SYSTEM AND METHOD FOR SECURE OS ACCESS IN AN ECMA-SCRIPT VIRTUAL MACHINE
First Claim
1. A method for providing an interaction between an application executing in a virtual machine and an operating system, the method comprising:
- defining an application context for the application;
receiving an operating system resource request from the application context;
providing the operating system resource request to a root application context defined in the virtual machine;
determining in the root application context whether the application has operating system privileges for a requested resource; and
providing the operating system resource request to the operating system dependent on the operating system privileges determined for the operating system resource request.
2 Assignments
0 Petitions
Accused Products
Abstract
In an ECMAScript (JavaScript) Virtual Machine, applications are isolated from the operating system by defining an application context for each application. A root application context is defined that binds scripted objects of the root application context to equivalent native objects of the virtual machine. Other application contexts may send events on an event bus via the root application context to request resources of the operating system. The root application context determines the security privileges of the application context with respect to the requested resource, and is the only application context that is able to interact with the operating system.
22 Citations
20 Claims
-
1. A method for providing an interaction between an application executing in a virtual machine and an operating system, the method comprising:
-
defining an application context for the application; receiving an operating system resource request from the application context; providing the operating system resource request to a root application context defined in the virtual machine; determining in the root application context whether the application has operating system privileges for a requested resource; and providing the operating system resource request to the operating system dependent on the operating system privileges determined for the operating system resource request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
an operating system; a virtual machine; and an abstraction layer that provides a compatibility interface between the operating system and the virtual machine; wherein the virtual machine is configured to define a first root application context for a first application and at least one further application context for at least one further application; and wherein the virtual machine provides operating system resource requests from the at least one further application context to the operating system via the root application context. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable medium comprising computer-executable instructions for execution by a processor, that, when executed:
-
receive an operating system resource request from an application context; perform a determination whether an application associated with the application context is allowed to access an operating system resource specified by the operating system resource request; and provide the operating system resource request to an operating system dependent on said determination. - View Dependent Claims (20)
-
Specification