Abstract: In an approach to grouping related tasks, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.

Abstract: A technique for monitoring a shared hardware resource in a computer system running at least two partitions includes collecting measurement data from the hardware resource. An aggregation of the measurement data over a certain time interval is computed. A noise level value adapted to a workload is calculated using a workload dependent heuristic. Noise data, based on the calculated noise level value, is generated. The computed aggregation of measurement data is mixed with the generated noise data. The mixed aggregation of measurement data is output to an external interface for monitoring.

Abstract: A technique for monitoring a shared hardware resource in a computer system running at least two partitions includes collecting measurement data from the hardware resource. An aggregation of the measurement data over a certain time interval is computed. A noise level value adapted to a workload is calculated using a workload dependent heuristic. Noise data, based on the calculated noise level value, is generated. The computed aggregation of measurement data is mixed with the generated noise data. The mixed aggregation of measurement data is output to an external interface for monitoring.

Abstract: Generating a pool of random numbers for use by computer applications. Vibration sensors are placed throughout a machine and collects information theoretic entropy data from the measurement of the vibration sensors. The data is then filtered and added to an entropy pool. Applications needing a random number may acquire a number from the pool. A method, computer program product and system to generate the pool are provided.

Abstract: Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; and based on the hardware security module being connectable to one of the computer systems, the method includes: establishing a secure connection between the hardware security module and the server; retrieving, via the secure connection, a wrapping key from the server and storing it in volatile memory of the hardware security module; and decrypting the encrypted secret entity with the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module.

Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.

Abstract: Generating a pool of random numbers for use by computer applications. Vibration sensors are placed throughout a machine and collects information theoretic entropy data from the measurement of the vibration sensors. The data is then filtered and added to an entropy pool. Applications needing a random number may acquire a number from the pool. A method, computer program product and system to generate the pool are provided.

Abstract: Generating a pool of random numbers for use by computer applications. Vibration sensors are placed throughout a machine and collects information theoretic entropy data from the measurement of the vibration sensors. The data is then filtered and added to an entropy pool. Applications needing a random number may acquire a number from the pool. A method, computer program product and system to generate the pool are provided.

Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.

Abstract: At least one hardware security module out of a plurality of hardware security modules is assigned to a guest system. The at least one hardware security module out of the plurality of hardware security modules is configured with a master key. A data pattern is used for a challenge protocol adapted to prove that the at least one hardware security module out of the plurality of hardware security modules is configured with the master key. The at least one hardware security module including the master key is assigned to the guest system based on a positive outcome of the challenge protocol.

Abstract: At least one hardware security module out of a plurality of hardware security modules is assigned to a guest system. The at least one hardware security module out of the plurality of hardware security modules is configured with a master key. A data pattern is used for a challenge protocol adapted to prove that the at least one hardware security module out of the plurality of hardware security modules is configured with the master key. The at least one hardware security module including the master key is assigned to the guest system based on a positive outcome of the challenge protocol.

Abstract: Method of processing a guest event in a hypervisor-controlled system, which includes: triggering a first firmware service specific for the guest event; the firmware processing information associated with the guest event, and presenting only a subset of the information of a guest state and memory in decrypted form to a hypervisor, where the subset of the information is selected to allow the hypervisor to process the guest event; the firmware retaining a part of the information of the guest state and memory not sent to the hypervisor; the hypervisor processing the guest event based on the received subset of the information, and sending a process result to the firmware, triggering a second firmware service; the firmware processing the received process result together with the part of the information of the guest state and memory not sent to the hypervisor, and generates and performs a state and/or memory modification.

Abstract: In an approach to grouping tasks initialized by a first user, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.

Abstract: In an approach to grouping related tasks, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.

Abstract: Generating a pool of random numbers for use by computer applications. Vibration sensors are placed throughout a machine and collect entropy data from the measurements of the vibration sensors. The data is then filtered and sent via secure connection to a second machine to be added to the second machine's entropy pool. Applications needing a random number may acquire a number from the pool. A method, computer program product and system to generate the pool are provided.

Abstract: In an approach to grouping tasks initialized by a first user, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.

Abstract: At least one hardware security module out of a plurality of hardware security modules is assigned to a guest system. The at least one hardware security module out of the plurality of hardware security modules is configured with a master key. A data pattern is used for a challenge protocol adapted to prove that the at least one hardware security module out of the plurality of hardware security modules is configured with the master key. The at least one hardware security module including the master key is assigned to the guest system based on a positive outcome of the challenge protocol.

Abstract: At least one hardware security module out of a plurality of hardware security modules is assigned to a guest system. The at least one hardware security module out of the plurality of hardware security modules is configured with a master key. A data pattern is used for a challenge protocol adapted to prove that the at least one hardware security module out of the plurality of hardware security modules is configured with the master key. The at least one hardware security module including the master key is assigned to the guest system based on a positive outcome of the challenge protocol.

Abstract: Method of processing a guest event in a hypervisor-controlled system, which includes: triggering a first firmware service specific for the guest event; the firmware processing information associated with the guest event, and presenting only a subset of the information of a guest state and memory in decrypted form to a hypervisor, where the subset of the information is selected to allow the hypervisor to process the guest event; the firmware retaining a part of the information of the guest state and memory not sent to the hypervisor; the hypervisor processing the guest event based on the received subset of the information, and sending a process result to the firmware, triggering a second firmware service; the firmware processing the received process result together with the part of the information of the guest state and memory not sent to the hypervisor, and generates and performs a state and/or memory modification.

Abstract: A virtual machine (VM) migration from a source virtual machine monitor (VMM) to a destination VMM on a computer system. Each of the VMMs includes virtualization software, and one or more VMs are executed in each of the VMMs. The virtualization software allocates hardware resources in a form of virtual resources for the concurrent execution of one or more VMs and the virtualization software. A portion of a memory of the hardware resources includes hardware memory segments. A first portion of the memory segments is assigned to a source logical partition and a second portion is assigned to a destination logical partition. The source VMM operates in the source logical partition and the destination VMM operates in the destination logical partition. The first portion of the memory segments is mapped into a source VMM memory, and the second portion of the memory segments is mapped into a destination VMM memory.