The present invention relates generally to a computer implemented method, data processing system, and computer program product for data security. More specifically, the present invention relates to securing images and other stored program data and/or underlying system state of host machines. Modern data centers offer a growing ability to form a division of labor between those who maintain the physical equipment and those who configure the physical equipment as nodes to balance loads of incoming processing work. In other words, data center operators' work has become more distinct from the work and goals of their customers, who in effect, rent disk space, processing power, and network interconnectivity in a manner that permits easy scaling to respond to rapidly changing market forces. As such, these systems and the relationship between data center operator and customer permit greater utilization of the resources of the data center and more responsiveness to scaling demand.
A data center is a shared pool of configurable computing resources. A data center is operated by a data center operator, which although may be a single person, can be an organization of many employees, whose function is to obtain and secure a suitable environment within correct tolerances of heat, humidity, dust and the like for the operation of many computer system servers. In addition, the data center operator procures, installs, and repairs the physical equipment, as well as installs and maintains hosting software, for example, hypervisors, to each processor. Further, the data center operator may obtain service level agreements to assure appropriate network speeds are available and backups are performed as needed. The data center operator may own or lease equipment and appropriate rooms for the equipment. However, the data center operator has ultimate responsibility for the physical security of the space and equipment. This responsibility extends to the duty to provide an uncorrupted/valid hypervisor or host operating system on each computer system server or host machine.
By ‘secure’, it is meant that the data center operator provides physical security to the machines within buildings and enclosures that form the data center. ‘Security’ means that, although measures can be taken to prevent malicious execution of code, a potential can exist for some new form of trickery to defeat or corrupt one or more parts of the data center. Accordingly, security is more a process of vigilance; threat detection; taking preventative measures, and repeating these steps.
Owners/operators of the data center host virtual machines in a manner that permits a customer to load share data processing tasks among plural virtual machines (or ‘VM’). As such, the resources of the data center can appear to a customer to be nearly inexhaustible, which is a property of the environment popularly called ‘the cloud’. Cloud computing is described in greater detail in the detailed description, which follows.
In order to rapidly scale a customer's enterprise, a customer may establish a base image for one or more types of node, where the node is an abstraction for processing power offered by underlying physical resources. Security for the operation of these nodes or virtual machines, can be impacted by an invalid or corrupted base operating environment. Alternatively, an invalid or corrupted base image can itself be a source of incorrectly functioning nodes or insecure nodes.
One of the features provided for in a trusted computing environment is obtaining a measurement of the current environment of the computing platform. This measurement includes, at least in part, a cryptographic hash of the firmware and the operating system. The measurement may also include hashes of other software components. The measurement may be used for sealed storage and can also be used for reporting on the environment to an external party. One of the problems with implementing trusted computing is that deployment of applications can involve duplicating an application and its configurations. Duplicating the application and its configurations involves storing the application state to a new computing platform, that may be in an unreliable or unsecure state.
Remedies to the above-noted problems are necessary.