSIOONd VLVG
`VOcE
`
`
`
`
`
`
`
`
`
`
`
`
`
`g0ce
`WALSAS
`
`ONISSAOONd
`
`vivd
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ONISSADONd VLYO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`€ Ol
`
`90z¢ |
`
`AlLSAS) §&{_
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ONISSAOONd VLVG
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 4 of 10
`
`US 2015/0033221 Al
`
`
`
`
`
`
`
`
`
`
`
`
`
`AND OPERATING SYSTEMS
`
`MANAGEMENT
`
`406
`
`VIRTUAL MACHINE
`
`MANAGEMENT
`SERVICE LEVEL
`
`USER PORTAL
`SECURITY AND
`
`408
`
`VIRTUAL MACHINES
`
`INSTANCES OF
`
`MANAGING SPECIFIC
`
`GENERATING AND
`
`PROCESSING
`TRANSACTION
`
`PROCESSING
`ANALYTICS
`
`DATA
`
`WORKLOAD LAYER
`
`400
`ACLOUD COMPUTING ENVIRONMENT
`
`
`
`
`
`
`
`
`
`
`[Bair
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Mee
`
`
`
`
`FIG. 4
`
`402
`
`SOFTWARE SOFTWARE
`DATABASE
`SERVER
`
`
`
`
`
`
`
`
`
`
`
`
`
`圖 na
`
`STORAGE
`
`“4 APPLICATION
`NETWORKING
`NETWORK
`
`404
`
`
`
`
`
`
`
`
`
`
`eH
`MACHINES
`VIRTUAL
`
`—A
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`HARDWARE AND SOFTWARE LAYER
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BLADECENTER
`
`SYSTEMS
`
`SYSTEMS
`xSERIES ®
`
`iam ®
`
`
`
`
`SERVERS
`
`AINFRAMES
`
`M
`
`ARCHITECTURE
`
`RISC
`
`
`
`
`VIRTUALIZATION LAYER
`
`(oS! pc
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`VIRTUAL NETWORKS — VIRTUAL APPLICATIONS
`
`STORAGE
`VIRTUAL
`
`[一 一
`
`SERVERS
`VIRTUAL
`
`
`
`
`
`
`
`MANAGEMENT LAYER
`
`
`
`
`
`
`
`AND PRICING
`
`METERING
`
`PROVISIONING
`
`RESOURCE
`
`
`
`
`
`
`
`
`
`
` f
`
`
`
`ABSTRACTION LAYERS OF
`
`DELIVERY
`EDUCATION
`CLASSROOM
`
`VIRTUAL
`
`MANAGEMENT
`AND LIFECYCLE
`DEVELOPMENT
`
`SOFTWARE
`
`NAVIGATION
`MAPPING AND
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 5 of 10
`
`US 2015/0033221 Al
`
`VM IMAGE
`SOFTWARE STACK
`502
`
`
`
`二 -一
`
`VM IMAGE
`
`Pan 人
`
`
`
`APPLICATIONS
`
`504
`
`
`J、 一 506
`
`MIDDLEWARE
`
`
`
`500
`
`™~ 、、 、
`
`~、_
`
`
`GUEST OS
`VIRTUAL STORAGE
`
`
`
`
`
`
`
`十 508
`
`t 549
`
`FIG. 5
`
`

`

`Patent Application Publication
`
`Jan. 29, 2015 Sheet 6 of 10
`
`US 2015/0033221 Al
`
`STORAGE BLOCK
`DELETE VIRTUAL
`
`630
`
`OF VM IMAGE
`
`OF VM IMAGE
`
`OF VM IMAGE
`
`SPECIFIC INSTANCE
`
`SPECIFIC INSTANCE
`
`SPECIFIC INSTANCE
`
`DETACH FROM
`
`628
`
`ATTACH TO
`
`626
`
`ALLOCATE TO
`
`624
`
`STORAGE BLOCK
`VIRTUAL
`GENERATE
`
`
`
`
`
`
`VM IMAGE FOR ROLLBACK
`SPECIFIC INSTANCE OF
`GENERATE SNAPSHOT OF
`
`
`
`
`618
`CLONES
`VM IMAGE
`
`CATALOG OF
`
`
`
`各
`
`
`
`
`
`
`
`
`
`OF VM IMAGE CLONE
`SPECIFIC INSTANCE
`
`GENERATE
`
`
`
`
`/
`620
`
`圖
`
`616
`
`S
`
`INSTANCE OF VM IMAGE
`
`CLONE SPECIFIC
`
`614
`aS
`ee,
`
`610
`
`VM IMAGE
`
`INSTANCE OF
`
`SPECIFIC
`GENERATE
`
`CREDENTIALS
`
`USER
`
`612
`
`
`
`
`
`
`
`608
`7
`
`VM IMAGES
`THIRD-PARTY
`CATALOG OF
`
`
`
`
`
`
`
`OF VM IMAGES
`
`MASTER CATALOG
`
`
`
`
`、
`606
`
`
`
`
`TO CLOUD
`VM IMAGE
`PUBLISH
`
`VM IMAGE
`GENERATE
`
`604
`
`602
`
`
`
`
`VM IMAGE LIFECYCLE
`
`品
`
`FIG. 6
`
`

`

`
`
`LABELER
`SPECIFIC
` SPECIFIC
`LABELER
`INSTANCE OF
`INSTANCE OF
`700
`VMIMAGE
`700
`VM IMAGE
`
`FIG. 7
`712
`FIG. 7
`712
`
`LABELED SPECIFIC
`LABELED SPECIFIC
`INSTANCE OF VMIMAGE
`INSTANCE OF VM IMAGE
`
`LABEL FILE
`LABEL FILE
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 7 of 10
`Jan. 29, 2015 Sheet 7 of 10
`
`US 2015/0033221 A1
`US 2015/0033221 Al
`
`706
`706
`
`704
`
`702
`
`LABELING
`LABELING
`SCRIPTS
`SCRIPTS
`
`LABELING
`LABELING
`POLICIES
`POLICIES
`
`LABELING
`LABELING
`SCRIPT
`SCRIPT
`EXECUTION
`EXECUTION
`POLICIES
`POLICIES
`
`708
`
`710
`
`
`
`
`
`
`
`
`
`806
`806
`
`
`
`SANTIZATION
`SANITIZATION
`SCRIPT
`SANTIZATION SANITIZATION
`
`SANITIZATION||SANITIZATION SCRIPT
`SCRIPTS
`POLICIES
`EXECUTION
`SCRIPTS
`POLICIES
`EXECUTION
`POLICIES
`POLICIES
`
`LABELED
`LABELED
`SANTIZED
`SPECIFIC
`SANITIZER
`SANITIZED
`SPECIFIC
`SANITIZER
`SPECIFIC INSTANCE
`SPECIFIC INSTANCE
`OF VMIMAGE
`INSTANCE OF
`800
`OF VM IMAGE
`INSTANCE OF
`800
`VMIMAGE
`VM IMAGE
`
`FIG. 8
`FIG. 8
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 8 of 10
`Jan. 29, 2015 Sheet 8 of 10
`
`US 2015/0033221 A1
`US 2015/0033221 Al
`
`FIG. 9
`FIG. 9
`GENERATE VM IMAGE
`GENERATE VMIMAGE
`
`VMIMAGE LABELING AND
`VM IMAGE LABELING AND
`SANTIZATION PROCESS
`SANITIZATION PROCESS
`900
`900
`yg
`
`LABEL AND SANITIZE VM IMAGE
`LABEL AND SANTIZE VMIMAGE
`
`PUBLISHWMMAGE TO A
`PUBLISH VM IMAGE TO A
`CATALOG ON ACLOUD
`CATALOG ON A CLOUD
`
`GENERATE SPECIFIC
`GENERATE SPECIFIC
`INSTANCE OF VMIMAGE
`INSTANCE OF VM IMAGE
`
`LABEL AND SANITIZE SPECIFIC
`LABEL AND SANITIZE SPECIFIC
`INSTANCE OFWMIMAGE
`INSTANCE OF VM IMAGE
`
`
`
`OF VM IMAGE TO USER
`
`DELIVER LABELED AND
`DELIVER LABELED AND
`SANITIZED SPECIFIC INSTANCE
`SANITIZED SPECIFIC INSTANCE
`OF VMIMAGETOUSER
`
`902
`902
`904
`904
`
`906
`906
`
`908
`908
`
`910
`910
`
`912
`912
`
`
`
`GENERATE CLONE OF
`GENERATE CLONE OF
`SPECIFIC INSTANCE
`SPECIFIC INSTANCE
`OF VMIMAGE
`OF VM IMAGE
`
`DYNAMICALLYLABEL AND
`DYNAMICALLY LABEL AND
`SANTIZE RUNNING
`SANITIZE RUNNING
`INSTANCES OF VMIMAGE
`INSTANCES OF VM IMAGE
`
`GENERATESNAPSHOT
`GENERATE SNAPSHOT
`OF SPECIFIC INSTANCE
`OF SPECIFIC INSTANCE
`OF VMIMAGE
`OF VM IMAGE
`
`LABEL AND SANTIZE
`LABEL AND SANITIZE
`CLONED SPECIFIC
`CLONED SPECIFIC
`INSTANCE OF VMIMAGE
`INSTANCE OF VM IMAGE
`
`MONITORLABELED AND
`MONITOR LABELED AND
`SANTIZEDRUNNING
`SANITIZED RUNNING
`INSTANCES OF VMIMAGE
`INSTANCES OF VM IMAGE
`
`LABEL AND SANITIZE
`LABEL AND SANITIZE
`SNAPSHOT OF SPECIFIC
`SNAPSHOT OF SPECIFIC
`INSTANCE OF VMIMAGE
`
`INSTANCE OF VM IMAGE
`
`
`
`916
`916
`STORE LABELED AND
`STORE LABELED AND
`SANITIZED SNAPSHOT
`SANITIZED SNAPSHOT
`OF SPECIFIC INSTANCE
`OF SPECIFIC INSTANCE
`OF VMIMAGE
`OF VM IMAGE
`
`928
`928
`
`922
`922
`STORE LABELED AND
`STORE LABELED AND
`SANTIZED CLONE OF
`SANITIZED CLONE OF
`SPECIFIC INSTANCE
`SPECIFIC INSTANCE
`OF VMIMAGE
`OF VM IMAGE
`
`
`
`924
`924
`
`918
`918
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 9 of 10
`Jan. 29, 2015 Sheet 9 of 10
`
`US 2015/0033221 A1
`US 2015/0033221 Al
`
`RECEIVE, BY A COMPUTER, AN INPUT TO
`RECEIVE, BY A COMPUTER,AN INPUT TO
`GENERATEAVIRTUAL MACHINE IMAGE
`GENERATEA VIRTUAL MACHINE IMAGE
`
`GENERATE, BY THE COMPUTER, THE VIRTUAL MACHINE IMAGE
`GENERATE, BY THE COMPUTER, THE VIRTUAL MACHINE IMAGE
`
`IDENTIFY, BY THE COMPUTER, ASPECIFICATION LANGUAGE THATDEFINES
`IDENTIFY, BY THE COMPUTER, A SPECIFICATION LANGUAGE THAT DEFINES
`WHEN THE VIRTUAL MACHINE IMAGE ISSANITIZED, THE SOFTWARE
`WHEN THE VIRTUAL MACHINE IMAGEIS SANITIZED, THE SOFTWARE
`COMPONENTS OF THE VIRTUAL MACHINE IMAGE THAT ARE LABELED AND
`COMPONENTSOF THE VIRTUAL MACHINE IMAGE THAT ARE LABELED AND
`SANITIZED, AFIRST SET OF POLICIES ASSOCIATED WITH LABELING AND
`SANITIZED, A FIRST SET OF POLICIES ASSOCIATED WITH LABELING AND
`SANITIZING THE VIRTUAL MACHINE IMAGE, AND ASECONDSET OF POLICIES
`SANITIZING THE VIRTUAL MACHINE IMAGE, AND A SECOND SET OF POLICIES
`ASSOCATED WITH EXECUTION OF LABELING AND SANITIZATION PROGRAMS
`ASSOCIATED WITH EXECUTION OF LABELING AND SANITIZATION PROGRAMS
`
`
`
`
`
`1002
`4002
`
`1004
`1004
`
`1006
`1006
`
`1008
`1008
`
`1010
`1010
`
`1012
`1012
`
`INSERT, BY THE COMPUTER, ALABELERMODULE AND A SANITIZERMODULE
`INSERT, BY THE COMPUTER, A LABELER MODULE AND A SANITIZER MODULE
`INTO EACHSOFTWARE COMPONENT INAPLURALITY OF SOFTWARE
`INTO EACH SOFTWARE COMPONENTIN A PLURALITY OF SOFTWARE
`COMPONENTS OF A SOFTWARE STACKIN THE VIRTUAL MACHINE IMAGE
`COMPONENTS OF A SOFTWARESTACK IN THE VIRTUAL MACHINE IMAGE
`
`IDENTIFY, BY THE COMPUTER, LABELING DEPENDENCIES BETWEEN
`IDENTIFY, BY THE COMPUTER, LABELING DEPENDENCIES BETWEEN
`SOFTWARE COMPONENTS IN THE PLURALITY OF SOFTWARE COMPONENTS
`SOFTWARE COMPONENTSIN THE PLURALITY OF SOFTWARE COMPONENTS
`OF THE SOFTWARE STACKIN THE VIRTUAL MACHINE IMAGE BASED ON
`OF THE SOFTWARE STACK IN THE VIRTUAL MACHINE IMAGE BASED ON
`LABELING SCRIPTEXECUTION POLICIES LOCATED IN THE LABELERMODULE
`LABELING SCRIPT EXECUTION POLICIES LOCATED IN THE LABELER MODULE
`
`EXECUTE, BY THE COMPUTER, A LABELINGPROGRAMINEACH
`EXECUTE, BY THE COMPUTER,A LABELING PROGRAMIN EACH
`SOFTWARE COMPONENT IN THE PLURALITY OF SOFTWARE
`SOFTWARE COMPONENTIN THE PLURALITY OF SOFTWARE
`COMPONENTS OF THE SOFTWARESTACKIN THE VIRTUAL
`COMPONENTS OF THE SOFTWARE STACKIN THE VIRTUAL
`MACHINE IMAGE BASED ONLABELING EXECUTION POLICIES
`MACHINE IMAGE BASED ON LABELING EXECUTION POLICIES
`
`TO FIG. 10B
`TO FIG. 10B
`
`FIG. 1 OA
`FIG. 10A
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Jan. 29, 2015 Sheet 10 of 10
`Jan. 29, 2015 Sheet 10 of 10
`
`US 2015/0033221 A1
`US 2015/0033221 Al
`
`FROM FIG. 10B
`FROM FIG. 10B
`
`USE, BY THE COMPUTER, THE LABELING SCRIPTS TO ATTACHA
`USE, BY THE COMPUTER, THE LABELING SCRIPTS TO ATTACH A
`SENSITIVITYLEVELLABEL TO DENTIFIED SENSITIVE DATA
`SENSITIVITY LEVEL LABEL TO IDENTIFIED SENSITIVE DATA
`CONTAINED WITHIN EACH SOFTWARE COMPONENTIN THE
`CONTAINED WITHINEACHSOFTWARE COMPONENT IN THE
`PLURALITY OF SOFTWARE COMPONENTS OF THE SOFTWARE STACK
`PLURALITY OF SOFTWARE COMPONENTS OF THE SOFTWARE STACK
`IN THE VIRTUAL MACHINE IMAGE BASED ON LABELINGPOLICES
`IN THE VIRTUAL MACHINE IMAGE BASED ON LABELING POLICIES
`
`VIRTUAL MACHINE IMAGE BASEDON SANITIZATION POLICIES
`
`
`
`1014
`4014
`0
`O
`
`1016
`1016
`
`1018
`4018
`
`1020
`1020
`
`1022
`4022
`
`RECEIVE, BY THE COMPUTER, AN INPUTTOPERFORMASANITIZATION
`RECEIVE, BY THE COMPUTER,AN INPUT TO PERFORMA SANITIZATION
`OF THEIDENTIFIED SENSITIVE DATA HAVING ATTACHED SENSITIVITY
`OF THE IDENTIFIED SENSITIVE DATA HAVING ATTACHEDSENSITIVITY
`LEVELLABELS CONTAINED WITHIN THE SOFTWARE COMPONENTS OF
`LEVEL LABELS CONTAINED WITHIN THE SOFTWARE COMPONENTS OF
`THE SOFTWARESTACKIN THE VIRTUAL MACHINE IMAGE
`THE SOFTWARESTACK IN THE VIRTUAL MACHINE IMAGE
`
`IDENTIFY BY THE COMPUTER, SANITIZATIONDEPENDENCIES
`IDENTIFY, BY THE COMPUTER, SANITIZATION DEPENDENCIES
`BETWEENTHE SOFTWARE COMPONENTS IN THE PLURALITY OF
`BETWEEN THE SOFTWARE COMPONENTSIN THE PLURALITY OF
`SOFTWARE COMPONENTS OF THE SOFTWARESTACKIN THE
`SOFTWARE COMPONENTS OF THE SOFTWARE STACK IN THE
`VIRTUAL MACHINE IMAGE BASED ON SANITIZATION SCRIPT
`VIRTUAL MACHINE IMAGE BASED ONSANITIZATION SCRIPT
`EXECUTION POLICIES LOCATED IN THE SANITIZERMODULE
`EXECUTION POLICIES LOCATED IN THE SANITIZER MODULE
`
`EXECUTE, BY THE COMPUTER, SANITIZATION SCRIPTSINEACH
`EXECUTE, BY THE COMPUTER,SANITIZATION SCRIPTS IN EACH
`SOFTWARE COMPONENT IN THE PLURALITY OF SOFTWARE
`SOFTWARE COMPONENT IN THE PLURALITY OF SOFTWARE
`COMPONENTS OF THE SOFTWARE STACKIN THE VIRTUAL
`COMPONENTS OF THE SOFTWARE STACKIN THE VIRTUAL
`MACHINE IMAGE BASED ON THE DENTIFIED SANTIZATION
`MACHINE IMAGE BASED ON THE IDENTIFIED SANITIZATION
`DEPENDENCES BETWEEN THE SOFTWARE COMPONENTS
`DEPENDENCIES BETWEEN THE SOFTWARE COMPONENTS
`
`USE, BY THE COMPUTER, THE SANITIZATIONSCRIPTSTOPERFORM
`USE, BY THE COMPUTER, THE SANITIZATION SCRIPTS TO PERFORM
`THE SANITIZATION OF THE IDENTIFIED SENSITIVE DATA HAVING THE
`THE SANITIZATION OF THE IDENTIFIED SENSITIVE DATA HAVING THE
`ATTACHED SENSITIVITYLEVELLABELS CONTAINED WITHIN THE
`ATTACHED SENSITIVITY LEVEL LABELS CONTAINEDWITHIN THE
`SOFTWARE COMPONENTS OF THE SOFTWARESTACKIN THE
`SOFTWARE COMPONENTS OF THE SOFTWARE STACK IN THE
`VIRTUAL MACHINE IMAGE BASED ON SANITIZATION POLICIES
`
`C END )
`(END)
`FIG 1 OB
`FIG. 10B
`
`

`

`US 2015/0033221 A1
`US 2015/0033221 Al
`
`Jan. 29, 2015
`Jan. 29, 2015
`
`SANITIZATION OF VIRTUAL MACHINE
`SANTIZATION OF VIRTUAL MACHINE
`IMAGES
`IMAGES
`
`BACKGROUND
`BACKGROUND
`
`0001 1. Field
`[0001]
`1. Field
`0002 The disclosure relates generally to virtual machines
`[0002] The disclosure relates generally to virtual machines
`and more specifically to sanitizing a virtual machine image of
`and more specifically to sanitizing a virtual machine image of
`sensitive data contained within a plurality of different soft
`sensitive data contained within a plurality of different soft-
`ware components of a Software stack installed on the virtual
`ware components of a software stack installed on the virtual
`machine image.
`machine image.
`0003 2. Description of the Related Art
`[0003]
`2. Description of the Related Art
`0004. The concept of virtual machines has been used in
`[0004] The concept of virtual machines has been used in
`computing for decades. For example, mainframe computers
`computing for decades. For example, mainframe computers
`take advantage of their computing power by running multiple
`take advantage oftheir computing powerby running multiple
`instances of the same or different operating systems within
`instances of the sameor different operating systems within
`multiple virtual machines on the same computer. Virtual
`multiple virtual machines on the same computer. Virtual
`machines are desirable due to their ability to isolate specific
`machinesare desirable due to their ability to isolate specific
`applications, tasks, or users. For example, an individual want
`applications, tasks, or users. For example, an individual want-
`ing to manage his or her personal finances may use a virtual
`ing to managehis or her personal finances may usea virtual
`machine that is specifically equipped with personal account
`machinethat is specifically equipped with personal account-
`ing software and a variety of sensitive personal finance data
`ing software anda variety of sensitive personal finance data
`associated with that individual. Virtual machines are typically
`associated withthat individual. Virtual machinesare typically
`stored as a setoffiles.
`stored as a set of files.
`
`SUMMARY
`SUMMARY
`0005 According to one illustrative embodiment, a com
`[0005] According to one illustrative embodiment, a com-
`puter-implemented method for sanitizing a virtual machine
`puter-implemented method for sanitizing a virtual machine
`image of sensitive data is provided. A computer attaches a
`image ofsensitive data is provided. A computer attaches a
`sensitivity level label to identified sensitive data contained
`sensitivity level label to identified sensitive data contained
`within each software component in a plurality of software
`within each software componentin a plurality of software
`components of a Software stack in a virtual machine image
`components of a software stack in a virtual machine image
`based on labeling policies. In response to the computer
`based on labeling policies. In response to the computer
`receiving an input to perform a sanitization of the identified
`receiving an input to perform a sanitization of the identified
`sensitive data having attached sensitivity level labels con
`sensitive data having attached sensitivity level labels con-
`tained within software components of the software stack in
`tained within software components of the software stack in
`the virtual machine image, the computer performs the saniti
`the virtual machine image, the computer performsthe saniti-
`zation of the identified sensitive data having the attached
`zation of the identified sensitive data having the attached
`sensitivity level labels contained within the software compo
`sensitivity level labels contained within the software compo-
`nents of the software stack in the virtual machine image based
`nents ofthe software stackin the virtual machine image based
`on sanitization policies. According to other illustrative
`on sanitization policies. According to other illustrative
`embodiments, a computer system and a computer program
`embodiments, a computer system and a computer program
`product for sanitizing a virtual machine image of sensitive
`product for sanitizing a virtual machine image of sensitive
`data also are provided.
`data also are provided.
`
`BRIEF DESCRIPTION OF THE SEVERAL
`BRIEF DESCRIPTION OF THE SEVERAL
`VIEWS OF THE DRAWINGS
`VIEWS OF THE DRAWINGS
`0006 FIG. 1 is a pictorial representation of a network of
`[0006]
`FIG.1 is a pictorial representation of a network of
`data processing systems in which illustrative embodiments
`data processing systems in whichillustrative embodiments
`may be implemented;
`may be implemented;
`0007 FIG. 2 is a diagram of a data processing system in
`[0007]
`FIG. 2 is a diagram of a data processing system in
`which illustrative embodiments may be implemented;
`whichillustrative embodiments may be implemented;
`0008 FIG. 3 is a diagram illustrating a cloud computing
`[0008]
`FIG. 3 is a diagram illustrating a cloud computing
`environment in which illustrative embodiments may be
`environment
`in which illustrative embodiments may be
`implemented;
`implemented;
`0009 FIG. 4 is a diagram illustrating an example of
`[0009]
`FIG. 4 is a diagram illustrating an example of
`abstraction layers of a cloud computing environment in
`abstraction layers of a cloud computing environment
`in
`accordance with an illustrative embodiment;
`accordance with an illustrative embodiment;
`0010 FIG. 5 is a diagram illustrating an example of a
`[0010]
`FIG. 5 is a diagram illustrating an example of a
`virtual machine image in accordance with an illustrative
`virtual machine image in accordance with an illustrative
`embodiment;
`embodiment;
`0011
`FIG. 6 is a diagram illustrating an example of a
`[0011]
`FIG. 6 is a diagram illustrating an example of a
`lifecycle of a virtual machine image in accordance with an
`lifecycle of a virtual machine image in accordance with an
`illustrative embodiment;
`illustrative embodiment;
`
`0012 FIG. 7 is a diagram illustrating a labeler in accor
`[0012]
`FIG. 7 is a diagram illustrating a labeler in accor-
`dance with an illustrative embodiment;
`dance with an illustrative embodiment;
`0013 FIG. 8 is a diagram illustrating a sanitizer in accor
`[0013]
`FIG. 8 is a diagram illustrating a sanitizer in accor-
`dance with an illustrative embodiment;
`dance with an illustrative embodiment;
`0014 FIG. 9 is a diagram illustrating an example of a
`[0014]
`FIG. 9 is a diagram illustrating an example of a
`virtual machine image labeling and sanitization process in
`virtual machine image labeling and sanitization process in
`accordance with an illustrative embodiment; and
`accordance with an illustrative embodiment; and
`(0015 FIG. 10A and FIG. 10B area flowchart illustrating a
`[0015] FIG.10A and FIG.10Bare a flowchart illustrating a
`process for sanitizing a virtual machine image of sensitive
`process for sanitizing a virtual machine image of sensitive
`data in accordance with an illustrative embodiment.
`data in accordance with an illustrative embodiment.
`
`DETAILED DESCRIPTION
`DETAILED DESCRIPTION
`0016. As will be appreciated by one skilled in the art,
`[0016] As will be appreciated by one skilled in the art,
`aspects of the illustrative embodiments may be embodied as
`aspects oftheillustrative embodiments may be embodied as
`a computer system, computer-implemented method, or com
`a computer system, computer-implemented method, or com-
`puter program product. Accordingly, aspects of the illustra
`puter program product. Accordingly, aspects of the illustra-
`tive embodiments may take the form of an entirely hardware
`tive embodiments may take the form of an entirely hardware
`embodiment, an entirely software embodiment (including
`embodiment, an entirely software embodiment (including
`firmware, resident Software, micro-code, etc.), or an embodi
`firmware, resident software, micro-code,etc.), or an embodi-
`ment combining Software and hardware aspects that may all
`ment combining software and hardware aspects that mayall
`generally be referred to herein as a “circuit.” “module,” or
`generally be referred to herein as a “circuit,” “module,” or
`“system.” Furthermore, aspects of the illustrative embodi
`“system.” Furthermore, aspects of the illustrative embodi-
`ments may take the form of a computer program product
`ments may take the form of a computer program product
`embodied in one or more computer readable medium(s) hav
`embodiedin one or more computer readable medium(s) hav-
`ing computer readable program code embodied thereon.
`ing computer readable program code embodied thereon.
`0017. Any combination of one or more computer readable
`[0017] Any combination of one or more computer readable
`medium(s) may be utilized. The computer readable medium
`medium(s) may be utilized. The computer readable medium
`may be a computer readable signal medium or a computer
`may be a computer readable signal medium or a computer
`readable storage medium. A computer readable storage
`readable storage medium. A computer readable storage
`medium may be, for example, but not limited to, an elec
`medium may be, for example, but not limited to, an elec-
`tronic, magnetic, optical, or semiconductor system, appara
`tronic, magnetic, optical, or semiconductor system, appara-
`tus, or device, or any suitable combination of the foregoing.
`tus, or device, or any suitable combination of the foregoing.
`More specific examples (a non-exhaustive list) of the com
`More specific examples (a non-exhaustive list) of the com-
`puter readable storage medium would include the following:
`puter readable storage medium would include the following:
`a portable computer diskette, a hard disk, a random access
`a portable computer diskette, a hard disk, a random access
`memory (RAM), a read-only memory (ROM), an erasable
`memory (RAM), a read-only memory (ROM), an erasable
`programmable read-only memory (EPROM or Flash
`programmable read-only memory (EPROM or Flash
`memory), a portable compact disc read-only memory (CD
`memory), a portable compact disc read-only memory (CD-
`ROM), an optical storage device, a magnetic storage device,
`ROM), an optical storage device, a magnetic storage device,
`or any Suitable combination of the foregoing. In the context of
`or any suitable combination ofthe foregoing. Inthe context of
`this document, a computer readable storage medium may be
`this document, a computer readable storage medium may be
`any tangible medium that can store a program for use by or in
`any tangible mediumthat can store a program for use by or in
`connection with an instruction execution system, apparatus,
`connection with an instruction execution system, apparatus,
`or device. In addition, a computer readable storage medium
`or device. In addition, a computer readable storage medium
`excludes all propagation media, such as signals and carrier
`excludes all propagation media, such as signals and carrier
`waves.
`WaVS.
`0018. A computer readable signal medium may include a
`[0018] A computer readable signal medium may include a
`propagated data signal with computer readable program code
`propagated data signal with computer readable program code
`embodied therein, for example, in baseband or as part of a
`embodied therein, for example, in basebandoras part of a
`carrier wave. Such a propagated signal may take any of a
`carrier wave. Such a propagated signal may take any of a
`variety of forms, including, but not limited to, electro-mag
`variety of forms, including, but not limited to, electro-mag-
`netic, infra-red, or any suitable combination thereof. A com
`netic, infra-red, or any suitable combination thereof. A com-
`puter readable signal medium may be any computer readable
`puter readable signal medium may be any computer readable
`medium that is not a computer readable storage medium and
`medium that is not a computer readable storage medium and
`that can communicate, propagate, or transport a program for
`that can communicate, propagate, or transport a program for
`use by or in connection with an instruction execution system,
`use by or in connection with an instruction execution system,
`apparatus, or device.
`apparatus, or device.
`0019 Program code embodied on a computer readable
`[0019]
`Program code embodied on a computer readable
`medium may be transmitted using any appropriate medium,
`medium may be transmitted using any appropriate medium,
`including but not limited to wireless, wireline, optical fiber
`including but not limited to wireless, wireline, optical fiber
`cable, RF, etc., or any Suitable combination of the foregoing.
`cable, RF, etc., or any suitable combination of the foregoing.
`0020 Computer program code for carrying out operations
`[0020] Computer program codefor carrying out operations
`for aspects of the illustrative embodiments may be written in
`for aspects of the illustrative embodiments may be written in
`any combination of one or more programming languages,
`any combination of one or more programming languages,
`
`

`

`US 2015/0033221 A1
`US 2015/0033221 Al
`
`Jan. 29, 2015
`Jan. 29, 2015
`
`including an object oriented programming language Such as
`including an object oriented programming language such as
`Java, Smalltalk, C++ or the like and conventional procedural
`Java, Smalltalk, C++ or the like and conventional procedural
`programming languages, such as the 'C' programming lan
`programming languages, such as the “C” programming lan-
`guage or similar programming languages. The program code
`guageor similar programming languages. The program code
`may execute entirely on the user's computer, partly on the
`may execute entirely on the user’s computer, partly on the
`user's computer, as a stand-alone software package, partly on
`user’s computer, as a stand-alone software package,partly on
`the user's computer and partly on a remote computer or
`the user’s computer and partly on a remote computer or
`entirely on the remote computer or server. In the latter sce
`entirely on the remote computeror server. In the latter sce-
`nario, the remote computer may be connected to the user's
`nario, the remote computer may be connected to the user’s
`computer through any type of network, including a local area
`computer through any type of network, including a local area
`network (LAN) or a wide area network (WAN), or the con
`network (LAN)or a wide area network (WAN), or the con-
`nection may be made to an external computer (for example,
`nection may be made to an external computer (for example,
`through the Internet using an Internet Service Provider).
`through the Internet using an Internet Service Provider).
`0021 Aspects of the illustrative embodiments are
`[0021] Aspects of
`the
`illustrative
`embodiments
`are
`described below with reference to flowchart illustrations and/
`described below with reference to flowchart illustrations and/
`or block diagrams of computer-implemented methods, com
`or block diagrams of computer-implemented methods, com-
`puter systems, and computer program products according to
`puter systems, and computer program products according to
`illustrative embodiments. It will be understood that each
`illustrative embodiments. It will be understood that each
`block of the flowchart illustrations and/or block diagrams,
`block of the flowchart illustrations and/or block diagrams,
`and combinationsofblocksin the flowchart illustrations and/
`and combinations of blocks in the flowchart illustrations and/
`or block diagrams, can be implemented by computer program
`or block diagrams, can be implemented by computer program
`instructions. These computer program instructions may be
`instructions. These computer program instructions may be
`provided to a processor of a general purpose computer, spe
`provided to a processor of a general purpose computer, spe-
`cial purpose computer, or other programmable data process
`cial purpose computer, or other programmable data process-
`ing apparatus to produce a machine. Such that the instruc
`ing apparatus to produce a machine, such that the instruc-
`tions, which execute via the processor of the computer or
`tions, which execute via the processor of the computer or
`other programmable data processing apparatus, create means
`other programmable data processing apparatus, create means
`for implementing the functions/acts specified in the flowchart
`for implementing the functions/acts specified in the flowchart
`and/or block diagram block or blocks.
`and/or block diagram block or blocks.
`0022. These computer program instructions may also be
`[0022] These computer program instructions may also be
`stored in a computer readable storage medium that can direct
`stored in a computer readable storage medium that can direct
`a computer, other programmable data processing apparatus,
`a computer, other programmable data processing apparatus,
`or other devices to function in a particular manner, Such that
`or other devices to function in a particular manner, such that
`the instructions stored in the computer readable storage
`the instructions stored in the computer readable storage
`medium produce an article of manufacture including instruc
`medium producean article of manufacture includinginstruc-
`tions which implement the function/act specified in the flow
`tions which implementthe function/act specified in the flow-
`chart and/or block diagram block or blocks.
`chart and/or block diagram block or blocks.
`0023 The computer program instructions may also be
`[0023] The computer program instructions may also be
`loaded onto a computer, other programmable data processing
`loaded onto a computer, other programmable data processing
`apparatus, or other devices to cause a series of operational
`apparatus, or other devices to cause a series of operational
`steps to be performed on the computer, other programmable
`steps to be per