Systems and methods of utilizing virtual machines to protect computer systems
First Claim
1. A method of utilizing virtual machines to protect a computer system, the method comprising the steps of:
- receiving a request to execute a computer program;
initiating a first virtual machine having a first identity and being configured to execute the computer program;
instructing the first virtual machine to execute the computer program;
receiving from the first virtual machine a request to access a first computer file on behalf of the computer program;
determining whether the first virtual machine is allowed access to the first computer file; and
permitting the first virtual machine access to the first computer file if the first virtual machine is allowed access to the first computer file.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for utilizing virtual machines to protect computer systems. A first virtual machine may be initiated to execute a computer program. When the computer program attempts to access a computer file, a determination may be made of whether the first virtual machine is allowed access to the computer file. If access is allowed, the virtual machine may be permitted access to the computer file, and the computer program may thereafter access the computer file. A first (or “master”) virtual machine may additionally or alternatively cause initiation of a second (or “slave”) virtual machine to access untrusted computer files. Master virtual machines may be configured to communicate with and/or control slave virtual machines.
-
Citations
40 Claims
-
1. A method of utilizing virtual machines to protect a computer system, the method comprising the steps of:
-
receiving a request to execute a computer program; initiating a first virtual machine having a first identity and being configured to execute the computer program; instructing the first virtual machine to execute the computer program; receiving from the first virtual machine a request to access a first computer file on behalf of the computer program; determining whether the first virtual machine is allowed access to the first computer file; and permitting the first virtual machine access to the first computer file if the first virtual machine is allowed access to the first computer file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of utilizing virtual machines to protect a computer system, the method comprising the steps of:
-
receiving a request to execute a computer program; initiating a first virtual machine having a first identity and being configured to execute the computer program; instructing the first virtual machine to execute the computer program; receiving from the first virtual machine a request to initiate a second virtual machine to access an untrusted first computer file; and initiating a second virtual machine having a second identity different than the first identity, the second virtual machine being configured to access the untrusted first computer file. - View Dependent Claims (13, 14)
-
-
15. A virtual machine for use on a computer system, the virtual machine having a first identity associated with a computer program and being configured to:
-
execute the computer program; receive a request from the computer program to access a first computer file; request permission to access the first computer file; receive permission to access the first computer file; and access the first computer file. - View Dependent Claims (16, 17)
-
-
18. A master virtual machine for use on a computer system, the master virtual machine having a first identity and being configured to:
-
execute a computer program; receive a request from the computer program to access an untrusted first computer file; cause initiation of a slave virtual machine configured to access the untrusted first computer file, the slave virtual machine having a second identity different from the first identity; communicate with the slave virtual machine. - View Dependent Claims (19, 20)
-
-
21. A storage medium, readable by a processor of a computer system, having embodied therein a first computer program of commands executable by the processor, the program being adapted to be executed to:
-
receive a request to execute a second computer program; initiate a first virtual machine having a first identity and being configured to execute the second computer program; instruct the first virtual machine to execute the second computer program; receive from the first virtual machine a request to access a first computer file on behalf of the second computer program; determine whether the first virtual machine is allowed access to the first computer file; and permit the first virtual machine access to the first computer file if the first virtual machine is allowed access to the first computer file. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A storage medium, readable by a processor of a computer system, having embodied therein a first computer program of commands executable by the processor, the first computer program being adapted to be executed to:
-
receive a request to execute a second computer program; initiate a first virtual machine having a first identity and being configured to execute the second computer program; instruct the first virtual machine to execute the second computer program; receive from the first virtual machine a request to initiate a second virtual machine to access an untrusted first computer file; and initiate a second virtual machine having a second identity different than the first identity, the second virtual machine being configured to access the untrusted first computer file. - View Dependent Claims (33, 34)
-
-
35. A storage medium, readable by a processor of a computer system, having embodied therein a first computer program of commands executable by the processor to implement a first virtual machine having a first identity, the first computer program being adapted to be executed to:
-
execute the second computer program; receive a request from the second computer program to access a first computer file; request permission to access the first computer file; receive permission to access the first computer file; and access the first computer file. - View Dependent Claims (36, 37)
-
-
38. A storage medium, readable by a processor of a computer system, having embodied therein a first computer program of commands executable by the processor to implement a master virtual machine having a first identity, the first computer program being adapted to be executed to:
-
execute a second computer program; receive a request from the second computer program to access an untrusted first computer file; cause initiation of a slave virtual machine configured to access the untrusted first computer file, the slave virtual machine having a second identity different from the first identity; communicate with the slave virtual machine. - View Dependent Claims (39, 40)
-
Specification