Operating system abstraction and protection layer

US 7,028,305 B2
Filed: 05/16/2001
Issued: 04/11/2006
Est. Priority Date: 05/16/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing one or more application environments on a client computer, the system comprising:

an operating system protection layer, executing on an operating system of the client computer, one or more applications executing on said operating system, the operating system protection layer comprising one or more subsystems, wherein said protection layer is provided between one or more applications and said operating system and between each of the one or more applications, wherein the protection layer providing each of the one or more applications with its respective virtual operating environment in which each of the one or more applications execute, wherein said respective virtual operating environment appears to each of the one or more applications to be an installation environment without performing an installation, whereby a “

pseudo installation”

is created in which at least one of the settings are brought into the respective virtual operating environment at the time the one or more applications executes, and wherein the operating system protection layer comprises a virtual registry that provides a full function registry to each of the one or more applications.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system for creating an application software environment without changing an operating system of a client computer, the system comprising an operating system abstraction and protection layer, wherein said abstraction and protection layer is interposed between a running software application and said operating system, whereby a virtual environment in which an application may run is provided and application level interactions are substantially removed. Preferably, any changes directly to the operating system are selectively made within the context of the running application and the abstraction and protection layer dynamically changes the virtual environment according to administrative settings. Additionally, in certain embodiments, the system continually monitors the use of shared system resources and acts as a service to apply and remove changes to system components. The present thus invention defines an “Operating System Guard.” These components cover the protection semantics required by .DLLs and other shared library code as well as system device drivers, fonts, registries and other configuration items, files, and environment variables.

Citations

18 Claims

1. A system for providing one or more application environments on a client computer, the system comprising:
- an operating system protection layer, executing on an operating system of the client computer, one or more applications executing on said operating system, the operating system protection layer comprising one or more subsystems, wherein said protection layer is provided between one or more applications and said operating system and between each of the one or more applications, wherein the protection layer providing each of the one or more applications with its respective virtual operating environment in which each of the one or more applications execute, wherein said respective virtual operating environment appears to each of the one or more applications to be an installation environment without performing an installation, whereby a “
  
  pseudo installation”
  
  is created in which at least one of the settings are brought into the respective virtual operating environment at the time the one or more applications executes, and wherein the operating system protection layer comprises a virtual registry that provides a full function registry to each of the one or more applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18)
- - 2. The system of claim 1, wherein the operating system protection layer continually monitors the use of shared system resources and mediates at least one of said shared system resources to each of the one or more applications.
  - 3. The system of claim 1, wherein the said operating system is a Windows-based operating system.
  - 4. The system of claim 1, wherein the operating system protection layer intercepts each operating system request whether made by an application executing directly on the operating system or made by said one or more applications in the respective virtual environment.
  - 5. The system of claim 1, wherein said operating system protection layer manages the integration of multiple separate instances of an application.
  - 6. The system of claim 1, wherein the operating system protection layer prevents information on the client computer from interfering or modifying the behavior of each of the one or more applications.
  - 7. The system of claim 1, further comprising an interface for dynamically changing the respective virtual environments during at least one of prior to, during, or post the execution of each of the one or more applications.
  - 8. The system of claim 1, wherein more than one instance of a single application executes on the client computer, and wherein each of said more than one instance of the single application operates with a different configuration than the other instances of the single application.
  - 9. The system of claim 1, wherein the operating system protection layer responds to a request with a resource if said resource is stored within the operating system protection layer, and if not stored, the operating system protection layer allows the request to pass through to the underlying system registry, wherein said resource comprises one or more of said subsystems of the operating system protection layer.
  - 10. The system of claim 9, wherein if an attempt is made to modify the resource, the operating system protection layer allows the modification to occur to the respective appropriate virtual environment only.
  - 11. The system of claim 1, wherein a first of the one or more applications and a second of the one or more applications are two different versions of a same application program.
  - 12. The system of claim 1, wherein the operating system protection layer further comprises a data file, stored in memory coupled to the client computer, the data file containing data and configuration information for providing the one or more virtual environments.
  - 13. The system of claim 1, further comprising a logically protected computing environment under control of the operating system protection layer, the logically protected environment including a substantially duplicative resource corresponding to a system resource needed by at least one of the one or more applications, said duplicative resource allowing the one or more applications to execute without affecting the corresponding system resource.
  - 14. The system of claim 1, wherein each of the respective virtual execution environments are a plurality of logically protected environments for protected operation of a corresponding plurality of applications, each within its own logically protected environment.
  - 17. The system of claim 1, wherein the subsystems comprise one or more of a process manager, a virtual file system manager, a loader, a recovery manager and a virtual environment manager.
  - 18. The system of claim 17, wherein the virtual environment manager comprises one or more of subsystems including configuration, files, shared objects, devices and fonts.

15. A method for executing one or more application programs, comprising:
- providing a computer system having an operating system therein, the operating system having access to and brokering the use of system resources;
  
  executing a protective program on the operating system, the protective program providing a customized logically protected environment for running one or more application programs, wherein said customized logically protected environment appears to each of the one or more application programs to be an installation environment without performing an installation whereby a “
  
  pseudo-installation”
  
  is created in which at least one of the settings are brought into the respective logically protected environment at the time the one or more application programs execute, and wherein the protective program comprises a virtual registry that provides a full function registry to each of the one or more application programs;
  
  executing one or more application programs adapted for use on the operating system in a respective one or more customized logically protected environments;
  
  controlling interactions between the one or more application programs and the operating system it is adapted to run on, including controlling interactions between the one or more application programs and system resources of the computer system and controlling interactions between the one or more application programs; and
  
  servicing at least some requests from the one or more application programs using the protective program without transferring the requests to the underlying operating system.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising installing the one or more application programs in the logically protected environment without permitting the installation to alter the computer system outside the logically protected environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Softricity Inc (Microsoft Corporation)
Inventors
Schaefer, Stuart
Primary Examiner(s)
Thomson, William
Assistant Examiner(s)
Ho, Andy

Application Number

US09/859,209
Publication Number

US 20020174215A1
Time in Patent Office

1,791 Days
Field of Search

709/328, 709/1, 718/1, 718/104, 719/328, 719/329, 719/310, 719/312, 719/313
US Class Current

719/310
CPC Class Codes

G06F 9/54 Interprogram communication

Operating system abstraction and protection layer

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Operating system abstraction and protection layer

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links