Trusted File Indirection

US 20130282776A1
Filed: 04/23/2012
Published: 10/24/2013
Est. Priority Date: 04/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method of transferring data, comprising:

receiving an indication that a data update is available to a guest domain executing on a hypervisor, said data update including one or more data files in a file system of a trusted domain executing on the hypervisor; and

aliasing each of the one or more data files to be accessible through a file system of the guest domain.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.

Citations

20 Claims

1. A method of transferring data, comprising:
- receiving an indication that a data update is available to a guest domain executing on a hypervisor, said data update including one or more data files in a file system of a trusted domain executing on the hypervisor; and
  
  aliasing each of the one or more data files to be accessible through a file system of the guest domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein aliasing comprises a proxy driver intercepting file system calls within the guest domain and determining whether to execute each file system call within the file system of the guest domain or to pass the file system call to the trusted domain.
  - 3. The method of claim 2, wherein said proxy driver passes each file system call to the trusted domain using one or more pages of shared memory allocated to the guest domain.
  - 4. The method of claim 3, further comprising:
    - when the proxy driver intercepts a first file system call for a first data file shared by the trusted domain, sending a corresponding first request to the trusted domain by writing the first request to the shared memory;
      
      the trusted domain executing the first request on an associated data file in the file system of the trusted domain;
      
      the trusted domain writing a response to the first request in the shared memory; and
      
      the proxy driver reading the response from the shared memory.
  - 5. The method of claim 1, the indication is received based on a key value store storing file metadata for each data file shared by the trusted domain, said metadata includes a file name, a file type, a file location, a file size, and a file date.
  - 6. The method of claim 1, wherein the one or more data files comprise a plurality of files in a data directory.
  - 7. The method of claim 5, further comprising monitoring the key value store across a shared memory between the trusted domain and the guest domain.

8. One or more computer readable storage media comprising computer executable instructions that, when executed, perform data transfer between a trusted domain and a guest domain executing on a hypervisor by:
- the guest domain receiving an indication that shared data is available;
  
  a proxy driver executing in the guest domain intercepting a file system call associated with the shared data;
  
  the driver sending the file system call associated with the shared data to the trusted domain;
  
  the trusted domain executing the file system call associated with the shared data; and
  
  the trusted domain returning information to the guest domain based on execution of the file system call associated with the shared data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The computer readable media of claim 8, wherein the indication is based on key value store managed by the trusted domain, said key value store storing file metadata regarding the shared data.
  - 10. The computer readable media of claim 8, wherein the guest domain allocates a portion of memory as a shared memory, accessible by both the trusted domain and the guest domain, and wherein the proxy driver sends the file system call to the trusted domain via the shared memory, and the trusted domain returns the information to the guest domain via the shared memory.
  - 11. The computer readable media of claim 10, wherein when the file system call comprises a write command, the guest domain sends data to be written to the trusted domain via the shared memory, and the trusted domain returns a completion indicator to the guest domain via the shared memory.
  - 12. The computer readable media of claim 10, wherein when the file system call comprises a read command, the guest domain sends the read command to the trusted domain via the shared memory, and the trusted domain returns the requested read data to the guest domain via the shared memory.
  - 13. The computer readable media of claim 8, wherein the shared data comprises a file.
  - 14. The computer readable media of claim 8, wherein the shared data comprises a directory.
  - 15. The computer readable media of claim 9, wherein the key value store is stored in a memory associated with the trusted domain, and wherein the guest domain monitors the key value store by querying, via a shared memory, a key value store administration service running on the trusted domain.

16. A server device comprising:
- a processor; and
  
  memory storing computer readable instructions that, when executed by the processor, configure the device to include;
  
  a hypervisor for managing execution of a plurality of virtual machine (VM) instances, said managing including allocating a different portion of memory to each instance;
  
  a first VM instance executing on the hypervisor, said first VM instance being a trusted server domain for administration of the server device, said first VM instance allocated a first region of memory;
  
  a second VM instance executing on the hypervisor, said second VM instance being an untrusted domain associated with a customer user of the server device, said second VM instance allocated a second region of memory;
  
  shared data stored in the first region of memory allocated to the first VM instance and designated as accessible by the second VM instance; and
  
  a proxy driver executing within the second VM instance, said proxy driver configured to;
  
  intercept file system calls within the second VM instance; and
  
  when an intercepted file system call is associated with the shared data, proxying the file system call to the first VM instance for execution.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The server device of claim 16, wherein said second VM instance designates a portion of the second region of memory as shared memory with the first VM instance, and wherein said second VM instance proxies the file system call to the first VM instance by writing the file system call to the portion of the shared memory.
  - 18. The server device of claim 16, wherein the shared data comprises a plurality of data files.
  - 19. The server device of claim 16, wherein the shared data comprises a file directory.
  - 20. The server device of claim 16, further comprising a key value store stored in the first region of memory, said key value store storing file metadata regarding the shared data, where said file metadata is accessible by the second VM instance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Durrant, Paul, Chalmers, Ben

Granted Patent

US 8,819,090 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/827
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/16   File or folder operations, ...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 63/10   for controlling access to d...

Trusted File Indirection

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted File Indirection

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links