Systems and methods for double hulled virtualization operations
First Claim
1. A method for storing and processing data, comprising:
- providing an operating system (OS) virtualization running on a processor and having a plurality of containers, one or more containers preventing privilege escalation by a user to an administrator of a global zone running the OS virtualization;
providing a hardware virtual machine (HVM) for the user, the HVM encapsulated in one of the one or more containers;
limiting access by the user associated with the HVM to the one of the one or more containers encapsulating the HVM; and
limiting operations of the user within the one of the one or more containers to instantiating another HVM.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for storing and processing data includes providing an operating system (OS) virtualization running on a processor and having a plurality of containers. Each container may prevent privilege escalation by a user to an administrator of a global zone running the OS virtualization. The method may also include providing a hardware virtual machine (HVM) for the user, the HVM encapsulated in one of the containers. A system for storing and processing data is provided that includes an operating system (OS) virtualization stored in a memory and running on a processor. The OS virtualization has a plurality of containers, and each container prevents privilege escalation by a user to an administrator of a global zone running the OS virtualization. The HVM may be encapsulated in one of the containers. A non-transitory computer readable storage medium having a program recorded thereon is provided.
-
Citations
18 Claims
-
1. A method for storing and processing data, comprising:
-
providing an operating system (OS) virtualization running on a processor and having a plurality of containers, one or more containers preventing privilege escalation by a user to an administrator of a global zone running the OS virtualization; providing a hardware virtual machine (HVM) for the user, the HVM encapsulated in one of the one or more containers; limiting access by the user associated with the HVM to the one of the one or more containers encapsulating the HVM; and limiting operations of the user within the one of the one or more containers to instantiating another HVM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for storing and processing data, comprising:
-
an operating system (OS) virtualization stored in a memory and running on a processor, the OS virtualization having a plurality of containers, one or more containers preventing privilege escalation by a user to an administrator of a global zone running the OS virtualization; a hardware virtual machine (HVM) for the user, the HVM encapsulated in one of the one or more containers; wherein; access by the user associated with the HVM is limited to the one of the one or more containers encapsulating the HVM; and operations of the user within the one of the one or more containers are limited to instantiating another HVM. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium having a program recorded thereon, the program when executed causing a computer to perform a method for storing and processing data, the method comprising:
-
providing an operating system (OS) virtualization having a plurality of containers, one or more containers preventing privilege escalation by a user to an administrator of a global zone running the OS virtualization; providing a hardware virtual machine (HVM) for the user, the HVM encapsulated in one of the one or more containers; eliminating code paths directed from within the one of the one or more containers to outside the one of the one or more containers; limiting access by the user associated with the HVM to the one of the one or more containers encapsulating the HVM; and limiting operations of the user within the one of the one or more containers to instantiating another HVM. - View Dependent Claims (18)
-
Specification