Seamless management of untrusted data using virtual machines
First Claim
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using virtual machines, which when executed by one or more processors, cause:
- in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and
the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file,wherein the policy determines which hardware resources of the client and which software resources of the client, other than said file, are accessible to the virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for managing potentially malicious files using one or more virtual machines. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, a virtual machine, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different virtual machine from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.
115 Citations
30 Claims
-
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using virtual machines, which when executed by one or more processors, cause:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file, wherein the policy determines which hardware resources of the client and which software resources of the client, other than said file, are accessible to the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28)
-
-
26. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using virtual machines, which when executed by one or more processors, cause:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file, wherein the policy determines which resources of the client are accessible to the virtual machine; creating a name space entity for the file that is separate from the file; and in response to receiving an access request for the file through a particular API level, processing the access request by providing the name space entity to the requestor rather than the file.
-
-
27. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using virtual machines, which when executed by one or more processors, cause:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file, wherein the policy determines which resources of the client are accessible to the virtual machine, wherein said file is in a set of files deemed untrustworthy; encrypting said set of files deemed to be untrustworthy; and preventing any of the set of files deemed to be untrustworthy from being decrypted unless the set of files are decrypted within said virtual machine instantiated for that purpose.
-
-
29. A client, comprising:
-
one or more processors; one or more non-transitory storage mediums storing one or more sequences of instructions for managing potentially malicious files using virtual machines, which when executed by the one or more processors, causes; in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file, wherein the policy determines which hardware resources of the client and which software resources of the client, other than said file, are accessible to the virtual machine.
-
-
30. A method for managing potentially malicious files using virtual machines, comprising:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, a virtual machine in which the action is to be performed against the file, wherein the policy determines which hardware resources of the client and which software resources of the client, other than said file, are accessible to the virtual machine.
-
Specification