Installing virtual machines within different communication pathways to access protected resources
First Claim
1. A computer-implemented method of controlling access to computer resources used by a computer application, the computer-implemented method comprising:
- fractionating, by one or more processors, a computer application into disparate components;
assigning, by one or more processors, two or more of the disparate components to different communication pathways, wherein the different communication pathways lead to requisite resources needed to execute the disparate components;
creating, by one or more processors, a virtual machine, wherein the virtual machine controls access to a particular requisite resource by a particular disparate component, and wherein the particular disparate component comprises a command layer instruction;
installing, by one or more processors, the virtual machine within at least one of the different communication pathways to control access to the particular requisite resource by the particular disparate component;
transmitting, by one or more processors, a resource retrieval instruction to retrieve the particular requisite resource via the virtual machine and the at least one of the different communication pathways;
installing, by one or more processors, multiple virtual machines in series within at least one of the different communication pathways, wherein the multiple virtual machines comprise a first virtual machine and a second virtual machine;
assigning, by one or more processors, a first address message to the first virtual machine, wherein the first address message identifies only an address of the second virtual machine, and wherein the first address message instructs the first virtual machine to send the resource retrieval instruction to the second virtual machine;
assigning, by one or more processors, a second address message to the second virtual machine, wherein the second address message identifies only an address of the particular requisite resource, and wherein the second address message instructs the second virtual machine to send the resource retrieval instruction to the particular requisite resource;
fractionating, by one or more processors, the command layer instruction into disparate command layer components;
assigning, by one or more processors, a first disparate command layer component from the disparate command layer components to the first virtual machine;
executing, by one or more processors, the first disparate command layer component to create a command virtual machine; and
controlling, by one or more processors, the first virtual machine via the command virtual machine.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method, system, and/or computer program product controls access to computer resources used by a computer application. One or more processors fractionate a computer application into disparate components. Two or more of the disparate components are assigned to different communication pathways, where the different communication pathways lead to requisite resources needed to execute the disparate components. One or more processors create and install a virtual machine within at least one of the different communication pathways, such that the virtual machine controls access to a particular requisite resource by a particular disparate component. One or more processors then issue a resource retrieval instruction to retrieve the particular requisite resource via the virtual machine and at least one of the different communication pathways.
-
Citations
16 Claims
-
1. A computer-implemented method of controlling access to computer resources used by a computer application, the computer-implemented method comprising:
-
fractionating, by one or more processors, a computer application into disparate components; assigning, by one or more processors, two or more of the disparate components to different communication pathways, wherein the different communication pathways lead to requisite resources needed to execute the disparate components; creating, by one or more processors, a virtual machine, wherein the virtual machine controls access to a particular requisite resource by a particular disparate component, and wherein the particular disparate component comprises a command layer instruction; installing, by one or more processors, the virtual machine within at least one of the different communication pathways to control access to the particular requisite resource by the particular disparate component; transmitting, by one or more processors, a resource retrieval instruction to retrieve the particular requisite resource via the virtual machine and the at least one of the different communication pathways; installing, by one or more processors, multiple virtual machines in series within at least one of the different communication pathways, wherein the multiple virtual machines comprise a first virtual machine and a second virtual machine; assigning, by one or more processors, a first address message to the first virtual machine, wherein the first address message identifies only an address of the second virtual machine, and wherein the first address message instructs the first virtual machine to send the resource retrieval instruction to the second virtual machine; assigning, by one or more processors, a second address message to the second virtual machine, wherein the second address message identifies only an address of the particular requisite resource, and wherein the second address message instructs the second virtual machine to send the resource retrieval instruction to the particular requisite resource; fractionating, by one or more processors, the command layer instruction into disparate command layer components; assigning, by one or more processors, a first disparate command layer component from the disparate command layer components to the first virtual machine; executing, by one or more processors, the first disparate command layer component to create a command virtual machine; and controlling, by one or more processors, the first virtual machine via the command virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for controlling access to computer resources used by a computer application, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising:
-
fractionating a computer application into disparate components; assigning two or more of the disparate components to different communication pathways, wherein the different communication pathways lead to requisite resources needed to execute the disparate components; creating a virtual machine, wherein the virtual machine controls access to a particular requisite resource by a particular disparate component; installing the virtual machine within at least one of the different communication pathways to control access to the particular requisite resource by the particular disparate component; transmitting a resource retrieval instruction to retrieve the particular requisite resource via the virtual machine and the at least one of the different communication pathways; defining a threat level for the particular requisite resource; and adjusting a quantity of virtual machines between the computer application and the particular requisite resource according to the threat level for the particular requisite resource. - View Dependent Claims (11, 12, 13)
-
-
14. A computer system comprising:
-
a processor, a computer readable memory, and a non-transitory computer readable storage medium; first program instructions to fractionate a computer application into disparate components; second program instructions to assign two or more of the disparate components to different communication pathways, wherein the different communication pathways lead to requisite resources needed to execute the disparate components; third program instructions to create a virtual machine, wherein the virtual machine controls access to a particular requisite resource by a particular disparate component; fourth program instructions to install the virtual machine within at least one of the different communication pathways to control access to the particular requisite resource by the particular disparate component; fifth program instructions to transmit a resource retrieval instruction to retrieve the particular requisite resource via the virtual machine and the at least one of the different communication pathways; sixth program instructions to define a threat level for the particular requisite resource; and seventh program instructions to adjust a quantity of virtual machines between the computer application and the particular requisite resource according to the threat level for the particular requisite resource; and
whereinthe first, second, third, fourth, fifth, sixth, and seventh program instructions are stored on the non-transitory computer readable storage medium for execution by one or more processors via the computer readable memory. - View Dependent Claims (15, 16)
the eighth and ninth program instructions are stored on the non-transitory computer readable storage medium for execution by one or more processors via the computer readable memory.
-
-
16. The computer system of claim 14, wherein the particular disparate component further comprises a command layer instruction, and wherein the computer system further comprises:
-
eighth program instructions to install multiple virtual machines in series within at least one of the different communication pathways, wherein the multiple virtual machines comprise a first virtual machine and a second virtual machine; ninth program instructions to assign a first address message to the first virtual machine, wherein the first address message identifies only an address of the second virtual machine, and wherein the first address message instructs the first virtual machine to send the resource retrieval instruction to the second virtual machine; tenth program instructions to assign a second address message to the second virtual machine, wherein the second address message identifies only an address of the particular requisite resource, and wherein the second address message instructs the second virtual machine to send the resource retrieval instruction to the particular requisite resource; eleventh program instructions to fractionate the command layer instruction into disparate command layer components; twelfth program instructions to assign a first disparate command layer component from the disparate command layer components to the first virtual machine; thirteenth program instructions to execute the first disparate command layer component to create a command virtual machine; and fourteenth program instructions to control the first virtual machine via the command virtual machine; and
whereinthe eighth, ninth, tenth, eleventh, and twelfth program instructions are stored on the non-transitory computer readable storage medium for execution by one or more processors via the computer readable memory.
-
Specification