Protected execution environments within a computer system
US7478423B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 15, 2005 |
| Grant date | Jan 13, 2009 |
| Priority date | — |
| Expiry date | Jan 10, 2027 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirected I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a carried out by the file system against the alternate environment. A configuration utility is responsible for determining which installed applications are authorized to change the protected execution environment. The configuration utility also establishes a parent-child relationship between an unauthorized application that invokes or “spawns” an authorized application, with the authorized child application being considered unauthorized when performing processes on behalf of the unauthorized parent application.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.