Seamless management of untrusted data using isolated environments
First Claim
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using isolated environments, which when executed by one or more processors, cause:
- in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and
the client instantiating, without human intervention and based on the policy, an isolated environment in which the action is to be performed against the file,wherein the policy determines which resources of the client, other than the file or a resource required to provide access to the file, are accessible to the isolated environment, upon instantiation of the isolated environment, based on the request to perform an action on the file.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.
112 Citations
31 Claims
-
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for managing potentially malicious files using isolated environments, which when executed by one or more processors, cause:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, an isolated environment in which the action is to be performed against the file, wherein the policy determines which resources of the client, other than the file or a resource required to provide access to the file, are accessible to the isolated environment, upon instantiation of the isolated environment, based on the request to perform an action on the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A client, comprising:
-
one or more processors; one or more non-transitory storage mediums storing one or more sequences of instructions for managing potentially malicious files using isolated environments, which when executed by the one or more processors, causes; in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, an isolated environment in which the action is to be performed against the file, wherein the policy determines which resources of the client, other than the file or a resource required to provide access to the file, are accessible to the isolated environment, upon instantiation of the isolated environment, based on the request to perform an action on the file.
-
-
31. A method for managing potentially malicious files using isolated environments, comprising:
-
in response to receiving a request to perform an action on a file, a client applying a policy to determine whether the action is deemed trustworthy; and the client instantiating, without human intervention and based on the policy, an isolated environment in which the action is to be performed against the file, wherein the policy determines which resources of the client, other than the file or a resource required to provide access to the file, are accessible to the isolated environment, upon instantiation of the isolated environment, based on the request to perform an action on the file.
-
Specification