Virtual machine file system restriction system and method
First Claim
Patent Images
1. A computer-implemented method comprising:
- executing a host operating system on a host computing system;
creating a first virtual machine within the host operating system, the first virtual machine comprising;
a remote file system;
a file system service; and
a security application between said remote file system and said file system service;
creating a second virtual machine within the host operating system of the host computing system, the second virtual machine comprising a Uniform Naming Convention (UNC) file system driver of the second virtual machine configured to cause all input/output operations processed in a kernel mode from said second virtual machine to be redirected to said remote file system of the first virtual machine via the security application of the first virtual machine, wherein the input/output operations are processed in a user mode in said remote file system;
booting said second virtual machine, wherein said booting said second virtual machine comprises loading a boot block from said first virtual machine and redirecting booting of said second virtual machine to said remote file system;
determining, upon an outbreak of unknown malicious code, at least one unknown malicious code characteristic, wherein the unknown malicious code characteristic comprises at least one file attribute comprising at least one of an outbreak time period, a file type, a source, a file name, and a file size; and
restricting, by the security application of the first virtual machine, access of said second virtual machine to said remote file system, wherein the restricting is performed based on the determined unknown malicious code characteristic, wherein the restricting is further performed based on configured rules relating the at least one file attribute and the unknown malicious code characteristic.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
28 Citations
6 Claims
-
1. A computer-implemented method comprising:
-
executing a host operating system on a host computing system; creating a first virtual machine within the host operating system, the first virtual machine comprising; a remote file system; a file system service; and a security application between said remote file system and said file system service; creating a second virtual machine within the host operating system of the host computing system, the second virtual machine comprising a Uniform Naming Convention (UNC) file system driver of the second virtual machine configured to cause all input/output operations processed in a kernel mode from said second virtual machine to be redirected to said remote file system of the first virtual machine via the security application of the first virtual machine, wherein the input/output operations are processed in a user mode in said remote file system; booting said second virtual machine, wherein said booting said second virtual machine comprises loading a boot block from said first virtual machine and redirecting booting of said second virtual machine to said remote file system; determining, upon an outbreak of unknown malicious code, at least one unknown malicious code characteristic, wherein the unknown malicious code characteristic comprises at least one file attribute comprising at least one of an outbreak time period, a file type, a source, a file name, and a file size; and restricting, by the security application of the first virtual machine, access of said second virtual machine to said remote file system, wherein the restricting is performed based on the determined unknown malicious code characteristic, wherein the restricting is further performed based on configured rules relating the at least one file attribute and the unknown malicious code characteristic. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-program product comprising a nontransitory computer readable storage medium containing computer program code which when executed by one or more computing processors performs a process comprising:
-
executing a host operating system on a host computing system; creating a first virtual machine within the host operating system, the first virtual machine comprising; a remote file system; a file system service; and a security application between said remote file system and said file system service; creating a second virtual machine within the host operating system of the host computing system, the second virtual machine comprising a Uniform Naming Convention (UNC) file system driver of the second virtual machine configured to cause all input/output operations processed in a kernel mode from said second virtual machine to be redirected to said remote file system of the first virtual machine via the security application of the first virtual machine, wherein the input/output operations are processed in a user mode in said remote file system; booting said second virtual machine, wherein said booting said second virtual machine comprises loading a boot block from said first virtual machine and redirecting booting of said second virtual machine to said remote file system; determining, upon an outbreak of unknown malicious code, at least one unknown malicious code characteristic, wherein the unknown malicious code characteristic comprises at least one file attribute comprising at least one of an outbreak time period, a file type, a source, a file name, and a file size; and restricting, by the security application of the first virtual machine, access of said second virtual machine to said remote file system, wherein the restricting is performed based on the determined unknown malicious code characteristic, wherein the restricting is further performed based on configured rules relating the at least one file attribute and the unknown malicious code characteristic.
-
Specification