< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

System And Method For Data Access By A Virtual Machine

Abstract: The present invention relates to a system and a method for data access by a Virtual Machine (VM). The method may comprise implementing a first VM (112-1) and second VM (112-2), by a hypervisor (110) in a computing environment (100). The first VM (112-1) may request a Hypervisor Security Framework (HSF) (114) for data access from the second VM (112-2). The HSF (114) may authenticate the first VM (112-1) and the second VM (112-2) by verifying a Message Authentication Code (MAC) associated with the VMs. Upon authentication, a communication channel (116) may be established between the first VM (112-1) and the second VM (112-2) by the hypervisor (110). Alternatively, a VM (112-1, 112-2) may directly request the HSF (114) for the data access from the memory (106). The HSF (114) allows the data access by matching a stored security key and a computed security key of the VM (112-1, 112-2). (To be published with Fig. 1)

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
28 November 2023
Publication Number
22/2025
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
Parent Application

Applicants

Cyient Ltd.
Plot no -11, Software Units Layout, Infocity, Madhapur, Hyderabad, Telangana-500081, India

Inventors

1. Toledar, Nagesh shenoy Bantwal
67, 3rd main, BEML Layout, 1stage, basaveshwaranagar, Bangalore. 560079, India
2. Pal, Shyam Sundar
Flat No: 07, Block: D/1, Kustia Govt. Housing Estate, Picnic Garden Road, Kolkata: 700039, India
3. Modak, Ranadip Shaw
Shitalatala, Bowbazar, Chandannagar, West Bengal – 712138, India

Specification

1. A method for data access by a virtual machine, the method (300) comprising:
implementing, by a hypervisor (110), a first Virtual Machine (VM) (112-1) and
a second VM (112-2) in a computing environment (100);
requesting, by the first VM (112-1), access of data from the second VM (112-
2);
assigning, by the Hypervisor Security Framework (HSF) (114) implemented in
the hypervisor (110), a unique identity to each of the first VM (112-1) and the second
VM (112-2);
authenticating, by the HSF (114), each of the first VM (112-1) and the second
VM (112-2) by:
obtaining a Message Authentication Code (MAC) associated with each of
the first VM (112-1) and the second VM (112-2);
computing the MAC of each of the first VM (112-1) and the second VM
(112-2) based on the unique identity;
determining a successful match between the MAC obtained by the HSF
(114) and the MAC computed by the HSF (114) for each of the first VM (112-
1) and the second VM (112-2) for validating authenticity, and
establishing a communication channel (116) between the first VM (112-1) and
the second VM (112-2) upon validation of the authenticity;
providing, by the HSF (114), the data access to the first VM (112-1) from the
second VM (112-2) over the communication channel (116).
2. The method as claimed in claim 1, wherein the unique identity includes an Internet
Protocol (IP) address and an identity number.
3. The method as claimed in claim 1, comprising terminating the communication channel
(116), by the HSF (114), after determining inactivity over the communication channel
(116) for a time period greater than a pre-defined threshold time-period.
4. A method for data access by a virtual machine, the method comprising:
implementing, by a hypervisor (110), a Virtual Machine (VM) (112-1, 112-2)
in a computing environment (100);
14
requesting, by the VM (112-1, 112-2) to the Hypervisor Security Framework
(HSF) (114) implemented in the hypervisor (110), access of memory (106) of the
computing environment (100);
authenticating, by the HSF (114), the VM (112-1, 112-2) by:
receiving a first security key from the VM (112-1, 112-2);
generating a second security key for the VM (112-1, 112-2) based on a
security policy applicable for the VM (112-1, 112-2),
determining a successful match between the first security key and the
second security key for validating authenticity, and
providing, by the HSF (114), the data access to the VM (112-1, 112-2) from the
memory (106).
5. The method as claimed in claim 4, comprising:
monitoring, by the HSF (114), update in the security policy of the VM (112-1,
112-2) for continuing the data access, wherein the security policy is updated based on
a change in one or more parameters;
generating, by the HSF (114), a new security key based on application of an
updated security policy; and
providing, by the HSF (114), the data access from the memory (106) upon
validation of authenticity of the VM (112-1, 112-2) based on the new security key.
6. The method as claimed in claim 5, wherein the one or more parameters includes
security type, role, and user of the VM (112-1, 112-2).
7. A system (100) for data access by a virtual machine, the system (100) comprising:
one or more processors (104); and
a memory (106) storing programmed instructions executable by the one or more
processors (104), wherein the one or more processors (104) execute the programmed
instructions to:
implement a hypervisor (110) hosting a first Virtual Machine (VM) (112-
1) and a second VM (112-2), and a Hypervisor Security Framework (HSF) (114)
for managing the data access;
request, by the first VM (112-1) access of data to the second VM (112-
2), ;
15
assign, by the HSF (114), a unique identity to each of the first VM (112-
1) and the second VM (112-2);
authenticate, by the HSF (114), each of the first VM (112-1) and the
second VM (112-2) by:
obtaining a Message Authentication Code (MAC) associated with
each of the first VM (112-1) and the second VM (112-2);
computing the MAC of each of the first VM (112-1) and the
second VM (112-2) based on the unique identity;
determining a successful match between the MAC obtained by the
HSF (114) and the MAC computed by the HSF (114) for each of the first
VM (112-1) and the second VM (112-2) for validating authenticity, and
establish a communication channel (116) between the first VM (112-1)
and the second VM (112-2) upon validation of the authenticity;
provide, by the HSF (114), the data access to the first VM (112-1) from
the second VM (112-2) over the communication channel (116).
8. The system (100) as claimed in claim 7, wherein the unique identity includes Internet
Protocol (IP) address and an identity number.
9. The system (100) as claimed in claim 7, wherein the HSF (114) terminates the
communication channel (116) after determining inactivity over the communication
channel (116) for a time period greater than a pre-defined threshold time-period.
10. The system (100) as claimed in claim 7, wherein the computing environment (100) is
an embedded system or a system implemented over a cloud network.

Documents

Application Documents

# Name Date
1 202341080587-STATEMENT OF UNDERTAKING (FORM 3) [28-11-2023(online)].pdf 2023-11-28
2 202341080587-FORM 1 [28-11-2023(online)].pdf 2023-11-28
3 202341080587-DRAWINGS [28-11-2023(online)].pdf 2023-11-28
4 202341080587-DECLARATION OF INVENTORSHIP (FORM 5) [28-11-2023(online)].pdf 2023-11-28
5 202341080587-COMPLETE SPECIFICATION [28-11-2023(online)].pdf 2023-11-28
6 202341080587-FORM-26 [27-12-2023(online)].pdf 2023-12-27
7 202341080587-Request Letter-Correspondence [04-01-2024(online)].pdf 2024-01-04
8 202341080587-Form 1 (Submitted on date of filing) [04-01-2024(online)].pdf 2024-01-04
9 202341080587-Covering Letter [04-01-2024(online)].pdf 2024-01-04
10 202341080587-CERTIFIED COPIES TRANSMISSION TO IB [04-01-2024(online)].pdf 2024-01-04
11 202341080587-Proof of Right [08-01-2024(online)].pdf 2024-01-08
12 202341080587-Proof of Right [12-01-2024(online)].pdf 2024-01-12