Method and system for controlling inter-zone communication
First Claim
1. A method for executing a target program, comprising:
- opening, by a hardware processor and in response to a request from a source program, a door between a source container and a global container,wherein the source container is controlled by the global container,wherein the request specifies a target program, andwherein the source container comprises the source program;
sending the request to an access module located in the global container using the door;
verifying, by the hardware processor, that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container;
logging in to the target container after the request has been verified;
initiating a gateway within the target container in response to the login;
setting an execution context of the gateway based on the policy definition; and
executing the target program by the hardware processor, using the execution context, to generate a response to the request,wherein the global container is executed by an operating system,wherein the global container comprises the source container, the target container, the door, and the access module,wherein the global container, the source container, and the target container are isolated execution environments, andwherein the door is an inter-process communication mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for executing a target program that includes opening, in response to a request, a door between the source container and the global container, where the source container is controlled by the global container and the request specifies a target program. The method further includes sending the request to an access module located in the global container using the door, verifying that the request can be executed in a target container using a policy definition, where the target program is in the target container and the target container is controlled by the global container, logging in to the target container after the request has been verified, initiating a gateway within the target container in response to the login, setting an execution context of the gateway based on the policy definition, and executing the target program by the gateway, using the execution context, to generate a response to the request.
14 Citations
20 Claims
-
1. A method for executing a target program, comprising:
-
opening, by a hardware processor and in response to a request from a source program, a door between a source container and a global container, wherein the source container is controlled by the global container, wherein the request specifies a target program, and wherein the source container comprises the source program; sending the request to an access module located in the global container using the door; verifying, by the hardware processor, that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container; logging in to the target container after the request has been verified; initiating a gateway within the target container in response to the login; setting an execution context of the gateway based on the policy definition; and executing the target program by the hardware processor, using the execution context, to generate a response to the request, wherein the global container is executed by an operating system, wherein the global container comprises the source container, the target container, the door, and the access module, wherein the global container, the source container, and the target container are isolated execution environments, and wherein the door is an inter-process communication mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable medium comprising executable instructions to perform a method when executed by a processor, the method comprising:
-
opening, in response to a request from a source program, a door between a source container and a global container, wherein the source container is controlled by the global container, wherein the request specifies a target program, and wherein the source container comprises the source program; sending the request to an access module located in the global container using the door; verifying that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container; logging in to the target container after the request has been verified; initiating a gateway within the target container in response to the login; setting an execution context of the gateway based on the policy definition; and executing the target program, using the execution context, to generate a response to the request, wherein the global container is executed by an operating system, wherein the global container comprises the source container, the target container, the door, and the access module, wherein the global container, the source container, and the target container are isolated execution environments, and wherein the door is an inter-process communication mechanism. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
a hardware platform comprising a processor; an operating system executing on the hardware platform; and a global container executing on the operating system, wherein the global container comprises a first container, a second container, a door, and an access module, wherein the second container comprises a target program, wherein the first container comprises a source program configured to send a request for the target program to the access module via the door, wherein the access module, using a policy definition, is configured to enable the target program to process the request, wherein the policy definition comprises at least one selected from a group consisting of a program definition and an entity definition, wherein the global container, the first container, and the second container are isolated execution environments, and wherein the door is an inter-process communication mechanism.
-
Specification