| CPC G06F 12/1408 (2013.01) [G06F 2212/1052 (2013.01)] | 4 Claims |
|
1. An information processing system comprising:
an accelerator that is capable of encrypting data;
a storage device;
a compute unit that operates an application program, wherein the compute unit includes a plurality of virtual machines capable of operating the application program;
a storage control unit that processes a request for reading and writing data from and to a specific storage space issued by the compute unit in accordance with an instruction issued by the application program;
a monitor unit that monitors command information issued from the compute unit that sets, to the accelerator, key data used by the compute unit specified by the application program in order for the application program to encrypt data using the accelerator, wherein
when having detected that the key data set in the accelerator by the command information is not key data permitted to use, the monitor unit issues, to the storage control unit, a suspension request for suspending processing related to data writing,
the compute unit having received an instruction from the application program, reads data from the storage device, encrypts the read data using the accelerator, and issues, to the storage control unit, an instruction to write the encrypted data into the storage device, and
when having received the suspension request, the storage control unit suspends processing related to writing of data to the storage device; and
a virtual machine of the compute unit issues command information for setting, to the accelerator, key data used by the virtual machine specified by the application program provided in the virtual machine for the application program to encrypt data using the accelerator,
when having detected that the key data set by the command information issued from the virtual machine is not the key data permitted to use, the monitor unit issues, to the storage control unit, a suspension request for suspending processing related to writing of data by the virtual machine that has issued the command information, and
when having received the suspension request for suspending processing related to writing of data by the virtual machine, the storage control unit suspends processing related to writing of data by the virtual machine to the storage device.
|