FRAMEWORK FOR RUNNING UNTRUSTED CODE

US 20140365443A1
Filed: 06/07/2013
Published: 12/11/2014
Est. Priority Date: 06/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method for performing a task, comprising:

booting into a first operating system maintained by a first file system, the first operating system being protected by a file protection mechanism;

checking, by an agent, to determine if a second operating system has been corrupted, the second operating system being maintained by a second file system;

storing the state of the second operating system, when said checking determines that the second operating system has not been corrupted;

providing task functionality at a location that is accessible to the second file system;

booting into the second file system;

performing a task using the task functionality, using the second operating system;

storing results of the task;

booting back into the first operating system;

retrieving, by the agent, the results; and

restoring the second file system to an original state based on the state that has been stored.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing platform is described herein for performing a task on a physical system. For example, the task may entail testing untrusted code on the physical system. The processing platform provides the same isolation guarantees as a virtual machine, but without using a virtual machine. A processing framework is also described herein which includes two or more processing platforms, together with a control system for administering the operations performed by the processing platforms.

74 Citations

View as Search Results

20 Claims

1. A method for performing a task, comprising:
- booting into a first operating system maintained by a first file system, the first operating system being protected by a file protection mechanism;
  
  checking, by an agent, to determine if a second operating system has been corrupted, the second operating system being maintained by a second file system;
  
  storing the state of the second operating system, when said checking determines that the second operating system has not been corrupted;
  
  providing task functionality at a location that is accessible to the second file system;
  
  booting into the second file system;
  
  performing a task using the task functionality, using the second operating system;
  
  storing results of the task;
  
  booting back into the first operating system;
  
  retrieving, by the agent, the results; and
  
  restoring the second file system to an original state based on the state that has been stored.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the first file system is hosted by a first storage device and the second file system is hosted by a second storage device.
  - 3. The method of claim 2, wherein the second storage device is a removable flash storage device.
  - 4. The method of claim 1, wherein the file protection mechanism provides:
    - an encryption mechanism for encrypting information stored by the first file system;
      
      a decryption mechanism for decrypting the information stored by the first file system;
      
      a secure store for storing key information used to encrypt and decrypt the information stored by the first file system; and
      
      a protocol for releasing the key information upon booting into the first file system upon verifying that a start up process has not been tampered with, but not releasing the key information when the second file system is booted into.
  - 5. The method of claim 1, further comprising, after initially booting into the first operating system, establishing a secure connection with a control system.
  - 6. The method of claim 1, wherein:
    - the second file system maintains the second operating system as a parent operating system on a virtual hard disk, andsaid checking comprises checking a current hash of the parent operating system with a reference hash.
  - 7. The method of claim 6, wherein:
    - said storing of the state comprises creating a differencing disk for storing changes made to the second file system, wherein the parent operating system represents the state of the second operating system that is stored, andsaid restoring comprises discarding information stored on the differencing disk following the task.
  - 8. The method of claim 1, wherein:
    - the second file system maintains the second operating system in a particular storage domain, andsaid checking comprises checking a hash of each individual file associated with the second operating system with a respective reference hash.
  - 9. The method of claim 8, wherein:
    - said storing of the state comprises creating and storing a snapshot of the state of the second operating system, andsaid restoring comprises reverting the second operating system to a previous state, based on the snapshot that has been stored.
  - 10. The method of claim 1, wherein said performing of the task comprises performing at least one test on untrusted code.
  - 11. The method of claim 1, further comprising detecting whether said booting back into the first operating system fails to take place within a prescribed amount of time, and performing at least one corrective action if said booting back into the first operating system fails to take place within the prescribed amount of time.
  - 12. The method of claim 1, further comprising forwarding the results of the task to a control system over a secure channel.
  - 13. The method of claim 1, further comprising returning to said checking to commence performing another task.

14. A processing platform for performing a task, comprising:
- a first file system for providing a first operating system;
  
  a file protection mechanism for protecting information that is provided by the first operating system;
  
  a second file system for providing a second operating system,an agent configured to determine whether the second operating system has been corrupted,task functionality configured to perform a task using the second operation system, to provide results;
  
  a data store for storing the results; and
  
  reversion functionality configured to store a state of the second operating system, and to revert to the state that has been stored, following the execution of the task,the first operating system being isolated from processing performed by the second operating system.
- View Dependent Claims (15, 16, 17)
- - 15. The processing platform of claim 14, wherein the agent is configured to determine whether the second operating system has been corrupted by comparing a current hash of at least one file associated with the second operating system with a reference hash.
  - 16. The processing platform of claim 14,wherein the second file system includes:
    - a virtual hard disk for storing the second operating system as a parent operating system; and
      
      a differencing disk which stores changes made to the second file system,and wherein the reversion functionality comprises;
      
      functionality for invoking a differencing disk-creation mechanism, for creating the differencing disk; and
      
      functionality for subsequently discarding information stored on the differencing disk after the task is performed.
  - 17. The processing platform of claim 14,wherein the second file system includes a particular storage domain for storing the second operating system,and wherein the reversion functionality comprises:
    - functionality for invoking a state-forming mechanism, for creating a snapshot of the state of the second operating system; and
      
      functionality for subsequently reverting to the state after the task has been performed, based on the snapshot.

18. A processing framework comprising:
- a control system for administering a test to be performed on at least one application, the application representing untrusted code;
  
  at least one processing platform for performing the test, each processing platform comprising;
  
  a first file system for providing a first operating system;
  
  a file protection mechanism for protecting information that is provided by the first operating system;
  
  a second file system for providing a second operating system,an agent configured to determine whether the second operating system has been corrupted,task functionality configured to perform the test using the second operation system, to provide results;
  
  a data store for storing the results; and
  
  reversion functionality configured to store a state of the second operating system, and to revert to the state that has been stored following the execution of the test; and
  
  an encrypted channel for coupling the control system with said at least one processing platform.
- View Dependent Claims (19, 20)
- - 19. The processing framework of claim 18,wherein the second file system comprises:
    - a virtual hard disk for storing the second operating system as a parent operating system; and
      
      a differencing disk which stores changes made to the second file system,and wherein the reversion functionality comprises;
      
      functionality for invoking a differencing disk-creating mechanism, for creating the differencing disk; and
      
      functionality for subsequently discarding information stored on the differencing disk after the test is performed.
  - 20. The processing framework of claim 18,wherein the second file system includes a particular storage domain for storing the second operating system,and wherein the reversion functionality comprises:
    - functionality for invoking a state-forming mechanism, for creating a snapshot of the state of the second operating system; and
      
      functionality for subsequently reverting to the state after the test has been performed, based on the snapshot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Goel, Nitin Kumar, Craioveanu, Cristian, Shin, Jinwook, Florio, Elia, Wilkey, Craig Douglas Jr.

Granted Patent

US 10,025,674 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/679
CPC Class Codes

G06F 11/1469   Backup restoration techniques

G06F 11/3664   Environments for testing or...

G06F 21/53   by executing in a restricte...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 9/441   Multiboot arrangements, i.e...

FRAMEWORK FOR RUNNING UNTRUSTED CODE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FRAMEWORK FOR RUNNING UNTRUSTED CODE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links