APPROACHES FOR SECURING AN INTERNET ENDPOINT USING FINE-GRAINED OPERATING SYSTEM VIRTUALIZATION
First Claim
1. A method for executing untrusted software on a client, comprising:
- in response to receiving a request to execute an application, instantiating a virtual machine in which the application is to be executed,wherein instantiating the virtual machine is performed without human intervention.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. Selected resources such as files are displayed to the virtual machines according to user and organization policies and controls. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.
161 Citations
20 Claims
-
1. A method for executing untrusted software on a client, comprising:
-
in response to receiving a request to execute an application, instantiating a virtual machine in which the application is to be executed, wherein instantiating the virtual machine is performed without human intervention. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A client, comprising:
-
one or more processors; one or more storage mediums storing one or more sequences of instructions, which when executed by the one or more processors, causes; in response to receiving a request to execute an application, instantiating a virtual machine in which the application is to be executed, wherein instantiating the virtual machine is performed without human intervention.
-
-
20. A computer readable storage medium storing one or more sequences of instructions, which when executed by one or more processors, causes:
-
in response to receiving a request to execute an application, instantiating a virtual machine in which the application is to be executed, wherein instantiating the virtual machine is performed without human intervention.
-
Specification