Facilitating user interaction with multiple domains while preventing cross-domain transfer of data

US 9,335,886 B2
Filed: 03/13/2013
Issued: 05/10/2016
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating user interaction with multiple domains in which applications execute, the method comprising:

providing a compositioning domain executing on a processor as a guest machine above a hypervisor, the compositioning domain to facilitate interaction between a user and at least two domains in which applications execute, the at least two domains executing as separate execution environments for executing their respective applications, wherein the compositioning domain facilitates interaction between the user and the at least two domains in a secure manner preventing cross-domain transfer of data, and wherein the facilitating interaction comprises;

obtaining by the compositioning domain pixel information from the at least two domains via one or more read-only communication paths that are read-only from the compositioning domain to the at least two domains, the obtained pixel information comprising at least some pixel information from each domain of the at least two domains, wherein pixel information obtained from one domain of the at least two domains differs from pixel information obtained from another domain of the at least two domains;

providing a user interface to the user, the providing comprising providing a display buffer of the compositioning domain, the display buffer comprising the obtained pixel information including the at least some pixel information from each domain of the at least two domains for simultaneous display of the at least some pixel information from each domain of the at least two domains to the user; and

maintaining an in-focus domain state indicating which domain of the at least two domains is currently in-focus, wherein user input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state, absent transferring the user input to the compositioning domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User interaction with multiple domains is facilitated while preventing cross-domain transfer of data from those domains. A compositioning domain facilitates this interaction in a secure manner in which cross-domain transfer of data is prevented. This includes obtaining pixel information from the domains via one or more read-only communication paths, providing a user interface to the user, which includes providing a display buffer including at least some of the pixel information obtained from each domain of the domains for display to the user, and maintaining an in-focus domain state. The in-focus domain state indicates which domain of the domains is currently in-focus. User input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state absent transfer of the user input to the compositioning domain.

Citations

25 Claims

1. A method for facilitating user interaction with multiple domains in which applications execute, the method comprising:
- providing a compositioning domain executing on a processor as a guest machine above a hypervisor, the compositioning domain to facilitate interaction between a user and at least two domains in which applications execute, the at least two domains executing as separate execution environments for executing their respective applications, wherein the compositioning domain facilitates interaction between the user and the at least two domains in a secure manner preventing cross-domain transfer of data, and wherein the facilitating interaction comprises;
  
  obtaining by the compositioning domain pixel information from the at least two domains via one or more read-only communication paths that are read-only from the compositioning domain to the at least two domains, the obtained pixel information comprising at least some pixel information from each domain of the at least two domains, wherein pixel information obtained from one domain of the at least two domains differs from pixel information obtained from another domain of the at least two domains;
  
  providing a user interface to the user, the providing comprising providing a display buffer of the compositioning domain, the display buffer comprising the obtained pixel information including the at least some pixel information from each domain of the at least two domains for simultaneous display of the at least some pixel information from each domain of the at least two domains to the user; and
  
  maintaining an in-focus domain state indicating which domain of the at least two domains is currently in-focus, wherein user input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state, absent transferring the user input to the compositioning domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 25)
- - 2. The method of claim 1, wherein the compositioning domain obtains the pixel information from a respective display buffer of each domain of the at least two domains via the one or more read-only communication paths.
  - 3. The method of claim 2, wherein obtaining the pixel information comprises extracting first pixel information of one or more graphical user interface windows of the first domain from the display buffer of the first domain and extracting second pixel information of one or more graphical user interface windows of the second domain from the display buffer of the second domain.
  - 4. The method of claim 3, wherein providing the user interface further comprises providing at least some of the first extracted pixel information and at least some of the second extracted pixel information to the display buffer of the compositioning domain for simultaneous output thereof to the user via at least one display device.
  - 5. The method of claim 2, wherein providing the user interface further comprises adding pixel information to the obtained pixel information from the at least two domains, wherein the added pixel information adds pixels to the display buffer of the compositioning domain to identify the window from the first domain as being from the first domain, and to identify the window from the second domain as being from the second domain.
  - 6. The method of claim 1, wherein maintaining the in-focus domain state comprises monitoring the user input from the user to detect interaction with pixels from a domain other than the in-focus domain, and wherein, based on detecting interaction with pixels from the other domain, the compositioning domain switches focus to the other domain as the in-focus domain.
  - 7. The method of claim 6, wherein, based on the switch in focus to the other domain as the in-focus domain, user input from the user is provided by the user input handler directly to the other domain.
  - 8. The method of claim 1, wherein the compositioning domain executes as one guest machine above the hypervisor and the at least two domains execute as at least two additional guest machines above the hypervisor separate from the one guest machine.
  - 9. The method of claim 8, wherein the user input handler is of a component of the hypervisor.
  - 10. The method of claim 8, wherein the hypervisor prevents write access for the one guest machine to the at least two additional guest machines by indicating that memory pages of each guest machine of the at least two additional guest machines are read-only by the one guest machine.
  - 11. The method of claim 10, wherein the user input is directly provided to the guest machine of the in-focus domain, and wherein, based on preventing the write access to the at least two additional guest machines, and based on directly providing the user input to the guest machine of the in-focus domain, transfer of data between the at least two additional guest machines is prevented.
  - 25. The method of claim 1, wherein guest machine memory pages of the at least two domains, the guest memory pages being accessible to the compositioning domain, are read-only for the compositioning domain, thereby preventing transfer of data from the compositioning domain to any of the at least two domains, to facilitate the interaction between the user and the at least two domains in the secure manner in which cross-domain transfer of data is prevented.

12. A system for facilitating user interaction with multiple domains in which applications execute, the system comprising:
- a memory; and
  
  a processor in communication with the memory, wherein the system is configured to perform a method comprising;
  
  providing a compositioning domain executing on a processor as a guest machine above a hypervisor, the compositioning domain to facilitate interaction between a user and at least two domains in which applications execute, the at least two domains executing as separate execution environments for executing their respective applications, wherein the compositioning domain facilitates interaction between the user and the at least two domains in a secure manner preventing cross-domain transfer of data, and wherein the facilitating interaction comprises;
  
  obtaining by the compositioning domain pixel information from the at least two domains via one or more read-only communication paths that are read-only from the compositioning domain to the at least two domains, the obtained pixel information comprising at least some pixel information from each domain of the at least two domains, wherein pixel information obtained from one domain of the at least two domains differs from pixel information obtained from another domain of the at least two domains;
  
  providing a user interface to the user, the providing comprising providing a display buffer of the compositioning domain, the display buffer comprising the obtained pixel information including the at least some pixel information from each domain of the at least two domains for simultaneous display of the at least some pixel information from each domain of the at least two domains to the user; and
  
  maintaining an in-focus domain state indicating which domain of the at least two domains is currently in-focus, wherein user input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state, absent transferring the user input to the compositioning domain.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, wherein the compositioning domain obtains the pixel information from a respective display buffer of each domain of the at least two domains via the one or more read-only communication paths.
  - 14. The system of claim 13, wherein obtaining the pixel information comprises extracting first pixel information of one or more graphical user interface windows of the first domain from the display buffer of the first domain and extracting second pixel information of one or more graphical user interface windows of the second domain from the display buffer of the second domain, and wherein providing the user interface further comprises providing at least some of the first extracted pixel information and at least some of the second extracted pixel information to the display buffer of the compositioning domain for simultaneous output thereof to the user via at least one display device.
  - 15. The method of claim 13, wherein providing the user interface further comprises adding pixel information to the obtained pixel information from the at least two domains, wherein the added pixel information adds pixels to the display buffer of the compositioning domain to identify the window from the first domain as being from the first domain, and to identify the window from the second domain as being from the second domain.
  - 16. The system of claim 12, wherein maintaining the in-focus domain state comprises monitoring the user input from the user to detect interaction with pixels from a domain other than the in-focus domain, wherein, based on detecting interaction with pixels from the other domain, the compositioning domain switches focus to the other domain as the in-focus domain, and wherein, based on the switch in focus to the other domain as the in-focus domain, user input from the user is provided by the user input handler directly to the other domain.
  - 17. The system of claim 12, wherein the compositioning domain executes as one guest machine above the hypervisor and wherein the at least two domains execute as at least two additional guest machines above the hypervisor separate from the one guest machine.
  - 18. The system of claim 17, wherein the hypervisor prevents write access for the one guest machine to the at least two additional guest machines by indicating that memory pages of each guest machine of the at least two additional guest machines are read-only by the one guest machine, wherein the user input is directly provided to the guest machine of the in-focus domain, and wherein, based on preventing the write access to the at least two additional guest machines, and based on directly providing the user input to the guest machine of the in-focus domain, transfer of data between the at least two additional guest machines is prevented.

19. A computer program product comprising:
- a non-transitory storage medium storing program instructions readable by a processor for execution to perform a method comprising;
  
  providing a compositioning domain executing on a processor as a guest machine above a hypervisor, the compositioning domain to facilitate interaction between a user and at least two domains in which applications execute, the at least two domains executing as separate execution environments for executing their respective applications, wherein the compositioning domain facilitates interaction between the user and the at least two domains in a secure manner preventing cross-domain transfer of data, and wherein the facilitating interaction comprises;
  
  obtaining by the compositioning domain pixel information from the at least two domains via one or more read-only communication paths that are read-only from the compositioning domain to the at least two domains, the obtained pixel information comprising at least some pixel information from each domain of the at least two domains, wherein pixel information obtained from one domain of the at least two domains differs from pixel information obtained from another domain of the at least two domains;
  
  providing a user interface to the user, the providing comprising providing a display buffer of the compositioning domain, the display buffer comprising the obtained pixel information including the at least some pixel information from each domain of the at least two domains for simultaneous display of the at least some pixel information from each domain of the at least two domains to the user; and
  
  maintaining an in-focus domain state indicating which domain of the at least two domains is currently in-focus, wherein user input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state, absent transferring the user input to the compositioning domain.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer program product of claim 19, wherein the compositioning domain obtains the pixel information from a respective display buffer of each domain of the at least two domains via the one or more read-only communication paths.
  - 21. The computer program product of claim 20, wherein obtaining the pixel information comprises extracting first pixel information of one or more graphical user interface windows of the first domain from the display buffer of the first domain and extracting second pixel information of one or more graphical user interface windows of the second domain from the display buffer of the second domain, and wherein providing the user interface further comprises providing at least some of the first extracted pixel information and at least some of the second extracted pixel information to the display buffer of the compositioning domain for simultaneous output thereof to the user via at least one display device.
  - 22. The computer program product of claim 20, wherein providing the user interface further comprises adding pixel information to the obtained pixel information from the at least two domains, wherein the added pixel information adds pixels to the display buffer of the compositioning domain to identify the window from the first domain as being from the first domain, and to identify the window from the second domain as being from the second domain.
  - 23. The computer program product of claim 19, wherein maintaining the in-focus domain state comprises monitoring the user input from the user to detect interaction with pixels from a domain other than the in-focus domain, wherein, based on detecting interaction with pixels from the other domain, the compositioning domain switches focus to the other domain as the in-focus domain, and wherein, based on the switch in focus to the other domain as the in-focus domain, user input from the user is provided by the user input handler directly to the other domain.
  - 24. The computer program product of claim 19, wherein the compositioning domain executes as one guest machine above the hypervisor and the at least two domains execute as at least two additional guest machines above the hypervisor separate from the one guest machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assured Information Security, Inc.
Original Assignee
Assured Information Security, Inc.
Inventors
Quinn, Rian Patrick, Kerrigan, Brendan Timothy
Primary Examiner(s)
Salomon, Phenuel
Assistant Examiner(s)
LUU, DAVID V

Application Number

US13/800,262
Publication Number

US 20140282050A1
Time in Patent Office

1,154 Days
Field of Search

715/744
US Class Current

1/1
CPC Class Codes

G06F 2203/04803   Split screen, i.e. subdivid...

G06F 3/0481   based on specific propertie...

G06F 9/452   Remote windowing, e.g. X-Wi...

Facilitating user interaction with multiple domains while preventing cross-domain transfer of data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Facilitating user interaction with multiple domains while preventing cross-domain transfer of data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links