Automated provisioning of secure virtual execution environment using virtual machine templates based on source code origin
First Claim
1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed by one or more processors, causes:
- in response to receiving a request to perform an action, instantiating an isolated environment without receiving an explicit user instruction to instantiate said isolated environment by performing;
identifying one or more templates from multiple pre-existing templates for use in instantiating said isolated environment based on a policy, wherein each of the multiple pre-existing templates describes isolated environment characteristics configured for different types of activity,wherein said policy additionally considers the provenance of executable code associated with said action in one or more of (a) identifying said one or more templates for use in instantiating said isolated environment or (b) determining whether to instantiate said isolated environment; and
after instantiating said isolated environment using said one or more templates, performing said action in said isolated environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. In response to receiving a request to perform an action, an isolated environment (such as but not limited to a virtual machine) is instantiated without receiving an explicit user instruction to do so. To instantiate the isolated environment, one or more templates for use in instantiating the isolated environment are identified using a policy. The one or more templates describe isolated environment characteristics for different types of activity. After the isolated environment has been instantiated using one or more identified templates, the action may be performed in the isolated environment.
168 Citations
21 Claims
-
1. A non-transitory computer readable storage medium storing one or more sequences of instructions, which when executed by one or more processors, causes:
-
in response to receiving a request to perform an action, instantiating an isolated environment without receiving an explicit user instruction to instantiate said isolated environment by performing; identifying one or more templates from multiple pre-existing templates for use in instantiating said isolated environment based on a policy, wherein each of the multiple pre-existing templates describes isolated environment characteristics configured for different types of activity, wherein said policy additionally considers the provenance of executable code associated with said action in one or more of (a) identifying said one or more templates for use in instantiating said isolated environment or (b) determining whether to instantiate said isolated environment; and after instantiating said isolated environment using said one or more templates, performing said action in said isolated environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
one or more processors; and one or more non-transitory computer-readable storage storing one or more sequences of instructions, which when executed by said one or more processors;
cause;in response to receiving a request to perform an action, instantiating an isolated environment without receiving an explicit user instruction to instantiate said isolated environment by performing; identifying one or more templates from multiple pre-existing templates for use in instantiating said isolated environment based on a policy, wherein each of the multiple pre-existing templates describes isolated environment characteristics configured for different types of activity, wherein said policy additionally considers the provenance of executable code associated with said action in one or more of (a) identifying said one or more templates for use in instantiating said isolated environment or (b) determining whether to instantiate said isolated environment; and after instantiating said isolated environment using said one or more templates, performing said action in said isolated environment. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method, comprising:
-
in response to receiving a request to perform an action, instantiating an isolated without receiving an explicit user instruction to instantiate said isolated environment by performing; identifying one or more templates from multiple pre-existing templates for use in instantiating said isolated environment based on a policy, wherein each of the multiple pre-existing templates describes isolated environment characteristics configured for different types of activity, wherein said policy additionally considers the provenance of executable code associated with said action in one or more of (a) identifying said one or more templates for use in instantiating said isolated environment or (b) determining whether to instantiate said isolated environment; and after instantiating said isolated environment using said one or more templates, performing said action in said isolated environment.
-
Specification