| 发明名称 |
Sanitization of Virtual Machine Images |
| 摘要 |
Sanitizing a virtual machine image of sensitive data is provided. Labeling dependencies and sanitization dependencies between a plurality of software components in the virtual machine image are identified based on labeling execution policies located in a labeler module and sanitization execution policies located in a sanitizer module, respectively. The labeler module and the sanitizer module are inserted in the virtual machine image. A sensitivity level label of a plurality of sensitivity labels is attached to identified sensitive data from the sensitive data contained in the virtual machine image based on the identified labeling dependencies. In response to receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained in the virtual machine image, the sanitization of the identified sensitive data having the attached sensitivity level labels contained in the virtual machine image is performed based on the identified sanitization dependencies. |
| 申请公布号 |
US2016210462(A1) |
申请公布日期 |
2016.07.21 |
| 申请号 |
US201615086290 |
申请日期 |
2016.03.31 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Chari Suresh N.;Kundu Ashish |
| 分类号 |
G06F21/60;G06F9/455 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer system for sanitizing a virtual machine image of sensitive data, the computer system comprising:
a bus system; a storage device connected to the bus system, wherein the storage device stores computer readable program code; and a processor unit connected to the bus system, wherein the processor unit executes the computer readable program code to identify labeling dependencies and sanitization dependencies between a plurality of software components in the virtual machine image based on labeling execution policies located in a labeler module and sanitization execution policies located in a sanitizer module, respectively, wherein the labeler module and the sanitizer module are inserted in the virtual machine image; attach, using the labeler module, a sensitivity level label of a plurality of sensitivity labels to identified sensitive data from the sensitive data contained in the virtual machine image based on the identified labeling dependencies; and perform, using the sanitizer module, a sanitization of the identified sensitive data having the attached sensitivity level labels contained in the virtual machine image based on the identified sanitization dependencies in response to receiving an input to perform the sanitization of the identified sensitive data having attached sensitivity level labels contained in the virtual machine image. |
| 地址 |
Armonk NY US |
