System and method for application isolation

US 10,606,634 B1
Filed: 02/18/2019
Issued: 03/31/2020
Est. Priority Date: 04/10/2009
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more central processing units;

one or more isolated environments including one or more applications; and

one or more resource mappings between resources as requested by the one or more applications and the corresponding resources inside said isolated environments;

wherein the one or more central processing units and the one or more isolated environments are configured to interact with each other;

wherein a resource mapping for an application is created or updated during one or more of installing said application in an isolated environment, running said application in said isolated environment, or accessing a resource corresponding to said resource mapping; and

wherein a resource mapping for an application is removed or updated during one or more of uninstalling said application, deleting a resource corresponding to said resource mapping, archiving at least one of the one or more isolated environments, or copying an isolated environment to a new location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer readable medium for providing application isolation to one or more applications and their associated resources. The system may include one or more isolated environments including application files and executables, and one or more interception layers intercepting access to system resources and interfaces. Further, the system may include an interception database maintaining mapping between the system resources inside the one or more isolated environments and outside, and a host operating system. The one or more applications may be isolated from other applications and the host operating system while running within the one or more isolated environments.

154 Citations

20 Claims

1. A system, comprising:
- one or more central processing units;
  
  one or more isolated environments including one or more applications; and
  
  one or more resource mappings between resources as requested by the one or more applications and the corresponding resources inside said isolated environments;
  
  wherein the one or more central processing units and the one or more isolated environments are configured to interact with each other;
  
  wherein a resource mapping for an application is created or updated during one or more of installing said application in an isolated environment, running said application in said isolated environment, or accessing a resource corresponding to said resource mapping; and
  
  wherein a resource mapping for an application is removed or updated during one or more of uninstalling said application, deleting a resource corresponding to said resource mapping, archiving at least one of the one or more isolated environments, or copying an isolated environment to a new location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein the one or more applications are isolated from other applications and a host operating system while the one or more applications run within the one or more isolated environments.
  - 3. The system according to claim 1 comprising one or more interception layers configured to intercept access to host operating system resources and host operating system interfaces.
  - 4. The system according to claim 3, wherein the one or more interception layers intercept calls by the one or more applications to the host operating system and system libraries.
  - 5. The system according to claim 1, wherein updates to the one or more isolated environments occur as the one or more applications use additional resources.
  - 6. The system according to claim 1, wherein said one or more resource mappings are maintained in an interception database.
  - 7. The system according to claim 1, wherein the one or more isolated environments are stored on a local storage.
  - 8. The system according to claim 1, wherein the one or more isolated environments are stored on a networked storage and the one or more applications are delivered over a network.
  - 9. The system according to claim 1, wherein each of the one or more applications is installed into its own isolated environment.
  - 10. The system according to claim 1, wherein two or more applications are installed into a shared isolated environment.
  - 11. The system according to claim 10, wherein the two or more applications share resources inside the shared isolated environment.
  - 12. The system according to claim 1, wherein two or more applications are installed into separate isolated environments and the one or more applications run concurrently in the separate isolated environments.
  - 13. The system according to claim 1, wherein a first application of the one or more applications is installed twice into separate isolated environments, and the separate isolated environments run concurrently and independently.

14. A method, comprising:
- creating one or more isolated environments during installation of one or more applications;
  
  maintaining a mapping between a resource as requested by the one or more applications and the corresponding resource inside said isolated environments, wherein said mapping is created or updated during one or more of installing an application in an isolated environment, running said application in said isolated environment, or accessing a resource corresponding to said resource mapping; and
  
  uninstalling an application of the one or more applications, wherein said uninstalling comprises one or more of removing at least one of said mappings, uninstalling said application, and removing isolated environment information from storage.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14 comprising intercepting access to system resources and interfaces at one or more interception layers.
  - 16. The method of claim 14 comprising updating the one or more isolated environments as the one or more applications use additional resources.

17. The method 14 comprising isolating the one or more applications from other applications and a host operating system while running within the one or more isolated environments.

18. A non-transitory computer readable storage medium comprising instructions for:
- creating one or more isolated environments during installation of one or more applications;
  
  maintaining a mapping between a resource as requested by the one or more applications and the corresponding resource inside said isolated environments, wherein said mapping is created or updated during one or more of installing an application in an isolated environment, running said application in said isolated environment, or accessing a resource corresponding to said resource mapping; and
  
  uninstalling an application of the one or more applications, wherein said uninstalling comprises one or more of removing at least one of said mappings, uninstalling said application, and removing isolated environment information from storage.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer readable storage medium of claim 18 comprising instructions for updating the one or more isolated environments as the one or more applications use additional resources.
  - 20. The non-transitory computer readable storage medium of claim 18 comprising instructions for isolating the one or more applications from other applications and a host operating system while running within the one or more isolated environments.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Open Invention Network LLC
Inventors
Havemose, Allan
Primary Examiner(s)
Wu, Qing Yuan

Application Number

US16/278,659
Time in Patent Office

407 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/008   Reliability or availability...

G06F 2209/542   Intercept

G06F 8/61   Installation

G06F 8/62   Uninstallation

G06F 9/455   Emulation; Interpretation; ...

G06F 9/46   Multiprogramming arrangements

G06F 9/461   Saving or restoring of prog...

G06F 9/50   Allocation of resources, e....

G06F 9/545   where tasks reside in diffe...

System and method for application isolation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

154 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for application isolation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links