Cloud service custom execution environment

US 9,935,959 B2
Filed: 09/17/2014
Issued: 04/03/2018
Est. Priority Date: 02/07/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

one or more processors; and

one or more memory devices coupled to the one or more processors, the one or more memory devices including one or more instructions that, upon execution on the one or more processors, cause the one or more processors to;

receive a criterion for configuring a template execution environment of a plurality of template execution environments, wherein each template execution environment of the plurality of template execution environments is configured to establish a child execution environment, and wherein the template execution environment of the plurality of template execution environments is configured to execute one or more custom executable instructions in the child execution environment that is established based on the template execution environment;

receive, from a mobile device, a request to execute a custom executable instruction for a tenant registered with a cloud computer system;

determining, based on the request to execute a custom executable instruction, a custom execution service provided by the cloud computer system to execute the custom executable instruction;

classify, by the custom execution service, a type of custom executable instruction corresponding to the requested custom executable instruction;

select, by the custom execution service, a first template execution environment from the plurality of template execution environments based on a type of execution environment, wherein the type of execution environment is configured to support execution of the classified type of custom executable instruction based on one or more resources permitted for access by the tenant registered with the cloud computer system, wherein the selected first template execution environment is a Java virtual machine (JVM) environment;

execute, by the custom execution service, the first template execution environment;

establish, by the custom execution service, a first child execution environment to execute the requested custom executable instruction, wherein the first child execution environment is established based on the first template execution environment, wherein the first child execution environment is a child JVM environment;

load the requested custom executable instruction for execution in the first child execution environment; and

thenconfigure, by the custom execution service, the first child execution environment to enable execution of the requested custom executable instruction, wherein the configuring includes setting one or more settings of a callable interface to control access by the custom executable instruction to a plurality of services from the cloud computer system, wherein the configuring includes adjusting a first access permission of the first child execution environment through a security model for the selected first template execution environment, wherein the first access permission specifies one or more types of operations that are permitted or prohibited in the first child execution environment by the requested custom executable instruction executed in the first child execution environment, wherein configuring includes adjusting a second access permission of the first child execution environment for access to a resource not located in the first child execution environment, and wherein the second access permission is adjusted to prevent the resource from being accessed by the requested custom executable instruction from within the first child execution environment; and

execute the requested custom executable instruction in the first child execution environment, wherein the requested custom executable instruction is executed after the first child execution environment is configured for the first child execution environment, and wherein execution of the requested custom executable instruction causes one or more operations to be performed on data for the tenant in the cloud computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for implementing a cloud computer system to provide access to a custom execution environment for execution of custom executable instructions. Users may be able to configure one or more different types of template execution environments, e.g., a virtual machine environment, each of which can be used to establish a type of custom execution environment. Users may configure the template execution environment with regard to settings, states, resources, permissions, or other criterion related to an execution environment. Upon request, a custom execution environment (e.g., a child execution environment) may be established for running one instance of a custom executable instruction. The custom execution environment may be based on the template execution environment. The custom execution environment may provide a secure, isolated environment for execution of a custom executable instruction. Access permissions for the custom execution environment may be configurable depending on a type of execution environment desired.

90 Citations

View as Search Results

6 Claims

1. A computer system comprising:
- one or more processors; and
  
  one or more memory devices coupled to the one or more processors, the one or more memory devices including one or more instructions that, upon execution on the one or more processors, cause the one or more processors to;
  
  receive a criterion for configuring a template execution environment of a plurality of template execution environments, wherein each template execution environment of the plurality of template execution environments is configured to establish a child execution environment, and wherein the template execution environment of the plurality of template execution environments is configured to execute one or more custom executable instructions in the child execution environment that is established based on the template execution environment;
  
  receive, from a mobile device, a request to execute a custom executable instruction for a tenant registered with a cloud computer system;
  
  determining, based on the request to execute a custom executable instruction, a custom execution service provided by the cloud computer system to execute the custom executable instruction;
  
  classify, by the custom execution service, a type of custom executable instruction corresponding to the requested custom executable instruction;
  
  select, by the custom execution service, a first template execution environment from the plurality of template execution environments based on a type of execution environment, wherein the type of execution environment is configured to support execution of the classified type of custom executable instruction based on one or more resources permitted for access by the tenant registered with the cloud computer system, wherein the selected first template execution environment is a Java virtual machine (JVM) environment;
  
  execute, by the custom execution service, the first template execution environment;
  
  establish, by the custom execution service, a first child execution environment to execute the requested custom executable instruction, wherein the first child execution environment is established based on the first template execution environment, wherein the first child execution environment is a child JVM environment;
  
  load the requested custom executable instruction for execution in the first child execution environment; and
  
  thenconfigure, by the custom execution service, the first child execution environment to enable execution of the requested custom executable instruction, wherein the configuring includes setting one or more settings of a callable interface to control access by the custom executable instruction to a plurality of services from the cloud computer system, wherein the configuring includes adjusting a first access permission of the first child execution environment through a security model for the selected first template execution environment, wherein the first access permission specifies one or more types of operations that are permitted or prohibited in the first child execution environment by the requested custom executable instruction executed in the first child execution environment, wherein configuring includes adjusting a second access permission of the first child execution environment for access to a resource not located in the first child execution environment, and wherein the second access permission is adjusted to prevent the resource from being accessed by the requested custom executable instruction from within the first child execution environment; and
  
  execute the requested custom executable instruction in the first child execution environment, wherein the requested custom executable instruction is executed after the first child execution environment is configured for the first child execution environment, and wherein execution of the requested custom executable instruction causes one or more operations to be performed on data for the tenant in the cloud computer system.
- View Dependent Claims (2)
- - 2. The computer system of claim 1, wherein the request to execute the custom executable instruction includes a plurality of requests, wherein the plurality of requests includes a first request and a second request, wherein the first request is to execute the custom executable instruction as a first custom executable instruction for the tenant, wherein the second request is to execute a second custom executable instruction for the tenant, and wherein the one or more instructions which, upon execution on the one or more processors, further cause the one or more processors to:
    - establish, a second child execution environment to execute the second custom executable instruction, wherein the second child execution environment is established based on the selected template execution environment;
      
      load the second custom executable instruction for execution in the second child execution environment;
      
      configure the second child execution environment to enable execution of the second custom executable instruction, wherein the configuring includes setting the one or more settings of the callable interface to control access by the second custom executable instruction to the plurality of services from the computer system; and
      
      execute the second custom executable instruction in the second child execution environment.

3. A non-transitory, processor readable memory device having stored thereon one or more instructions that, upon execution by one or more processors, cause the one or more processors to:
- receive a criterion for configuring a template execution environment of a plurality of template execution environments, wherein each template execution environment of the plurality of template execution environments is configured to establish a child execution environment, and wherein the template execution environment of the plurality of template execution environments is configured to execute one or more custom executable instructions in the child execution environment that is established based on the template execution environment;
  
  receive, from a mobile device, a request to execute a custom executable instruction for a tenant registered with a cloud computer system;
  
  determining, based on the request to execute a custom executable instruction, a custom execution service provided by the cloud computer system to execute the custom executable instruction;
  
  classify, by the custom execution service, a type of custom executable instruction corresponding to the requested custom executable instruction;
  
  select, by the custom execution service, a first template execution environment from the plurality of template execution environments based on a type of execution environment, wherein the type of execution environment is configured to support execution of the classified type of custom executable instruction based on one or more resources permitted for access by the tenant registered with the cloud computer system, wherein the selected first template execution environment is a Java virtual machine (JVM) environment;
  
  execute, by the custom execution service, the first template execution environment;
  
  establish, by the custom execution service, a first child execution environment to execute the requested custom executable instruction, wherein the first child execution environment is established based on the first template execution environment, wherein the first child execution environment is a child JVM environment;
  
  load the requested custom executable instruction for execution in the first child execution environment; and
  
  thenconfigure, by the custom execution service, the first child execution environment to enable execution of the requested custom executable instruction, wherein the configuring includes setting one or more settings of a callable interface to control access by the custom executable instruction to a plurality of services from the cloud computer system, wherein the configuring includes adjusting a first access permission of the first child execution environment through a security model for the selected first template execution environment, wherein the first access permission specifies one or more types of operations that are permitted or prohibited in the first child execution environment by the requested custom executable instruction executed in the first child execution environment, wherein configuring includes adjusting a second access permission of the first child execution environment for access to a resource not located in the first child execution environment, and wherein the second access permission is adjusted to prevent the resource from being accessed by the requested custom executable instruction from within the first child execution environment; and
  
  execute the requested custom executable instruction in the first child execution environment, wherein the requested custom executable instruction is executed after the first child execution environment is configured for the first child execution environment, and wherein execution of the requested custom executable instruction causes one or more operations to be performed on data for the tenant in the cloud computer system.
- View Dependent Claims (4)
- - 4. The non-transitory, processor readable memory device of claim 3, wherein the request to execute the custom executable instruction includes a plurality of requests, wherein the plurality of requests includes a first request and a second request, wherein the first request is to execute the custom executable instruction as a first custom executable instruction for the tenant, wherein the second request is to execute a second custom executable instruction for the tenant, and wherein the one or more instructions which, upon execution on the one or more processors, further cause the one or more processors to:
    - establish, a second child execution environment to execute the second custom executable instruction, wherein the second child execution environment is established based on the selected template execution environment;
      
      load the second custom executable instruction for execution in the second child execution environment;
      
      configure the second child execution environment to enable execution of the second custom executable instruction, wherein the configuring includes setting the one or more settings of the callable interface to control access by the second custom executable instruction to the plurality of services from the computer system; and
      
      execute the second custom executable instruction in the second child execution environment.

5. A method comprising:
- receiving a criterion for configuring a template execution environment of a plurality of template execution environments, wherein each template execution environment of the plurality of template execution environments is configured to establish a child execution environment, and wherein the template execution environment of the plurality of template execution environments is configured to execute one or more custom executable instructions in the child execution environment that is established based on the template execution environment;
  
  receiving, from a mobile device, a request to execute a custom executable instruction for a tenant registered with a cloud computer system;
  
  determining, based on the request to execute a custom executable instruction, a custom execution service provided by the cloud computer system to execute the custom executable instruction;
  
  classifying, by the custom execution service, a type of custom executable instruction corresponding to the requested custom executable instruction;
  
  selecting, by the custom execution service, a first template execution environment from the plurality of template execution environments based on a type of execution environment, wherein the type of execution environment is configured to support execution of the classified type of custom executable instruction based on one or more resources permitted for access by the tenant registered with the cloud computer system, wherein the selected first template execution environment is a Java virtual machine (JVM) environment;
  
  executing, by the custom execution service, the first template execution environment;
  
  establishing, by the custom execution service, a first child execution environment to execute the requested custom executable instruction, wherein the first child execution environment is established based on the first template execution environment, wherein the first child execution environment is a child JVM environment;
  
  loading the requested custom executable instruction for execution in the first child execution environment; and
  
  thenconfiguring, by the custom execution service, the first child execution environment to enable execution of the requested custom executable instruction, wherein the configuring includes setting one or more settings of a callable interface to control access by the custom executable instruction to a plurality of services from the cloud computer system, wherein the configuring includes adjusting a first access permission of the first child execution environment through a security model for the selected first template execution environment, wherein the first access permission specifies one or more types of operations that are permitted or prohibited in the first child execution environment by the requested custom executable instruction executed in the first child execution environment, wherein configuring includes adjusting a second access permission of the first child execution environment for access to a resource not located in the first child execution environment, and wherein the second access permission is adjusted to prevent the resource from being accessed by the requested custom executable instruction from within the first child execution environment; and
  
  executing the requested custom executable instruction in the first child execution environment, wherein the requested custom executable instruction is executed after the first child execution environment is configured for the first child execution environment, and wherein execution of the requested custom executable instruction causes one or more operations to be performed on data for the tenant in the cloud computer system.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein the request to execute the custom executable instruction includes a plurality of requests, wherein the plurality of requests includes a first request and a second request, wherein the first request is to execute the custom executable instruction as a first custom executable instruction for the tenant, and wherein the second request is to execute a second custom executable instruction for the tenant, the method further comprising:
    - establishing, a second child execution environment to execute the second custom executable instruction, wherein the second child execution environment is established based on the selected template execution environment;
      
      loading the second custom executable instruction for execution in the second child execution environment;
      
      configuring the second child execution environment to enable execution of the second custom executable instruction, wherein the configuring includes setting the one or more settings of the callable interface to control access by the second custom executable instruction to the plurality of services from the computer system; and
      
      executing the second custom executable instruction in the second child execution environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Keith, Michael, Kilgore, William Bruce, Loo, Kaj van de
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Wilcox, James J

Application Number

US14/489,172
Publication Number

US 20150229645A1
Time in Patent Office

1,294 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/468   Specific access rights for ...

H04L 41/50   Network service management,...

H04L 63/10   for controlling access to d...

H04W 12/08   Access security

H04W 12/086   using security domains

Cloud service custom execution environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud service custom execution environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links