METHOD AND APPARATUS FOR MOVING PROCESSES BETWEEN ISOLATION ENVIRONMENTS

US 20110173618A1
Filed: 03/21/2011
Published: 07/14/2011
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for isolating access by application programs to native resources provided by an operating system, the method comprising the steps of:

redirecting to an isolation environment comprising a user isolation scope and an application isolation scope a request for a native resource made by a process executing on behalf of a first user;

locating an instance of the requested resource in the user isolation scope on behalf of a first user; and

responding to the request for the native resource using the instance of the resource located in the user isolation scope.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.

30 Citations

View as Search Results

32 Claims

1. A method for isolating access by application programs to native resources provided by an operating system, the method comprising the steps of:
- redirecting to an isolation environment comprising a user isolation scope and an application isolation scope a request for a native resource made by a process executing on behalf of a first user;
  
  locating an instance of the requested resource in the user isolation scope on behalf of a first user; and
  
  responding to the request for the native resource using the instance of the resource located in the user isolation scope.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 wherein step (b) comprises failing to locate an instance of the requested resource in the user isolation scope.
  - 3. The method of claim 2 wherein step (c) comprises redirecting the request to the application isolation scope.
  - 4. The method of claim 3 further comprising the steps of:
    - locating an instance of the requested resource in the application isolation scope; and
      
      responding to the request for the native resource using the instance of the resource located in the application isolation scope.
  - 5. The method of claim 4 wherein step (e) comprises creating an instance of the requested resource in the user isolation scope that corresponds to the instance of the requested resource located in the application isolation scope and responding to the request for the native resource using the instance of the resource created in the user isolation scope.
  - 6. The method of claim 4 wherein step (d) comprises failing to locate an instance of the requested native resource in the application isolation scope.
  - 7. The method of claim 6 wherein step (e) comprises responding to the request for the native resource using the system-scoped native resource.
  - 8. The method of claim 6 wherein step (e) comprises:
    - creating an instance of the requested resource in the user isolation scope that corresponds to the instance of the requested resource located in the system scope and responding to the request for the native resource using the instance of the resource created in the user isolation scope.
  - 9. The method of claim 1 further comprising the step of hooking a request for a native resource made by a process executing on behalf of a first user.
  - 10. The method of claim 1 further comprising the step of intercepting a request for a native resource executing on behalf of a first user.
  - 11. The method of claim 1 further comprising the step of intercepting by a file system filter driver a request for a file system native resource executing on behalf of a first user.
  - 12. The method of claim 1 wherein step (a) comprises redirecting to an isolation environment comprising a user isolation scope and an application isolation scope a request for a file made by a process executing on behalf of a first user.
  - 13. The method of claim 1 wherein step (a) comprises redirecting to an isolation environment comprising a user isolation scope and an application isolation scope a request for a registry database entry made by a process executing on behalf of a first user.
  - 14. The method of claim 1 further comprising the steps of:
    - redirecting to the isolation environment a request for the native resource made by a second process executing on behalf of a second user;
      
      locating an instance of the requested resource in a second user isolation scope; and
      
      responding to the request for the native resource using the version of the native resource located in the second user isolation scope.
  - 15. The method of claim 14 wherein the process executes concurrently on behalf of a first user and a second user.
  - 16. The method of claim 14 wherein step (e) comprises failing to locate an instance of the requested resource in the second user isolation scope.
  - 17. The method of claim 16 wherein step (f) comprises redirecting the request to the application isolation scope.
  - 18. The method of claim 17 further comprising the steps of:
    - locating an instance of the requested resource in the application isolation scope; and
      
      responding to the request for the native resource using the version of the native resource located in the application isolation scope.
  - 19. The method of claim 1 further comprising the steps of:
    - redirecting to the isolation environment a request for a native resource made by a second process executing on behalf of a first user;
      
      locating an instance of the requested native resource in the user isolation scope; and
      
      responding to the request for the native resource using the version of the resource located in the user isolation scope.
  - 20. The method of claim 19 wherein step (e) comprises failing to locate an instance of the requested resource in the user isolation scope.
  - 21. The method of claim 20 wherein step (f) comprises redirecting the request to a second application isolation scope.
  - 22. The method of claim 21 further comprising the steps of:
    - locating an instance of the requested resource in the second application isolation scope; and
      
      responding to the request for the native resource using the version of the native resource located in the second application isolation scope.

23. An isolation environment for isolating access by application programs to native resources provided by an operating system, the isolation environment comprising:
- a user isolation scope storing an instance of a native resource, the user isolation scope corresponding to a user; and
  
  a redirector intercepting a request for the native resource made by a process executing on behalf of the user and redirecting the request to the user isolation scope.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The apparatus of claim 23 wherein the isolation environment further comprises an application isolation scope storing an instance of the native resource.
  - 25. The apparatus of claim 24 wherein the isolation environment further comprises a second application isolation scope storing an instance of the native resource.
  - 26. The apparatus of claim 23 wherein the redirector returns a handle to the requesting application that identifies the native resource.
  - 27. The apparatus of claim 23 further comprising a rules engine specifying behavior for the redirector when redirecting the request.
  - 28. The apparatus of claim 23 wherein the redirector comprises a file system filter driver.
  - 29. The apparatus of claim 23 wherein the redirector comprises a function hooking mechanism.
  - 30. The apparatus of claim 29 wherein the function hooking apparatus intercepts an operation selected from the group of file system operations, registry operations, WINDOWS services, MSI services, named object operations, window operations, file-type association operations and COM server operations.
  - 31. The apparatus of claim 23 wherein the application isolation environment further comprises a second user isolation scope storing a second instance of the native resource.
  - 32. The apparatus of claim 23 wherein the application isolation environment further comprises a second user isolation scope storing an instance of the native resource, the second user isolation scope corresponding to a second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Bissett, Nicholas Alexander, Laborczfalvi, Lee George, Borzycki, Andrew Gerard, Roychoudhry, Anil, Chin, Huai Chiun, Muir, Jeffrey Dale, Mazzaferri, Richard James

Granted Patent

US 8,352,964 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/100
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 21/53   by executing in a restricte...

G06F 2209/542   Intercept

G06F 8/61   Installation

G06F 9/45537   Provision of facilities of ...

G06F 9/468   Specific access rights for ...

G06F 9/4856   resumption being on a diffe...

G06F 9/5011   the resources being hardwar...

G06F 9/52   Program synchronisation; Mu...

G06F 9/541   via adapters, e.g. between ...

G06F 9/545   where tasks reside in diffe...

Y10S 707/99931   Database or file accessing

METHOD AND APPARATUS FOR MOVING PROCESSES BETWEEN ISOLATION ENVIRONMENTS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR MOVING PROCESSES BETWEEN ISOLATION ENVIRONMENTS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links