System and methods providing secure workspace sessions
First Claim
1. In a computer system operating under control of an operating system having a graphical user interface providing support for displaying one workspace session at a time, a method for providing a logged-in user a simultaneously displayed second workspace session for securely running applications, the method comprising:
- displaying in the graphical user interface of the operating system a first workspace session of the computer system for a currently logged-in user, said first workspace session having a first set of privileges for miming applications under said first workspace session;
while said first workspace session remains active and displayed in the graphical user interface of the operating system, simultaneously displaying in the graphical user interface a second workspace session of the computer system for the currently logged-in user, the second workspace session having a second set of privileges for miming applications under the second workspace session and using a virtual file system and registry that is stored in encrypted form on a file system hosted by the operating system; and
securing said second workspace session so thatapplications running under the second workspace session are protected from applications running on the operating system that are outside the second workspace session,further securing the second workspace session by deleting the virtual file system and registry used by the second workspace session upon termination of the second workspace session,further securing the second workspace session by restricting access to peripheral devices from the second workspace session, so as to secure data created during the second workspace session,further securing the second workspace session by applying one set of firewall rules to applications running in the first workspace session and a second set of firewall rules to applications running in the second workspace session.
1 Assignment
0 Petitions
Accused Products
Abstract
System and methods providing secure workspace sessions is described. In one embodiment a method for providing multiple workspace sessions for securely running applications comprises steps of: initiating a first workspace session on an existing operating system instance running on the computer system, the first workspace session having a first set of privileges for running applications under that session; while the first workspace session remains active, initiating a second workspace session on the existing operating system instance running on the computer system, the second workspace session having a second set of privileges for running applications under the second workplace session; and securing the second workspace session so that applications running under the second workplace session are protected from applications running outside the second workspace session.
51 Citations
32 Claims
-
1. In a computer system operating under control of an operating system having a graphical user interface providing support for displaying one workspace session at a time, a method for providing a logged-in user a simultaneously displayed second workspace session for securely running applications, the method comprising:
-
displaying in the graphical user interface of the operating system a first workspace session of the computer system for a currently logged-in user, said first workspace session having a first set of privileges for miming applications under said first workspace session; while said first workspace session remains active and displayed in the graphical user interface of the operating system, simultaneously displaying in the graphical user interface a second workspace session of the computer system for the currently logged-in user, the second workspace session having a second set of privileges for miming applications under the second workspace session and using a virtual file system and registry that is stored in encrypted form on a file system hosted by the operating system; and securing said second workspace session so that applications running under the second workspace session are protected from applications running on the operating system that are outside the second workspace session, further securing the second workspace session by deleting the virtual file system and registry used by the second workspace session upon termination of the second workspace session, further securing the second workspace session by restricting access to peripheral devices from the second workspace session, so as to secure data created during the second workspace session, further securing the second workspace session by applying one set of firewall rules to applications running in the first workspace session and a second set of firewall rules to applications running in the second workspace session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system that adds support to an existing operating system to allow a user to run software programs in a plurality of simultaneously deployed workspace sessions subject to separate security rules of a security policy, the system comprising:
-
a computer running under an operating system having a graphical user interface initially capable of displaying only a single workspace session at a time; a plurality of software programs for use by users of the computer; a configurable security policy specifying security rules applicable to the software programs; a session manager adding support to the operating system to simultaneously display in the graphical user interface first and second workspace sessions of the computer system for a currently logged-in user, with each of said sessions subject to separate security rules of the security policy and isolated from other workspace sessions, thereby allowing selected software programs to run in a secure manner in a separate and simultaneously displayed workspace session that is subject to separate security rules; and a file system processing engine providing each session a virtual file system stored in encrypted form on a file system hosted by the operating system, and a registry processing engine providing each session a virtual registry stored in encrypted form on the file system hosted by the operating system, wherein each session'"'"'s virtual file system and virtual registry are deleted once that session terminates; wherein the security policy includes peripheral device access rules that restrict access to peripheral devices from the second workspace session, and wherein the security policy includes firewall rules, so as to apply separate firewall rules to software programs running in different workspace sessions. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification