Patents by Inventor Dominik Dingel
Dominik Dingel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10838755Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: GrantFiled: June 7, 2018Date of Patent: November 17, 2020Assignee: International Business Machines CorporationInventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel
-
Patent number: 10719352Abstract: A system and method for sharing services provides for generating one or more trigger conditions associated with a process executable in a source container having a source namespace in a source pod, executing the process in the source container, and when a trigger condition occurs, interrupting the executed process and moving the process into a target pod by switching from the source namespace of the source container to a target namespace of the target pod. The trigger condition may be associated with a service executable in a target container having the target namespace in the target pod.Type: GrantFiled: January 22, 2018Date of Patent: July 21, 2020Assignee: International Business Machines CorporationInventors: Utz Bacher, Dominik Dingel, Karsten Graul, Michael Holzheu, Rene Trumpp
-
Patent number: 10547595Abstract: A method includes a trusted component of a host computing system, obtaining, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor. The request includes a unique identifier of the guest image, contents of the guest image, and a communication key. The request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor. The trusted component generates an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance. The authorization request includes the unique identifier, a use counter, and a unique challenge. The trusted component encrypts the authorization request with the communication key and communicates the authorization request to the authorizing entity, via the hypervisor.Type: GrantFiled: October 29, 2018Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 10366227Abstract: A trusted component commences a debugging session, based on determining that debugging of a virtual machine is to be initiated. The commencing of the debugging session includes generating encryption information to be provided to a client for which debugging is to be performed. The encryption information includes a key that is encrypted and to be used to encrypt a debug request to debug the virtual machine. The trusted component obtains an encrypted debug request indicating one or more operations to be performed to debug the virtual machine. The one or more operations are performed by the trusted component to obtain debugging results for the virtual machine.Type: GrantFiled: November 15, 2016Date of Patent: July 30, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20190227840Abstract: A system and method for sharing services provides for generating one or more trigger conditions associated with a process executable in a source container having a source namespace in a source pod, executing the process in the source container, and when a trigger condition occurs, interrupting the executed process and moving the process into a target pod by switching from the source namespace of the source container to a target namespace of the target pod. The trigger condition may be associated with a service executable in a target container having the target namespace in the target pod.Type: ApplicationFiled: January 22, 2018Publication date: July 25, 2019Inventors: Utz BACHER, Dominik DINGEL, Karsten GRAUL, Michael HOLZHEU, Rene TRUMPP
-
Publication number: 20190215161Abstract: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.Type: ApplicationFiled: March 15, 2019Publication date: July 11, 2019Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 10270596Abstract: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.Type: GrantFiled: September 16, 2016Date of Patent: April 23, 2019Assignee: INTERNATIONAL BUSINESS MACHNINES CORPORATIONInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20190104115Abstract: A method includes a trusted component of a host computing system, obtaining, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor. The request includes a unique identifier of the guest image, contents of the guest image, and a communication key. The request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor. The trusted component generates an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance. The authorization request includes the unique identifier, a use counter, and a unique challenge. The trusted component encrypts the authorization request with the communication key and communicates the authorization request to the authorizing entity, via the hypervisor.Type: ApplicationFiled: October 29, 2018Publication date: April 4, 2019Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 10237245Abstract: A method includes a trusted component of a host computing system, obtaining, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor. The request includes a unique identifier of the guest image, contents of the guest image, and a communication key. The request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor. The trusted component generates an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance. The authorization request includes the unique identifier, a use counter, and a unique challenge. The trusted component encrypts the authorization request with the communication key and communicates the authorization request to the authorizing entity, via the hypervisor.Type: GrantFiled: July 15, 2016Date of Patent: March 19, 2019Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20180285143Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: ApplicationFiled: June 7, 2018Publication date: October 4, 2018Inventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel
-
Patent number: 10083128Abstract: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.Type: GrantFiled: February 19, 2018Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 10019279Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: GrantFiled: December 17, 2015Date of Patent: July 10, 2018Assignee: International Business Machines CorporationInventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel
-
Publication number: 20180150409Abstract: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.Type: ApplicationFiled: February 19, 2018Publication date: May 31, 2018Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20180137273Abstract: A trusted component commences a debugging session, based on determining that debugging of a virtual machine is to be initiated. The commencing of the debugging session includes generating encryption information to be provided to a client for which debugging is to be performed. The encryption information includes a key that is encrypted and to be used to encrypt a debug request to debug the virtual machine. The trusted component obtains an encrypted debug request indicating one or more operations to be performed to debug the virtual machine. The one or more operations are performed by the trusted component to obtain debugging results for the virtual machine.Type: ApplicationFiled: November 15, 2016Publication date: May 17, 2018Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20180081824Abstract: A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system.Type: ApplicationFiled: September 16, 2016Publication date: March 22, 2018Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20180019979Abstract: A method includes a trusted component of a host computing system, obtaining, from a client, via a hypervisor of the host, a request to run an instance of a guest image within the hypervisor. The request includes a unique identifier of the guest image, contents of the guest image, and a communication key. The request is encrypted with a request key accessible to the owner and the trusted component and not accessible to the hypervisor. The trusted component generates an authorization request to an authorizing entity of the client requesting authorization for the hypervisor to run the instance. The authorization request includes the unique identifier, a use counter, and a unique challenge. The trusted component encrypts the authorization request with the communication key and communicates the authorization request to the authorizing entity, via the hypervisor.Type: ApplicationFiled: July 15, 2016Publication date: January 18, 2018Inventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 9841987Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: GrantFiled: July 27, 2016Date of Patent: December 12, 2017Assignee: International Business Machines CorporationInventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel
-
Patent number: 9720723Abstract: A computer-implemented method includes receiving a definition of a source guest memory area for utilization by a virtual machine on a source system, wherein the source system includes a source trusted firmware and a source hypervisor. The method restricts write access to the source guest memory area of the virtual machine. The method receives repeatedly a source guest memory page location, content for each of a plurality of source guest memory pages, and an integrity value for each of a plurality of source guest memory page locations. The method receives a global integrity value for integrity values associated with the plurality of source guest memory page locations, wherein a latest integrity values for each of the plurality of source guest memory page locations is utilized. Subsequent to verifying the global integrity value, the method initializes the virtual machine on the source hypervisor.Type: GrantFiled: October 22, 2015Date of Patent: August 1, 2017Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Patent number: 9720721Abstract: A computer-implemented method includes receiving a definition of a source guest memory area for utilization by a virtual machine on a source system, wherein the source system includes a source trusted firmware and a source hypervisor. The method restricts write access to the source guest memory area of the virtual machine. The method receives repeatedly a source guest memory page location, content for each of a plurality of source guest memory pages, and an integrity value for each of a plurality of source guest memory page locations. The method receives a global integrity value for integrity values associated with the plurality of source guest memory page locations, wherein a latest integrity values for each of the plurality of source guest memory page locations is utilized. Subsequent to verifying the global integrity value, the method initializes the virtual machine on the source hypervisor.Type: GrantFiled: July 1, 2015Date of Patent: August 1, 2017Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard T. Buendgen, Heiko Carstens, Dominik Dingel
-
Publication number: 20170177392Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: ApplicationFiled: December 17, 2015Publication date: June 22, 2017Inventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel