System for virtualizing access to named system objects using rule action associated with request
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/455
G06F-017/00
G06F-007/00
출원번호
UP-0711735
(2004-09-30)
등록번호
US-7853947
(2011-02-10)
발명자
/ 주소
Laborczfalvi, Lee George
Roychoudhry, Anil
Borzycki, Andrew Gerard
Muir, Jeffrey Dale
Chin, Huai Chiun
Mazzaferri, Richard James
출원인 / 주소
Citrix Systems, Inc.
대리인 / 주소
Choate, Hall & Stewart LLP
인용정보
피인용 횟수 :
10인용 특허 :
82
초록▼
A method for virtualizing access to named system objects includes the step of receiving a request to access a system object from a process executing in the context of a user isolation scope, the request including a virtual name for the system object. A rule associated with the request is determined
A method for virtualizing access to named system objects includes the step of receiving a request to access a system object from a process executing in the context of a user isolation scope, the request including a virtual name for the system object. A rule associated with the request is determined and a literal name for the system object is formed in response to the determined rule. A request to access the system object is issued to the operating system. The issued request including the literal name for the system object.
대표청구항▼
What is claimed as new and desired to be protected by Letters Patent of the United States is: 1. A method for virtualizing access to named system objects, the method comprising instructing a suitably programmed computer to perform the steps of: (a) receiving a request to access a system object stor
What is claimed as new and desired to be protected by Letters Patent of the United States is: 1. A method for virtualizing access to named system objects, the method comprising instructing a suitably programmed computer to perform the steps of: (a) receiving a request to access a system object stored in a memory element provided by a computer, the request received from a process executing in a context of an isolation environment, the isolation environment comprising an application isolation layer and a user isolation layer, the request including a virtual name for the system object; (b) selecting, by the computer, a rule action associated with the request, the selection responsive to the request received from the process executing in the context of the isolation environment, and determining that a rule action from a group consisting of ignore, redirect and isolate, is associated with the request; (c) forming a literal name for the system object in response to the selected rule action; and (d) issuing, to an operating system executing on the computer, a request to access the system object, the request including the literal name for the system object. 2. The method of claim 1 wherein the system object is selected from a group consisting of a semaphore, a mutex, a mutant, a timer, an event, a job object, a file-mapping object, a section, a named pipe, and a mailslot. 3. The method of claim 1 wherein step (a) further comprises receiving, from a hooking function, the request to access the system object from the process executing in the context of the isolation environment. 4. The method of claim 1 wherein the request to access the system object comprises a request to open the system object. 5. The method of claim 1 wherein the request to access the system object further comprises a request to create the system object. 6. The method of claim 1 wherein step (b) further comprises accessing a rules engine to determine the rule action associated with the virtual name included in the request. 7. The method of claim 1 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer using the virtual name provided in the request and a session-specific identifier. 8. The method of claim 1 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer using the virtual name provided in the request and an application-specific identifier, the application-specific identifier associated with the application isolation layer with which the process making the request is associated. 9. The method of claim 1 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer using the virtual name provided in the request and a user-specific identifier, the user-specific identifier associated with the user isolation layer in which the process making the request executes. 10. The method of claim 1 wherein step (c) further comprises the step of forming the literal name for the system object stored in the memory element provided by the computer identifying the system object as having global visibility. 11. The method of claim 1 wherein step (c) further comprises the step of forming the literal name for the system object stored in the memory element provided by the computer identifying the system object as having session visibility. 12. The method of claim 1 wherein step (c) comprises forming the literal name for the system object stored in the memory element provided by the computer that is identical to the virtual name provided in the request. 13. The method of claim 1 further comprising the step of receiving a handle from the operating system identifying the accessed system object. 14. The method of claim 13 further comprising the step of transmitting the handle to the process. 15. The method of claim 1 further comprising receiving a second request to access the system object from a second process executing in a context of a second isolation environment comprising a second application isolation layer and a second user isolation layer, the second request including the virtual name for the object. 16. The method of claim 15 wherein step (c) further comprises forming, responsive to the second request received from the second process executing in the context of the second isolation environment, a literal name for the system object using the virtual name provided in the second request and a session-specific identifier. 17. The method of claim 16 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer using the virtual name provided in the second request and an application-specific identifier, the application-specific identifier associated with the application isolation layer with which the second process making the second request is associated. 18. The method of claim 16 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer using the virtual name provided in the second request and a user-specific identifier, the user-specific identifier associated with the second user isolation layer in which the second process making the second request executes. 19. The method of claim 15 wherein step (c) further comprises forming the literal name for the system object stored in the memory element provided by the computer that is identical to the virtual name provided in the second request. 20. The method of claim 1 further comprising the step of receiving a request to access the system object from a second process executing in the context of the user isolation layer, the request including the virtual name for the object. 21. The method of claim 20 wherein step (c) further comprises forming, responsive to the request received from the second process executing in the context of the isolation environment, the literal name for the system object using the virtual name provided in the request and a session-specific identifier. 22. The method of claim 21 wherein step (c) further comprises forming the literal name for the system object using the virtual name provided in the request and an application-specific identifier, the application-specific identifier associated with the application isolation layer with which the second process making the request is associated. 23. The method of claim 21 wherein step (c) further comprises forming the literal name for the system object using the virtual name provided in the request and a user-specific identifier, the user-specific identifier associated with the user isolation layer in which the second process making the request executes. 24. The method of claim 20 wherein step (c) further comprises forming the literal name for the system object that is identical to the virtual name provided in the request. 25. An article of manufacture having executable instructions stored thereon when the instructions are executed by a computer, causing the computer to virtualize access to named system objects, the article of manufacture comprising: computer-readable program means for receiving a request to access a system object from a process executing in a context of an isolation environment, the isolation environment comprising an application isolation layer and a user isolation layer, the request including a virtual name for the system object; computer-readable program means for selecting by the computer, a rule action associated with the request, the selection responsive to the request received from the process executing in the context of the isolation environment, and determining that a rule action from a group consisting of ignore, redirect and isolate is associated with the request; computer-readable program means for forming a literal name for the system object responsive to the selected rule action; and computer-readable program means for issuing, to an operating system executing on the computer, a request to access the system object, the request including the literal name for the system object. 26. The article of manufacture of claim 25 wherein the computer-readable program means for receiving the request further comprises a request to open the system object. 27. The article of manufacture of claim 25 wherein the computer-readable program means for receiving the request further comprises a request to create the system object. 28. The article of manufacture of claim 25 further comprising computer-readable program means for storing the rule action associated with the request. 29. The article of manufacture of claim 28 wherein the computer-readable program means for storing the rule action further comprises a database. 30. The article of manufacture of claim 25 wherein the computer-readable program means for forming the literal name for the system object further comprises forming the literal name for the system object that is identical to the virtual name. 31. The article of manufacture of claim 25 wherein the computer-readable program means for forming the literal name for the system object further comprises forming the literal name for the system object using the virtual name and a session-specific identifier. 32. The article of manufacture of claim 31 wherein an application-specific identifier is associated with the application isolation layer with which the process making the request is associated. 33. The article of manufacture of claim 31 wherein a user-specific identifier is associated with the user isolation layer in which the process making the request executes.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (82)
Win Teresa ; Belmonte Emilio, Administrative roles that govern access to administrative functions.
Duursma, Martin; Panasyuk, Anatoliy; Ciraldo, Robert; Ungerman, Anthony; Pedersen, Bradley Jay; Davis, III, Tom C.; Bloomfield, Marc A., Apparatus and method for determining a program neighborhood for a client node in a client-server network using markup language techniques.
Joseph Kuriacose ; Jessup ; Jr. Ansley Wayne ; Dureau Vincent ; Delpuch Alain, Apparatus for transmitting and receiving executable applications as for a multimedia system.
Shah, Lacky Vasant; Arai, Daniel Takeo; Benitez, Manuel Enrique; Holler, Anne Marie; Wohlgemuth, Robert Curtis, Client-side performance optimization system for streamed applications.
Alimpich Claudia C. ; Boldt Gerald D. ; Doescher Calvin Larry ; Goddard Joan Stagaman ; Wittig James Philip, Dynamically modifying a graphical user interface window title.
Adams, Thomas L.; Chorley, Will R.; Cunetto, Philip C.; Doherty, James M.; LeMay, John E.; Mueller, Stephen M.; Parolkar, Satish; Schroeder, Timothy P.; Slaten, Charles B., Flexible network platform and call processing system.
Alford, Jr.,Jack Allen; Beesley,James Bruce; Nasypany,Stephen Raymond, Graphical user interface for visualization of sampled data compared to entitled or reference levels.
Bendert Edward Joseph (Vestal NY) Bennett Robert Bradley (Endwell NY) Berman Eve Suzanne (Binghamton NY) Farrell Susan Marie (Vestal NY) Johnson Eugene (Vestal NY) Nugent Robert Michael (Nichols NY) , Heterogeneous filing system with common API and reconciled file management rules.
Wies Evan F. ; Chang Dean C. ; Rosenberg Louis B. ; Tan Sian W. ; Mallett Jeffrey R., Implementing force feedback over the World Wide Web and other computer networks.
Greschler, David M.; Mysliwy, Owen; Schaefer, Stuart, METHOD AND SYSTEM FOR REMOTE NETWORKING USING PORT PROXYING BY DETECTING IF THE DESIGNATED PORT ON A CLIENT COMPUTER IS BLOCKED, THEN ENCAPSULATING THE COMMUNICATIONS IN A DIFFERENT FORMAT AND REDIRE.
Schmeidler, Yonah; Atkins, Derek; Eichin, Mark W.; Rostcheck, David J., Method and apparatus for content protection in a secure content delivery system.
Yonah Schmeidler ; Derek Atkins ; Mark W. Eichin ; David J. Rostcheck, Method and apparatus for installation abstraction in a secure content delivery system.
Bobby G. Doran, Jr. ; Bill Hyden ; Terry Wayne Liles, Method and apparatus for windows-based installation for installing software on build-to-order computer systems.
Jeffrey Vinson ; Steig Westerberg ; Jeffrey DeVries, Method and apparatus to allow remotely located computer programs and/or data to be accessed on a local computer in a secure, time-limited manner, with persistent caching.
Cummings Christopher R., Method and system for allowing a single-user application executing in a multi-user environment to create objects having both user-global and system global visibility.
Tracy William X. ; Roslak Thomas K. ; Murrah Judith ; Riso Francis ; Beach Robert ; Sandler Robert, Method and system for presenting item information using a portable data terminal.
Kawabe Shigehisa,JPX ; Hashimoto Sunao,JPX ; Yamashita Ichiro,JPX ; Horikiri Kazunori,JPX, Name service apparatus using resource management, name resolution and virtual resource realization for realizing a virt.
Gish Sheri L., Object-oriented system, method and article of manufacture for a client-server event driven message framework in an interprise computing framework system.
Bennett John G. ; Dalal Ketan, Processing multiple database transactions in the same process to reduce process overhead and redundant retrieval from database servers.
Carman David W. ; Balenson David M. ; Tajalli Homayoon ; Walker Stephen T., System and method for controlling access to a user secret using a key recovery field.
Brooks Matthew G. ; Young Russell T., System for replicating and associating file types with application programs among plurality of partitions in a server.
Bernhard Thomas ; Escamilla Terry ; Leddy William ; Letsinger Richard ; Marks Crosby ; Smaha Steven E. ; Snapp Steven R., System, method and computer program product for automatic response to computer system misuse using active response modules.
Domenikos Steven D. ; Domenikos George C., Systems and methods for executing application programs from a memory device linked to a server at an internet site.
Domenikos Steven D. ; Domenikos George C., Systems and methods for executing application programs from a memory device linked to server at an internet site.
Bennett, Brian T.; Leff, Avraham; Mikalsen, Thomas A.; Rayfield, James T.; Rouvellou, Isabelle M., Transparent general purpose object isolation for multi-tier distributed object environments.
Talati Kirit K. (Sunnyvale TX) Lackie C. Willard (Garland TX), Virtual software machine which preprocesses application program to isolate execution dependencies and uses target comput.
Wall, Matthew B.; Wall, Timothy R.; Aucott, Andrew, Computer method and apparatus for engineered product management including simultaneous indication of working copy status and repository status.
Bissett, Nicholas Alexander; Roychoudhry, Anil; Mazzaferri, Richard James, Method for accessing, by application programs, resources residing inside an application isolation scope.
Bissett, Nicholas Alexander; Roychoudhry, Anil; Mazzaferri, Richard James, Methods and systems for accessing, by application programs, resources provided by an operating system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.