Automated identification of virtual machines to process or receive untrusted data based on client policies
First Claim
1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed, cause:
- in response to a client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and
the client storing the digital content in the identified one or more virtual machines.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.
-
Citations
22 Claims
-
1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed, cause:
-
in response to a client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and the client storing the digital content in the identified one or more virtual machines. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A client, comprising:
-
one or more processors; one or more storage mediums storing one or more sequences of instructions, which when executed by the one or more processors, causes; in response to the client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and the client storing the digital content in the identified one or more virtual machines.
-
-
22. A method for transferring data to a client, comprising:
-
in response to the client determining that digital content is to be received or processed by the client, the client consulting policy data to determine one or more policies for use by the client in identifying one or more virtual machines into which the digital content is to be stored, wherein the one or more policies specify how long each of the one or more virtual machines are to be persisted, which resources of the client each of the one or more virtual machines may access, and that the one or more virtual machines can each only access a limited subset of metadata properties of a client resource or a network resource; and the client storing the digital content in the identified one or more virtual machines.
-
Specification