Operating system-wide sandboxing via switchable user skins
First Claim
1. In a data processing system having a base system with one or more system drives on which is provided a base operating system (BOS), base program applications, files and data, a method comprising:
- installing a system-wide skin over the base system, said system-wide skin logically covering the one or more system drives of the base system, wherein said installing of the system-wide skin comprises;
dynamically detecting a presence of a skin media having an associated skin drive during a boot up of the data processing system;
changing a value of a device driver pointer of a basic input output system (BIOS) of the data processing system to point to the skin drive rather than the system drive, wherein all accesses addressed to the system drive are automatically redirected to the skin drive; and
initializing said base system as a read only level when said skin media is detected, wherein said system-wide skin is utilized for all write access on said data processing system;
enabling piecemeal setup of the system-wide skin during boot-up of the data processing system, such that privilege levels for reading, writing, and hiding applications, files, data, and directories are provided on a per directory and per skin basis, wherein a user may exercise finer control on the operating environment;
wherein said skin media is one of (1) a logical partition of the system drive that is hidden from a systems view of available drives and (2) a removable media; and
the method further includes enabling portability of the system-wide skin on the removable media;
wherein said one or more system drives includes a plurality of system and other non-system drives of the data processing system, and said installing provides a system-wide skin overlay of all drives on the data processing system;
completing all operations performed on the data processing system within the system-wide skin, including BOS-level operations, wherein the base system is not affected by updates and installations made to the data processing system while said system-wide skin is in place, wherein the completing of all operations comprises;
reading all requests for data from the system-wide skin when the data is available at the system level skin;
reading the request for data from a lower level skin or said base system only when the data is not available at the current-level of system-wide skin; and
performing all writing of new data and updates to existing data at the system-wide skin, wherein said base system is read only while said system-wide skin is present;
wherein said system-wide skin is a first level skin, and said method includes enabling installation of one or more additional levels of system-wide skins on top of a first-level skin, wherein each level skin is a complete system-wide skin that supersedes a level below for performing all write accesses on the data processing system;
wherein said system-wide skin includes skin-level OS functionality and skin-level applications and data, and the method includes installing said system-wide skin as a complete operating environment over the base system having a specific functionality provided by the skin-level applications, by;
(a)overriding BOS functionality with skin-level OS functionality;
(b) installing said skin-level applications; and
(c) suppressing execution of base system applications,booting up said data processing system with the base system; and
when a BIOS discovers a system level skin during the boot-up process;
executing code for subsequently overlaying the system-wide skin over the base system during said booting up;
enabling direct access to the said system-wide skin following said booting up without making said system-wide skin visible within the BOS system view; and
enabling user override of the visibility of the skin drive to provide said skin drive as another drive of the data processing system within the BOS system view.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system that provides a pass through block device that is utilized to redirect all the writes bound to the system drive(s) to an overlay skin device. Reads are performed on overlay device contents and the overlay device contents take precedence over the contents of the base device. Applications of a particular theme may be installed on the overlay device. The overlay device is provided on a removable media and thus allows for creation of a set of exchangeable skins. Nested overlays are utilized to create separation of the OS data, application data, and user data. Switchable user skins enable writes into overlays and allow a user to create operating environments which can be utilized to change the use of a computer system. Since the overlays are provided on a removable media, the user only needs to substitute the overlay to switch the user'"'"'s operating environment.
16 Citations
1 Claim
-
1. In a data processing system having a base system with one or more system drives on which is provided a base operating system (BOS), base program applications, files and data, a method comprising:
-
installing a system-wide skin over the base system, said system-wide skin logically covering the one or more system drives of the base system, wherein said installing of the system-wide skin comprises; dynamically detecting a presence of a skin media having an associated skin drive during a boot up of the data processing system; changing a value of a device driver pointer of a basic input output system (BIOS) of the data processing system to point to the skin drive rather than the system drive, wherein all accesses addressed to the system drive are automatically redirected to the skin drive; and initializing said base system as a read only level when said skin media is detected, wherein said system-wide skin is utilized for all write access on said data processing system; enabling piecemeal setup of the system-wide skin during boot-up of the data processing system, such that privilege levels for reading, writing, and hiding applications, files, data, and directories are provided on a per directory and per skin basis, wherein a user may exercise finer control on the operating environment; wherein said skin media is one of (1) a logical partition of the system drive that is hidden from a systems view of available drives and (2) a removable media; and
the method further includes enabling portability of the system-wide skin on the removable media;wherein said one or more system drives includes a plurality of system and other non-system drives of the data processing system, and said installing provides a system-wide skin overlay of all drives on the data processing system; completing all operations performed on the data processing system within the system-wide skin, including BOS-level operations, wherein the base system is not affected by updates and installations made to the data processing system while said system-wide skin is in place, wherein the completing of all operations comprises; reading all requests for data from the system-wide skin when the data is available at the system level skin; reading the request for data from a lower level skin or said base system only when the data is not available at the current-level of system-wide skin; and performing all writing of new data and updates to existing data at the system-wide skin, wherein said base system is read only while said system-wide skin is present; wherein said system-wide skin is a first level skin, and said method includes enabling installation of one or more additional levels of system-wide skins on top of a first-level skin, wherein each level skin is a complete system-wide skin that supersedes a level below for performing all write accesses on the data processing system; wherein said system-wide skin includes skin-level OS functionality and skin-level applications and data, and the method includes installing said system-wide skin as a complete operating environment over the base system having a specific functionality provided by the skin-level applications, by;
(a)overriding BOS functionality with skin-level OS functionality;
(b) installing said skin-level applications; and
(c) suppressing execution of base system applications,booting up said data processing system with the base system; and when a BIOS discovers a system level skin during the boot-up process;
executing code for subsequently overlaying the system-wide skin over the base system during said booting up;
enabling direct access to the said system-wide skin following said booting up without making said system-wide skin visible within the BOS system view; and
enabling user override of the visibility of the skin drive to provide said skin drive as another drive of the data processing system within the BOS system view.
-
Specification