Operating system-wide sandboxing via switchable user skins

US 20060229741A1
Filed: 04/07/2005
Published: 10/12/2006
Est. Priority Date: 04/07/2005
Status: Active Grant

First Claim

Patent Images

1. In a data processing system having a base system with one or more system drives on which is provided a base operating system (BOS), base program applications, files and data, a method comprising:

installing a system-wide skin over the base system, said system-wide skin logically covering the one or more system drives of the base system;

completing all operations performed on the data processing system within the system-wide skin, including BOS-level operations, wherein the base system is not affected by updates and installations made to the data processing system while said system-wide skin is in place.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system that provides a pass through block device that is utilized to redirect all the writes bound to the system drive(s) to an overlay skin device. Reads are performed on overlay device contents and the overlay device contents take precedence over the contents of the base device. Applications of a particular theme may be installed on the overlay device. The overlay device is provided on a removable media and thus allows for creation of a set of exchangeable skins. Nested overlays are utilized to create separation of the OS data, application data, and user data. Switchable user skins enable writes into overlays and allow a user to create operating environments which can be utilized to change the use of a computer system. Since the overlays are provided on a removable media, the user only needs to substitute the overlay to switch the user'"'"'s operating environment.

62 Citations

View as Search Results

20 Claims

1. In a data processing system having a base system with one or more system drives on which is provided a base operating system (BOS), base program applications, files and data, a method comprising:
- installing a system-wide skin over the base system, said system-wide skin logically covering the one or more system drives of the base system;
  
  completing all operations performed on the data processing system within the system-wide skin, including BOS-level operations, wherein the base system is not affected by updates and installations made to the data processing system while said system-wide skin is in place.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said installing of the system-wide skin comprises:
    - dynamically detecting a presence of a skin media having an associated skin drive during a boot up of the data processing system;
      
      changing a value of a device driver pointer of a basic input output system (BIOS) of the data processing system to point to the skin drive rather than the system drive, wherein all accesses addressed to the system drive are automatically redirected to the skin drive; and
      
      initializing said base system as a read only level when said skin media is detected, wherein said system-wide skin is utilized for all write access on said data processing system.
  - 3. The method of claim 2, wherein:
    - said skin media is one of (1) a logical partition of the system drive that is hidden from a systems view of available drives and (2) a removable media; and
      
      said method further comprises enabling portability of the system-wide skin on the removable media.
  - 4. The method of claim 1, wherein said system-wide skin is a first level skin, said method further comprising:
    - enabling installation of one or more additional levels of system-wide skins on top of a first-level skin, wherein each level skin is a complete system-wide skin that supercedes a level below for performing all write accesses on the data processing system.
  - 5. The method of claim 1, wherein the completing of all operations comprises:
    - reading all requests for data from the system-wide skin when the data is available at the system level skin;
      
      reading the request for data from a lower level skin or said base system only when the data is not available at the current-level of system-wide skin; and
      
      performing all writing of new data and updates to existing data at the system-wide skin, wherein said base system is read only while said system-wide skin is present.
  - 6. The method of claim 1, wherein said system-wide skin includes skin-level OS functionality and skin-level applications and data, said method further comprising:
    - installing said system-wide skin as a complete operating environment over the base system having a specific functionality provided by the skin-level applications, by;
      
      overriding BOS functionality with skin-level OS functionality; and
      
      installing said skin-level applications; and
      
      suppressing execution of base system applications.
  - 7. The method of claim 1, further comprising:
    - booting up said data processing system with the base system; and
      
      when a BIOS discovers a system level skin during the boot-up process;
      
      executing code for subsequently overlaying the system-wide skin over the base system during said booting up;
      
      enabling direct access to the said system-wide skin following said booting up without making said system-wide skin visible within the BOS system view; and
      
      enabling user override of the visibility of the skin drive to provide said skin drive as another drive of the data processing system within the BOS system view.
  - 8. The method of claim 1, wherein said one or more system drives includes a plurality of system and other non-system drives of the data processing system, and said installing provides a system-wide skin overlay of all drives on the data processing system.
  - 9. The method of claim 1, wherein said installing further comprises:
    - enabling piecemeal setup of the system-wide skin during boot-up of the data processing system, such that privilege levels for reading, writing, and hiding applications, files, data, and directories are provided on a per directory and per skin basis, wherein a user may exercise finer control on the operating environment.

10. A computer program product comprising:
- a computer readable medium; and
  
  program code on the computer readable medium for;
  
  installing a system-wide skin over a base system of a computer device with one or more system drives on which is provided a base operating system (BOS), said system-wide skin logically covering the one or more system drives of the base system;
  
  completing all operations performed on the data processing system within the system-wide skin, including BOS-level operations, wherein the base system is not affected by updates and installations made to the data processing system while said system-wide skin is in place; and
  
  enabling installation of one or more additional levels of system-wide skins on top of a first-level skin, wherein each level skin is a complete system-wide skin that supersedes a level below for performing all write accesses on the data processing system.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer program product of claim 10, wherein said code for installing of the system-wide skin comprises code for:
    - detecting a presence of a skin media having an associated skin drive during a boot up of the data processing system; and
      
      changing a value of a device driver pointer of a basic input output system (BIOS) of the data processing system to point to the skin drive rather than the system drive, wherein all accesses addressed to the system drive are automatically redirected to the skin drive.
  - 12. The computer program product of claim 10, wherein the code for completing all operations comprises code for:
    - reading all requests for data from the system-wide skin when the data is available at the system level skin;
      
      reading the request for data from a lower level skin or said base system only when the data is not available at the current-level of system-wide skin; and
      
      performing all writing of new data and updates to existing data at the system-wide skin, wherein said base system is read only while said system-wide skin is present.
  - 13. The computer program product of claim 10, wherein said system-wide skin includes skin-level OS functionality and skin-level applications and data, said program product further comprising code for:
    - installing said system-wide skin as a complete operating environment over the base system having a specific functionality provided by the skin-level applications, by overriding BOS functionality with skin-level OS functionality; and
      
      installing said skin-level applications; and
      
      suppressing execution of base system applications.
  - 14. The computer program product of claim 10, further comprising code for:
    - booting up said data processing system with the base system; and
      
      when a BIOS discovers a system level skin during the boot-up process;
      
      executing code for subsequently overlaying the system-wide skin over the base system during said booting up; and
      
      enabling direct access to the said system-wide skin following said booting up without making said system-wide skin visible within the BOS system view; and
      
      enabling user override of the visibility of the skin drive to provide said skin drive as another drive of the data processing system within the BOS system view; and
      
      during post-boot up operation of the data processing system;
      
      detecting a presence of a new removable skin-media with a corresponding system-wide skin; and
      
      initiating a re-boot of the data processing system to account for the presence of the new removable skin-media and to install the system-wide skin.
  - 15. The computer program product of claim 10, wherein said code for installing further comprises code for:
    - enabling piecemeal setup of the system-wide skin during boot-up of the data processing system, such that privilege levels for reading, writing, and hiding applications, files, data, and directories are provided on a per directory and per skin basis, wherein a user may exercise finer control on the operating environment.

16. A computer system comprising:
- a processor;
  
  a memory storage device that provides a system drive;
  
  a base system with components store on said memory storage device and accessible via said system drive, said components including a base operating system (BOS); and
  
  a system-wide skin that completely overlays the base system such that all updates within the computer system occur only on the system-wide skin and do not change any of the base system components.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer system of claim 16, further comprising:
    - a basic input out system (BIOS);
      
      a device driver that targets the specific system drive for completing updates generated on the computer system; and
      
      wherein the BIOS switches a pointer of the device driver from directing said updates addressed to the system drive towards a skin drive/media on which the system-wide skin is provided such that all updates directed to the system drive are written to the skin drive/media.
  - 18. The computer system of claim 16, further comprising:
    - a hard drive with an input port for connecting an external skin media having logic thereon for executing the system-wide skin; and
      
      logic associated with the hard drive and BIOS that, responsive to a detection of an external skin media at said input port, automatically initiates a reboot of the computer system, during which reboot the BIOS switches the pointer value from the system drive to the drive of the external skin media. wherein said logic includes logic from preventing said skin drive from being visible from the BOS system view.
  - 19. The computer system of claim 17, further comprising a device having:
    - a storage medium;
      
      a connector for connecting the device to a hard drive of a computer system;
      
      program code on said storage medium for providing a system-wide skin that completely overlays a base system of the computer system such that all updates within the computer system occur only on the system-wide skin and do not change any base system components;
      
      program logic on the storage medium that triggers a basic input/output system (BIOS) of the computer system to re-configure a device driver pointers to direct all accesses addressed to the base system towards the storage medium of the device.
  - 20. The computer system of claim 19, said device further comprising:
    - a connection port for coupling a second skin device, said second skin device having a second system-wide skin, which overlays the system-wide skin provided by the device, wherein all accesses addressed to the base system is re-directed towards the second system-wide skin, and un-resolved read data requests at the second system-wide skin are first forwarded to the system-wide skin prior to forwarding to said base system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jones, Scott Thomas, Achanta, Phani Gopal V., Hussain, Riaz Y.

Granted Patent

US 7,519,809 B2
Time in Patent Office

Days
Field of Search
US Class Current

700/23
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 9/4406   Loading of operating system

G06F 9/451   Execution arrangements for ...

Operating system-wide sandboxing via switchable user skins

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Operating system-wide sandboxing via switchable user skins

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others