On-demand disposable virtual work system

US 9,846,588 B2
Filed: 09/10/2014
Issued: 12/19/2017
Est. Priority Date: 03/01/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a memory; and

a processor, the processor executing a request handler and a virtual machine manager,the request handler configured to receive a request to execute a program on a host operating system,the request handler configured to determine, in response to the request, that the program does not have permission to execute on the host operating system and outside a virtual machine based on an indication of the program not being included on a list indicating which programs are allowed to operate on the host operating system and outside a virtual machine,the virtual machine manager operatively coupled to the request handler, the virtual machine manager configured to select a guest virtual machine based on a program type associated with the program,the request handler configured to send the request to the guest virtual machine such that the guest virtual machine executes the program in response to the indication of the program being included on a list indicating which programs are allowed to operate within the guest virtual machine.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

Citations

20 Claims

1. An apparatus, comprising:
- a memory; and
  
  a processor, the processor executing a request handler and a virtual machine manager,the request handler configured to receive a request to execute a program on a host operating system,the request handler configured to determine, in response to the request, that the program does not have permission to execute on the host operating system and outside a virtual machine based on an indication of the program not being included on a list indicating which programs are allowed to operate on the host operating system and outside a virtual machine,the virtual machine manager operatively coupled to the request handler, the virtual machine manager configured to select a guest virtual machine based on a program type associated with the program,the request handler configured to send the request to the guest virtual machine such that the guest virtual machine executes the program in response to the indication of the program being included on a list indicating which programs are allowed to operate within the guest virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 18)
- - 2. The apparatus of claim 1, wherein the virtual machine manager is configured to initiate the guest virtual machine in response to selecting the guest virtual machine.
  - 3. The apparatus of claim 1, wherein the program is a first program,the request handler configured to send a request to execute a second program to the guest virtual machine such that the guest virtual machine executes both the second program and the first program during a time period in response to an indication of the second program being included on the list indicating which programs are allowed to operate within the guest virtual machine, the second program being associated with the program type.
  - 4. The apparatus of claim 1, wherein the program is a first program and the guest virtual machine is a first guest virtual machine,the request handler configured to send a request to execute a second program to a second guest virtual machine such that the second guest virtual machine executes the second program, a program type associated with the second program being different than the program type associated with the first program, an indication of the second program not being included on the list indicating which programs are allowed to operate within the first guest virtual machine.
  - 5. The apparatus of claim 1, wherein the request handler is a first request handler, the first request handler being associated with the host operating system, the apparatus further comprising:
    - a second request handler, the second request handler being associated with the guest virtual machine, the second request handler configured to receive from the program a request to access a persistent storage associated with the guest virtual machine, the second request handler configured to allow the program to access the persistent storage in response to a user authenticating the request to access the persistent storage.
  - 6. The apparatus of claim 1, wherein the program is a first program,the request handler configured to receive a request to execute a second program on the host operating system,the request handler configured to determine, in response to the request to execute the second program, that the second program has permission to execute on the host operating system and outside a virtual machine based on an indication of the second program being included on the list indicating which programs are allowed to operate on the host operating system and outside a virtual machine.
  - 18. The apparatus of claim 1, wherein the indication of the program is at least one of an identifier of the program or an identifier of the program type associated with the program.

7. An apparatus, comprising:
- a memory; and
  
  a hardware processor operatively coupled to the memory and configured to implement a request handler at least partially stored in the memory and a virtual machine manager at least partially stored in the memory,the request handler configured to receive a request to execute a program on a host operating system, the request handler configured to determine, in response to the request, that the program does not have permission to execute on the host operating system and outside a virtual machine,the virtual machine manager operatively coupled to the request handler, the virtual machine manager configured to select a guest virtual machine from a plurality of guest virtual machines for the program, each guest virtual machine from the plurality of guest virtual machines being associated with a list indicating which programs are allowed to operate within that guest virtual machine, the virtual machine manager configured to perform at least one of;
  
  define the guest virtual machine;
  
  put the guest virtual machine to sleep;
  
  terminate the guest virtual machine;
  
  wake-up the guest virtual machine;
  
  receive the request to execute the program from the request handler;
  
  orrespond to the request to execute the program from the request handler,the request handler configured to send the request to the guest virtual machine such that the guest virtual machine executes the program in response to an indication of the program being included on the list indicating which programs are allowed to operate within the guest virtual machine.
- View Dependent Claims (8, 9, 10, 11, 12, 19)
- - 8. The apparatus of claim 7, wherein the hardware processor is configured to implement a virtual machine monitor, the virtual machine monitor configured to host the guest virtual machine on the hardware processor.
  - 9. The apparatus of claim 7, wherein the virtual machine manager is configured to select the guest virtual machine for the program based on a program type associated with the program.
  - 10. The apparatus of claim 7, wherein the request handler is a first request handler, the first request handler being associated with the host operating system, the hardware processor is configured to implement a second request handler,the second request handler being associated with the guest virtual machine, the second request handler configured to receive from the program a request to access a persistent storage associated with the guest virtual machine, the second request handler configured to allow the program to access the persistent storage in response to a user authenticating the request to access the persistent storage.
  - 11. The apparatus of claim 7, wherein the program is a first program,the request handler configured to receive a request to execute a second program on the host operating system,the request handler configured to determine, in response to the request to execute the second program, that the second program has permission to execute on the host operating system and outside a virtual machine.
  - 12. The apparatus of claim 7, wherein the virtual machine manager is configured to initiate the guest virtual machine in response to selecting the guest virtual machine.
  - 19. The apparatus of claim 7, wherein the indication of the program is at least one of an identifier of the program or an identifier of a program type associated with the program.

13. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
- receive, at a host request handler, a request to execute a program on a host operating system;
  
  determine, at the host request handler and in response to receiving the request, that the program does not have permission to execute on the host operating system and outside a virtual machine based on an indication of the program not being included on a list indicating which programs are allowed to operate on the host operating system and outside a virtual machine;
  
  send, from the host request handler, the request to a guest request handler implemented in a guest virtual machine;
  
  send, from the guest request handler, a signal to a guest operating system within the guest virtual machine to initiate execution of the program on the guest virtual machine if a guest program permissions list indicates that the program has permission to execute on the guest virtual machine; and
  
  send, from the guest request handler, a signal to the guest operating system to deny execution of the program on the guest virtual machine if the guest program permissions list indicates that the program does not have permission to execute on the guest virtual machine.
- View Dependent Claims (14, 15, 16, 17, 20)
- - 14. The non-transitory processor-readable medium of claim 13, further comprising code to cause the processor to:
    - select, using a virtual machine manager, the guest virtual machine for the program based on a program type associated with the program prior to the host request handler sending the request to the guest request handler.
  - 15. The non-transitory processor-readable medium of claim 13, wherein the program is a first program, the code further comprising code to cause the processor to:
    - send, from the host request handler, a request to execute a second program to the guest request handler, the guest request handler configured to send a signal to the guest operating system to initiate execution of the second program such that the guest virtual machine executes both the second program and the first program during a time period.
  - 16. The non-transitory processor-readable medium of claim 13, wherein the program is a first program, the code further comprising code to cause the processor to:
    - receive, at the host request handler, a request to execute a second program on the host operating system; and
      
      determine, at the host request handler and in response to the request to execute the second program, that the second program has permission to execute on the host operating system and outside a virtual machine.
  - 17. The non-transitory processor-readable medium of claim 13, wherein a virtual machine monitor is configured to host the guest virtual machine.
  - 20. The non-transitory processor-readable medium of claim 13, wherein the indication of the program is at least one of an identifier of the program or an identifier of a program type associated with the program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Mason Research Foundation Inc.
Original Assignee
George Mason Research Foundation Inc.
Inventors
Ghosh, Anup K., Jajodia, Sushil, Huang, Yih, Wang, Jiang
Primary Examiner(s)
Puente, Emerson
Assistant Examiner(s)
Labud, Jonathan R

Application Number

US14/482,786
Publication Number

US 20150212842A1
Time in Patent Office

1,196 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45575   Starting, stopping, suspend...

G06F 21/53   by executing in a restricte...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

On-demand disposable virtual work system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand disposable virtual work system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links