On-demand disposable virtual work system
First Claim
1. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
- receive a program execution request to run a program on a host operating system;
permit the program to execute on the host operating system and outside a virtual machine if a program permissions list, associated with the host operating system, indicates that the program has permission to execute on the host operating system and outside a virtual machine; and
if the program permissions list indicates that the program does not have permission to execute on the host operating system and outside a virtual machine;
deny execution of the program on the host operating system outside a virtual machine;
associate a guest virtual machine with the program based on a type of the program; and
send the program execution request to the guest virtual machine associated with the program such that the guest virtual machine executes the program;
authenticate a file access system call received from the program, using an authentication module within the guest virtual machine; and
redirect the file access system call to a secure virtual file access server, if the file access system call is authenticated.
4 Assignments
0 Petitions
Accused Products
Abstract
An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.
-
Citations
29 Claims
-
1. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
-
receive a program execution request to run a program on a host operating system; permit the program to execute on the host operating system and outside a virtual machine if a program permissions list, associated with the host operating system, indicates that the program has permission to execute on the host operating system and outside a virtual machine; and if the program permissions list indicates that the program does not have permission to execute on the host operating system and outside a virtual machine; deny execution of the program on the host operating system outside a virtual machine; associate a guest virtual machine with the program based on a type of the program; and send the program execution request to the guest virtual machine associated with the program such that the guest virtual machine executes the program; authenticate a file access system call received from the program, using an authentication module within the guest virtual machine; and redirect the file access system call to a secure virtual file access server, if the file access system call is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
a virtual machine monitor implemented in at least one of a memory or a processing device, the virtual machine monitor configured to host a plurality of virtual machines on a physical computing machine; a program permissions list, associated with a host operating system, configured to store a list of program identifiers; a request handler module configured to; receive a program execution request to run a program on the host operating system; permit the program to execute on the host operating system and outside a virtual machine if the program permissions list, associated with the host operating system, indicates that the program has permission to execute on the host operating system and outside a virtual machine; and if the program permissions list indicates that the program does not have permission to execute on the host operating system and outside a virtual machine; deny program execution on the host operating system outside a virtual machine; and send the program execution request to a guest virtual machine from the plurality of virtual machines and associated with the program such that the guest virtual machine executes the program; and a virtual machine pool manager configured to associate the guest virtual machine from the plurality of virtual machines with the program based on a type of the program if the program permissions list indicates that the program does not have permission to execute on the host operating system and outside a virtual machine, the virtual machine pool manager configured to perform at least one of; define at least one virtual machine from the plurality of virtual machines; put at least one virtual machine from the plurality of virtual machines to sleep; assign a program execution request to at least one virtual machine from the plurality of virtual machines; terminate at least one virtual machine from the plurality of virtual machines; wake-up at least one virtual machine from the plurality of virtual machines; receive program execution requests from the request handler module; respond to a program execution request from the request handler module; receive a program execution request from at least one guest virtual machine from the plurality of virtual machines;
orrespond to a program execution request from a guest request handler module. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus, comprising:
-
a virtual machine monitor implemented in at least one of a memory or a processing device, the virtual machine monitor configured to host a plurality of virtual machines on a physical computing machine; a program permissions list, associated with a host operating system, configured to store a first list of program identifiers; and a request handler module configured to; receive a program execution request to run a first program on the host operating system; permit the first program to execute on the host operating system and outside a virtual machine if the program permissions list, associated with the host operating system, indicates that the first program has permission to execute on the host operating system and outside a virtual machine; and if the program permissions list indicates that the first program does not have permission to execute on the host operating system and outside a virtual machine; deny program execution on the host operating system outside a virtual machine; associate a guest virtual machine from the plurality of virtual machines with the first program, based on a type of the first program; and send the program execution request to the guest virtual machine associated with the first program such that the guest virtual machine executes the first program, the guest virtual machine including; a guest program permissions list configured to store a second list of program identifiers; a guest request handler module configured to; receive a program execution request to run a second program on the guest virtual machine; allow execution of the second program on the guest virtual machine, if the guest program permissions list indicates that the second program has permission to execute on the guest virtual machine; and deny execution of the second program if the guest program permissions list indicates that the program does not have permission to execute on the guest virtual machine. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification