Restricted transmogrifying driver platform
First Claim
1. A method implemented by a computing device, the method comprising:
- obtaining a transmogrifying driver contained in a driver package having a designated format associated with a driver security platform;
recognizing the designated format of the driver package upon installation based at least in part on identifying data included with the driver package;
in response to said recognizing, registering the transmogrifying driver with the driver security platform implemented by the computing device;
instantiating a restricted execution environment for the transmogrifying driver via the driver security platform; and
executing the transmogrifying driver within the restricted execution environment to perform one or more tasks at the direction of the driver security platform.
3 Assignments
0 Petitions
Accused Products
Abstract
A restricted transmogrifying driver platform is described herein. In one or more implementations, a platform is provided that enables a restricted execution environment for virtual private network (VPN) drivers and other transmogrifying drivers. The platform may be implemented as an operating system component that exposes an interface through which drivers may register with the platform and be invoked to perform functions supported by the platform. The restricted execution environment places one or more restrictions upon transmogrifying drivers that operate via the platform. For instance, execution may occur in user mode on a per-user basis and within a sandbox. Further, the platform causes associated drivers to run as background processes with relatively low privileges. Further, the platform may suspend the drivers and control operations of the driver by scheduling of background tasks. Accordingly, exposure of the transmogrifying drivers to the system is controlled and limited through the platform.
14 Citations
20 Claims
-
1. A method implemented by a computing device, the method comprising:
-
obtaining a transmogrifying driver contained in a driver package having a designated format associated with a driver security platform; recognizing the designated format of the driver package upon installation based at least in part on identifying data included with the driver package; in response to said recognizing, registering the transmogrifying driver with the driver security platform implemented by the computing device; instantiating a restricted execution environment for the transmogrifying driver via the driver security platform; and executing the transmogrifying driver within the restricted execution environment to perform one or more tasks at the direction of the driver security platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more computer-readable storage media storing instructions that, when executed by one or more components of a computing device, implement a driver security platform configured to perform operations including:
-
obtaining a transmogrifying driver transmogrifying driver contained in a driver package having a designated format associated with a driver security platform; recognizing an association of the transmogrifying driver with the driver security platform based at least in part on identifying data included with the driver package; in response to said recognizing, ascertaining a set of tasks enabled for the transmogrifying driver through the driver security platform; establishing an execution environment that restricts operation of the transmogrifying driver to the set of tasks that are enabled through the driver security platform; and controlling operation of the transmogrifying driver through the execution environment that restricts operation of the transmogrifying driver to the set of tasks that are enabled. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computing system comprising:
-
one or more processing components; one or more computer-readable storage media storing instructions that, when executed by the one or more processing components, implement a driver security platform that restricts operation of at least one VPN driver including; a driver manager module to; obtain the VPN driver over a network from an application store of a service provider, the VPN driver contained in a driver package having a designated format associated with the driver security platform; recognize the designated format of the driver package upon installation based at least in part on identifying data included with the driver package including an identifier, code, or file extension; in response to said recognizing, establish an application container to contain the VPN driver that is executed in user mode on a per-user basis and assigned a low privilege token configured to prevent system access except with respect to a defined set of tasks that are explicitly enabled for the VPN driver by the driver security platform; a background manager to; instantiate a background process for the application container that contains the VPN driver; handle scheduling of the defined set of tasks via the background process; and suspended the background process other than when the defined set of tasks are being performed at the direction of the driver manager module; and an event broker to produce events to broker interaction between the VPN driver and system services to perform tasks that are scheduled via the background manager module. - View Dependent Claims (19, 20)
-
Specification