The present invention is related to the field of data protection.
It has been known to employ so-called “stable system values” or SSVs as a form of data protection in data processing systems. Sensitive data such as encryption seeds or keys are stored in a computer so as to be accessible via a secure access method. The secure access method creates and stores a “system fingerprint” from SSVs of the computer, such as respective identifiers of the CPU, disk(s) and/or BIOS, and/or a MAC address or similar hardware-level identifier of a network interface of the computer system. Requests are typically made by applications running in unattended startup mode, as server-based applications typically need to be able to restart in the face of system reboots without operator intervention. Upon each request for access to the sensitive data, the access method queries its operating environment to obtain the SSVs as existing at the time of the request, and calculates the current system fingerprint. This value is compared to the stored system fingerprint. If some threshold number of the SSVs match, then access is provided, and otherwise access is not provided. In this manner, there is protection against attempts to access the sensitive data which involve copying the data to another computer. In such a scenario, there will generally not be sufficient matching between the SSVs of the other computer to those of the original computer, and thus the comparing of system fingerprints will fail and access will properly be denied.
There is an increasing movement in the computing industry toward virtualized computing, in which user-visible computing elements are software abstractions rather than actual hardware components, with the software abstractions mapping to and being realized by the underlying hardware components using virtualization software. So-called “virtual machines” are software instances of entire computer systems, complete with virtual components such as virtual CPUs, virtual memory, virtual storage devices, and virtual network interface circuitry. Virtualized computing can provide several benefits, for example in the management and efficiency of larger complex systems such as server farms. Virtual machines can be deployed and re-configured much more easily than physical machines to meet operating demands.