| 发明名称 | Sanitization of virtual machine images | ||
| 摘要 | Sanitizing a virtual machine image of sensitive data is provided. A label for a sensitivity level is attached to identified sensitive data contained within each software component in a plurality of software components of a software stack in a virtual machine image based on labeling policies. In response to receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained within software components of the software stack in the virtual machine image, the sanitization of the identified sensitive data having the attached sensitivity level labels contained within the software components of the software stack in the virtual machine image is performed based on sanitization policies. | ||
| 申请公布号 | US9355256(B2) | 申请公布日期 | 2016.05.31 |
| 申请号 | US201313950014 | 申请日期 | 2013.07.24 |
| 申请人 | International Business Machines Corporation | 发明人 | Chari Suresh N.;Kundu Ashish |
| 分类号 | G06F21/60;G06F21/53;G06F9/455;H04L29/06 | 主分类号 | G06F21/60 |
| 代理机构 | Yee & Associates, P.C. | 代理人 | Yee & Associates, P.C. ;LaBaw Jeffrey S. |
| 主权项 | 1. A computer-implemented method for sanitizing a virtual machine image of sensitive data, the computer-implemented method comprising: inserting, by a computer, a labeler module and a sanitizer module into each software component in a plurality of software components of a software stack in the virtual machine image; identifying, by the computer, labeling dependencies and sanitization dependencies between the plurality of software components of the software stack in the virtual machine image based on labeling execution policies located in the labeler module and sanitization execution policies located in the sanitizer module, respectively; attaching, by the computer using the labeler module, a sensitivity level label of a plurality of sensitivity labels to identified sensitive data from the sensitive data contained within the plurality of software components of the software stack in the virtual machine image based on the identified labeling dependencies between the plurality of software components of the software stack; and responsive to the computer receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained within the plurality of software components of the software stack in the virtual machine image, performing, by the computer using the sanitizer module, the sanitization of the identified sensitive data having the attached sensitivity level labels contained within the plurality of software components of the software stack in the virtual machine image based on the identified sanitization dependencies between the plurality of software components of the software stack. | ||
| 地址 | Armonk NY US | ||