Isolation Environment-Based Information Access

US 20080127355A1
Filed: 09/15/2006
Published: 05/29/2008
Est. Priority Date: 09/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method, at least partially implemented by a computing-based device, comprising:

creating an isolation environment on the computing-based device;

isolating a program in the isolation environment; and

accessing information through the isolation environment unbeknownst to the program and/or the computing-based device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).

85 Citations

View as Search Results

20 Claims

1. A method, at least partially implemented by a computing-based device, comprising:
- creating an isolation environment on the computing-based device;
  
  isolating a program in the isolation environment; and
  
  accessing information through the isolation environment unbeknownst to the program and/or the computing-based device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein creating comprises running a virtual machine on the computing-based device.
  - 3. The method of claim 1, wherein accessing comprises one or more of copying, modifying, inserting and removing one or more of data, instructions and state information associated with the program.
  - 4. The method of claim 1, wherein accessing comprises one or more of copying, modifying, inserting and removing one or more of data, instructions and state information associated with the computing-based device.
  - 5. The method of claim 1, wherein accessing comprises utilizing resources of one or more of the computing-based device, and the program.
  - 6. The method of claim 1, further comprising:
    - accessing a boot sector including a boot sequence of the computing-based device;
      
      modifying the boot sequence to load instructions and commands configured to create the isolation environment when the computing-based device is next booted.
  - 7. The method of claim 6, further comprising:
    - instigating a reboot through one of prompting a user to effectuate a reboot causing a fault requiring a reboot.
  - 8. The method of claim 1, further comprising:
    - performing an emulated shutdown sequence of the computing-based device;
      
      continuing access of the computing-based device when the emulated shutdown sequence is completed.

9. One or more computer readable media comprising computer executable instructions that, when executed, direct a computing-based device to:
- create a program isolation system and a first isolation environment;
  
  load a first operating system and at least one application in the first isolation environment; and
  
  access information associated with one or more of the first operating system, the at least one application, and the computing-based device unbeknownst to one or more of the first operating system and the at least one application.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. One or more computer readable media as recited in claim 9, further comprising computer executable instructions that, when executed, direct the computing-based device to:
    - load a second operating system, the second operating system being configured to intercept commands and/or data transmitted to and/or from the first operating system and access the first operating system through use of the commands and/or data.
  - 11. One or more computer readable media as recited in claim 9, further comprising computer executable instructions that, when executed, direct the computing-based device to:
    - access a boot sector of the computing-based device; and
      
      ,modify a boot sequence in the boot sector to load instructions to create the program isolation system.
  - 12. One or more computer readable media as recited in claim 11, further comprising computer executable instructions that, when executed, direct the computing-based device to:
    - instigate a reboot of the computing-based device.
  - 13. One or more computer readable media as recited in claim 9, further comprising computer executable instructions that, when executed, direct the computing-based device to:
    - load one or more applications on the program isolation system, wherein the one or more applications are configured to access the information associated with one or more of the operating system, the at least one application, and the computing-based device.
  - 14. One or more computer readable media as recited in claim 13, wherein the one or more applications include:
    - a key stroke logger;
      
      a search engine.
  - 15. One or more computer readable media as recited in claim 9, further comprising computer executable instructions that, when executed, direct the computing-based device to:
    - take portions of the computing-based device through an emulated shutdown sequence.

16. A computing-based device comprising:
- hardware, including one or more processors and memory; and
  
  a program isolation module executed from memory by the processors, the program isolation module including instructions to implement a program isolation system and/or at least one isolation environment, wherein the program isolation system and/or at least one isolation environment are configured to provide access to the hardware and/or one or more programs running on the program isolation system, and/or in the at least one isolation environment, wherein the access is undetectable by the one or more programs running on the program isolation system, and/or in the at least one isolation environment.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing-based device of claim 16, wherein the program isolation module is further configured to implement interception of data and commands transmitted between the hardware and the one or more programs running on the program isolation system and/or in the at least one isolation environment.
  - 18. The computing-based device of claim 17, wherein the program isolation module is further configured to save the intercepted commands and data in the memory.
  - 19. The computing-based device of claim 16, wherein the program isolation module comprises a virtual machine monitor, and further wherein the at least one isolation environment comprises a virtual machine.
  - 20. The computing-based device of claim 16, wherein the program isolation module is configured to take control over select resources of the hardware unbeknownst to the one or more programs running on the program isolation system and/or in the at least one isolation environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wang, Yi-Min, Verbowski, Chad, King, Samuel, Wang, Helen J., Lorch, Jacob R.

Granted Patent

US 8,024,815 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/29
CPC Class Codes

H04N 21/4435   Memory management allocatio...

H04N 21/4437   Implementing a Virtual Mach...

H04N 21/818   OS software

Isolation Environment-Based Information Access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Isolation Environment-Based Information Access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links