Systems and methods for RADE service isolation
First Claim
1. A method, comprising:
- creating, by a local machine comprising at least one processor, a first isolation environment with permissions at a first security privilege level;
starting a service in the first isolation environment;
receiving, by the local machine, a request to execute an application;
determining that the application requires use of the service and that the application is isolated from the service;
creating, by the local machine responsive to determining that the application requires the use of the service and that the application is isolated from the service, a second isolation environment with permissions at a second security privilege level different from the permissions at the first security privilege level;
starting the application in the second isolation environment;
intercepting a service call for the use of the service from the application; and
routing the intercepted service call to the service in the first isolation environment.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed towards systems and methods of streaming an application from a remote location to a local machine system, and using local machine system resources in executing that application. In various embodiments, services needed by a streamed application may be started with high local system privileges in their own isolation environment. These service may be started, stopped, and otherwise managed by a Service Control Manager. In order for an application to both access services that operate at high local system privileges and the network so that it can access remotely stored, streaming, information; a streaming application may rely on privileges of the user when accessing network information rather than the higher privileges of the services running in isolation.
26 Citations
20 Claims
-
1. A method, comprising:
-
creating, by a local machine comprising at least one processor, a first isolation environment with permissions at a first security privilege level; starting a service in the first isolation environment; receiving, by the local machine, a request to execute an application; determining that the application requires use of the service and that the application is isolated from the service; creating, by the local machine responsive to determining that the application requires the use of the service and that the application is isolated from the service, a second isolation environment with permissions at a second security privilege level different from the permissions at the first security privilege level; starting the application in the second isolation environment; intercepting a service call for the use of the service from the application; and routing the intercepted service call to the service in the first isolation environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising memory storing computer-executable instructions and at least one processor configured to execute the computer-executable instructions, wherein the instructions, when executed, cause the at least one processor to:
-
create a first isolation environment with permissions at a first security privilege level; start a service in the first isolation environment; receive a request to execute an application; determine that the application requires use of the service and that the application is isolated from the service; create, responsive to the determination that the application requires the use of the service and that the application is isolated from the service, a second isolation environment with permissions at a second security privilege level different than the permissions at the first security privilege level; start the application in the second isolation environment; intercept a service call for the use of the service from the application; and route the intercepted service call to the service in the first isolation environment. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification