Method and apparatus for moving processes between isolation environments
First Claim
Patent Images
1. A computer system configured to execute an operating system and at least one isolation environment for isolating access by application programs to native resources provided by the operating system,each isolation environment comprising:
- a first application isolation layer providing a first application isolation scope;
a user isolation layer storing an instance of a native resource, the user isolation layer providing a user isolation scope corresponding to a user; and
a redirector intercepting a request for the native resource made by a process executing on behalf of the user and redirecting the request to the user isolation scope;
the computer system configured to;
(a) monitor a process running in the first isolation layer, determine whether the process is processing a request, and queue requests to the process;
(b) suspend execution of the process in the first isolation layer;
(c) change, using a rules engine, an association of the process from the first application isolation layer to a second application isolation layer, the second application isolation layer providing a second application scope;
(d) change the association of the process form the first application isolation layer to the second application isolation layer in a file system filter driver;
(e) load, by the rules engine, at least one rule associated with the second application isolation layer;
(f) move the process into the second isolation layer; and
(g) resume execution of the process with the second isolation scope.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.
-
Citations
12 Claims
-
1. A computer system configured to execute an operating system and at least one isolation environment for isolating access by application programs to native resources provided by the operating system,
each isolation environment comprising: -
a first application isolation layer providing a first application isolation scope; a user isolation layer storing an instance of a native resource, the user isolation layer providing a user isolation scope corresponding to a user; and a redirector intercepting a request for the native resource made by a process executing on behalf of the user and redirecting the request to the user isolation scope; the computer system configured to; (a) monitor a process running in the first isolation layer, determine whether the process is processing a request, and queue requests to the process; (b) suspend execution of the process in the first isolation layer; (c) change, using a rules engine, an association of the process from the first application isolation layer to a second application isolation layer, the second application isolation layer providing a second application scope; (d) change the association of the process form the first application isolation layer to the second application isolation layer in a file system filter driver; (e) load, by the rules engine, at least one rule associated with the second application isolation layer; (f) move the process into the second isolation layer; and (g) resume execution of the process with the second isolation scope. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification