Trusted File Indirection
First Claim
1. A method of transferring data, comprising:
- receiving an indication that a data update is available to a guest domain executing on a hypervisor, said data update including one or more data files in a file system of a trusted domain executing on the hypervisor; and
aliasing each of the one or more data files to be accessible through a file system of the guest domain.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for performing file transfers across different domains hosted by a virtualization server are described herein. A trusted domain (Dom 0) may indicate that one or more files, directories, and/or volumes are available to a second domain (guest domain) by updating share information stored in a key value store. The guest domain may enumerate the shared files to appear as if within its own file system structure. The guest domain intercepts calls to its file system, determines whether the requested data is actually stored in its own file system or in trusted domain, and proxies the file system call to the trusted domain when the requested data is shared by the trusted domain. Key value store information and shared data information and contents may be communicated using one or more memories shared between the trusted domain and guest domain.
-
Citations
20 Claims
-
1. A method of transferring data, comprising:
-
receiving an indication that a data update is available to a guest domain executing on a hypervisor, said data update including one or more data files in a file system of a trusted domain executing on the hypervisor; and aliasing each of the one or more data files to be accessible through a file system of the guest domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer readable storage media comprising computer executable instructions that, when executed, perform data transfer between a trusted domain and a guest domain executing on a hypervisor by:
-
the guest domain receiving an indication that shared data is available; a proxy driver executing in the guest domain intercepting a file system call associated with the shared data; the driver sending the file system call associated with the shared data to the trusted domain; the trusted domain executing the file system call associated with the shared data; and the trusted domain returning information to the guest domain based on execution of the file system call associated with the shared data. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A server device comprising:
-
a processor; and memory storing computer readable instructions that, when executed by the processor, configure the device to include; a hypervisor for managing execution of a plurality of virtual machine (VM) instances, said managing including allocating a different portion of memory to each instance; a first VM instance executing on the hypervisor, said first VM instance being a trusted server domain for administration of the server device, said first VM instance allocated a first region of memory; a second VM instance executing on the hypervisor, said second VM instance being an untrusted domain associated with a customer user of the server device, said second VM instance allocated a second region of memory; shared data stored in the first region of memory allocated to the first VM instance and designated as accessible by the second VM instance; and a proxy driver executing within the second VM instance, said proxy driver configured to; intercept file system calls within the second VM instance; and when an intercepted file system call is associated with the shared data, proxying the file system call to the first VM instance for execution. - View Dependent Claims (17, 18, 19, 20)
-
Specification