Performing secure and insecure computing operations in a compartmented operating system
First Claim
1. A method for running a process, comprising the steps of:
- (a) providing a host operating system;
(b) running a process directly on the host operating system;
(c) selectively providing a guest operating system when the process attempts a predetermined operation; and
(d) running the process on the guest operating system.
3 Assignments
0 Petitions
Accused Products
Abstract
A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.
-
Citations
15 Claims
-
1. A method for running a process, comprising the steps of:
-
(a) providing a host operating system;
(b) running a process directly on the host operating system;
(c) selectively providing a guest operating system when the process attempts a predetermined operation; and
(d) running the process on the guest operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for running a process, comprising the steps of:
-
(a) providing a host operating system;
(b) providing a process which attempts an operation;
(c) monitoring attempted operations of the process by comparing against a first set and a second set;
(d) where the attempted operation falls into the first set, allowing the attempted operation to execute directly on the host operating system;
(e) where the attempted operation falls into the second set, providing a guest operating system and allowing the attempted operation to execute on the guest operating system.
-
-
10. A computing platform for running a process, comprising:
-
a host operating system for running a process; and
a guest operating system selectively provided for running the process when the process attempts a predetermined operation. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification