Automated identification of virtual machines to process or receive untrusted data based on client policies

US 9,110,701 B1
Filed: 01/31/2014
Issued: 08/18/2015
Est. Priority Date: 05/25/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed, cause:

in response to a client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and

the client storing the digital content in the identified one or more virtual machines.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

100 Citations

22 Claims

1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed, cause:
- in response to a client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and
  
  the client storing the digital content in the identified one or more virtual machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The non-transitory computer readable storage medium of claim 1, wherein the digital content comprises executable code or interpreted code.
  - 3. The non-transitory computer readable storage medium of claim 1, wherein the digital content comprises non-executable, interpreted data.
  - 4. The non-transitory computer readable storage medium of claim 1, wherein at least a portion of the policy data, used in identifying the one or more virtual machines, is obtained from a remote server after the client determines that the digital content is to be received or processed.
  - 5. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a placement policy, a containment policy, and a persistence policy, and wherein one or more of the placement policy, the containment policy, and the persistence policy consider a historical record of use for the client in identifying the one or more virtual machines.
  - 6. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a placement policy, a containment policy, a persistence policy, and wherein one or more of the placement policy, the containment policy, and the persistence policy consider a current physical location of the client or to which networks the client currently has access in identifying the one or more virtual machines.
  - 7. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a placement policy, a containment policy, and a persistence policy, wherein the placement policy identifies a particular virtual machine into which the digital content is to be stored, wherein the containment policy identifies what network resources and client resources the particular virtual machine can access, and wherein the persistence policy identifies whether data stored in the particular virtual machine is persistently stored.
  - 8. The non-transitory computer readable storage medium of claim 7, wherein the one or more policies includes a placement policy that identifies the particular virtual machine into which the digital content is to be stored by observing application dependencies.
  - 9. The non-transitory computer readable storage medium of claim 7, wherein the one or more policies includes a placement policy that identifies a plurality of classes of virtual machines, wherein each class of the plurality of classes is associated with a different trust level for external sources of digital content, and wherein code executing in the particular virtual machine cannot access external sources associated with less trustworthy external sources of digital content.
  - 10. The non-transitory computer readable storage medium of claim 7, wherein the one or more policies includes a placement policy that specifies that the digital content should be stored by a virtual machine that has not yet been instantiated, and wherein the policy data identifies a template for use in instantiating the particular virtual machine, and wherein the template describes characteristics of a virtual machine suitable for executable code originating from the external source.
  - 11. The non-transitory computer readable storage medium of claim 1, wherein the digital content originates from a web site, and wherein the digital content is a web page to be displayed in a new tab of a web browser executing in a first virtual machine on the client, and wherein the policy data specifies that the digital content is to be stored by a second virtual machine separate from the first virtual machine, and wherein the second virtual machine should execute a copy of the web browser to display the web page in the new tab of the web browser.
  - 12. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that considers one or more of the following factors:
    - an identity of the user of the client, a set of properties of the digital content, a physical location of the client, the current time, a holiday schedule, and a set of administrator-specified policy rules.
  - 13. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that specifies that code executing within the one or more virtual machines may access a first set of network resources and may not access a second set of network resources.
  - 14. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that identifies whether code executing in a particular virtual machine can access a USB port on the client or a network to which the client is connected.
  - 15. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that identifies whether code executing in a particular virtual machine can perform a copy operation or a paste operation.
  - 16. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that identifies whether code executing in a particular virtual machine can access a GPS device of the client, location information for the client, or tilt information for the client.
  - 17. The non-transitory computer readable storage medium of claim 1, wherein the one or more policies includes a containment policy that identifies whether code executing in a particular virtual machine can access a printer or facsimile machine to which the client is connected or a digital camera or screen data for the client.
  - 18. The non-transitory computer readable storage medium of claim 1, wherein the digital content is an attachment, and wherein the one or more policies includes a containment policy that instructs that a particular virtual machine, in which the digital content is to be received, should not have access to any network accessible to the client.
  - 19. The non-transitory computer readable storage medium of claim 1, wherein the digital content is executable code, and wherein the execution of the one or more sequences of instructions further causes:
    - upon the executable code requesting access to a user file, preventing the executable code from accessing the user file without obtaining a user'"'"'s permission to allow the executable code to access the user file.
  - 20. The non-transitory computer readable storage medium of claim 1, wherein execution of the one or more sequences of instructions further causes:
    - at a plurality of virtual machines executing at the client, generating visual content to be displayed by the client; and
      
      presenting the visual content generated from each of the plurality of virtual machines in a unified manner to present a single, cohesive presentation to a user of the client.

21. A client, comprising:
- one or more processors;
  
  one or more storage mediums storing one or more sequences of instructions, which when executed by the one or more processors, causes;
  
  in response to the client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and
  
  the client storing the digital content in the identified one or more virtual machines.

22. A method for transferring data to a client, comprising:
- in response to the client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and
  
  the client storing the digital content in the identified one or more virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Bromium (HP Inc.)
Inventors
Banga, Gaurav, Bondalapati, Kiran, Pratt, Ian, Kapoor, Vikram
Primary Examiner(s)
Puente, Emerson
Assistant Examiner(s)
WU, BENJAMIN C

Application Number

US14/170,281
Time in Patent Office

564 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5077   Logical partitioning of res...

Automated identification of virtual machines to process or receive untrusted data based on client policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Automated identification of virtual machines to process or receive untrusted data based on client policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links