Securing virtual execution environments

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Benjamin M. Schultz · Bellevue, US
• Kinshumann · Redmond, US
• David J. Linsley · Seattle, US
• Charles G. Jeffries · Sammamish, US
• Giridhar Viswanathan · Redmond, US
• Scott D. Anderson · Seattle, US
• Frederick J. Smith · Redmond, US
• Hari R. Pulapaka · Redmond, US
• Jianming Zhou · Suzhou, CN
• Margarit Simeonov Chenchev · Sammamish, US
• David B. Probert · Woodinville, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45591
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.