SYSTEMS AND METHODS FOR SERVICE ISOLATION

US 20110173251A1
Filed: 12/13/2010
Published: 07/14/2011
Est. Priority Date: 12/14/2009
Status: Active Grant

First Claim

Patent Images

1. A method for streaming an application, which uses local machine resources, on a local machine comprising the steps of:

receiving, by a local machine, a request to stream an application;

receiving, by a local machine, a file including access information for accessing a plurality of application files and for executing a first client capable of receiving an application stream;

retrieving an identification of the plurality of application files, responsive to the file;

receiving, by a local machine, information identifying whether the application requires the use of services with greater permissions levels than those available to the user of the local machine;

creating an isolation environment for isolated services with permissions levels greater than those available to the application; and

starting one or more isolated services in the isolation environment with permissions levels greater than those available to the application.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods of streaming an application from a remote location to a local machine system, and using local machine system resources in executing that application. In various embodiments, services needed by a streamed application may be started with high local system privileges in their own isolation environment. These service may be started, stopped, and otherwise managed by a Service Control Manager. In order for an application to both access services that operate at high local system privileges and the network so that it can access remotely stored, streaming, information; a streaming application may rely on privileges of the user when accessing network information rather than the higher privileges of the services running in isolation.

Citations

20 Claims

1. A method for streaming an application, which uses local machine resources, on a local machine comprising the steps of:
- receiving, by a local machine, a request to stream an application;
  
  receiving, by a local machine, a file including access information for accessing a plurality of application files and for executing a first client capable of receiving an application stream;
  
  retrieving an identification of the plurality of application files, responsive to the file;
  
  receiving, by a local machine, information identifying whether the application requires the use of services with greater permissions levels than those available to the user of the local machine;
  
  creating an isolation environment for isolated services with permissions levels greater than those available to the application; and
  
  starting one or more isolated services in the isolation environment with permissions levels greater than those available to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the step of using credentials or a token with different permissions than that of the isolation environment for isolated services to access information unavailable to services running with permissions of the isolation environment for isolated services.
  - 3. The method of claim 1, wherein receiving information identifying whether the application requires the use of services with greater permissions levels than those available to the user of the local machine includes receiving at least one of mapping information, profiling information, or information identifying services as isolated services.
  - 4. The method of claim 1, where the starting of isolated services occurs after an application is launched and the application requests a service that is determined to be an isolated service.
  - 5. The method of claim 1, further comprising the step of deleting all the isolated services.
  - 6. The method of claim 1, wherein starting an isolated service occurs upon startup or reboot of the local machine.
  - 7. The method of claim 1, wherein an isolated service is started in its own sandbox.
  - 8. The method of claim 1, where creating an isolation environment is accomplished through the use of a Service Control Manager.
  - 9. The method of claim 8, wherein the Service Control Manager initiates, manages, starts, stops, pauses, or deletes an isolated service.
  - 10. The method of claim 8, wherein the Service Control Manager determines whether a particular service should be isolated.

11. A system for streaming an application on a local machine which is capable of using local machine resources, the system comprising:
- a local machine communicatively connected to a network;
  
  an environment on the local machine for running a streamed application from the network; and
  
  an isolation environment on the local machine for running isolated services with permissions levels greater than those available to the environment running a streamed application.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, further comprising storage on the network for information identifying whether an application requires the use of services with greater permissions levels than those available to the user of a local machine.
  - 13. The system of claim 11, further comprising a Service Control Manager.
  - 14. The system of claim 11, wherein the isolation environment further comprises sandboxes for each isolated service.
  - 15. The system of claim 11, wherein the local machine comprises storage for isolated services information.

16. A system for streaming an application on a local machine which is capable of using local machine resources, the system comprising:
- means for receiving, by a local machine, a request to stream an application;
  
  means for receiving, by a local machine, a file including access information for accessing a plurality of application files and for executing a first client capable of receiving an application stream;
  
  means for retrieving an identification of the plurality of application files, responsive to the file;
  
  means for receiving, by a local machine, information identifying whether the application requires the use of services with greater permissions levels than those available to the user of the local machine,means for creating an isolation environment for isolated services with permissions levels greater than those available to the application.means for starting one or more isolated services in the isolation environment with permissions levels greater than those available to the application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprising means for using credentials or a token with different permissions than that of the isolation environment for isolated services to access information unavailable to services running with permissions of the isolation environment for isolated services.
  - 18. The system of claim 16, further comprising means for receiving information identifying whether the application requires the use of services with greater permissions levels than those available to the user of the local machine where said information includes receiving at least one of mapping information, profiling information, or information identifying services as isolated services.
  - 19. The system of claim 16, further comprising means for starting isolated services after an application has launched and the application requests a service that is determined to be an isolated service.
  - 20. The system of claim 16, further comprising means for deleting all the isolated services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
SANDHU, VIKRAMJEET, Nord, Joseph

Granted Patent

US 9,055,080 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/105   Arrangements for software l...

G06F 21/53   by executing in a restricte...

G06F 2221/033   Test or assess software

G06F 2221/2145   Inheriting rights or proper...

G06F 8/61   Installation

G06F 9/455   Emulation; Interpretation; ...

G06F 9/542   Event management; Broadcast...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

SYSTEMS AND METHODS FOR SERVICE ISOLATION

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR SERVICE ISOLATION

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links