COMPIILING AND EXECUTING CODE IN A SECURE SANDBOX

    公开(公告)号:US20220027458A1

    公开(公告)日:2022-01-27

    申请号:US16938931

    申请日:2020-07-25

    IPC分类号: G06F21/53 G06F8/41 G06F21/60

    摘要: The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. A method of compiling and executing a new program in a secure sandbox. The method includes receiving, by a host operating system, a request from a guest operating system to invoke an execution environment in a secure sandbox on a host operating system; and execute the execution environment in the secure sandbox. The user can use the execution environment in the secure sand box from a guest operating system to compile and execute the new program on the host operating system.

    NATIVE EXECUTION BY A GUEST OPERATING ENVIRONMENT

    公开(公告)号:US20220027457A1

    公开(公告)日:2022-01-27

    申请号:US16938927

    申请日:2020-07-25

    IPC分类号: G06F21/53 G06F9/455 H04L29/06

    摘要: The present disclosure elates generally to a computer architecture and infrastructure for guest operating systems executing on a host operating system. More particularly, it relates to methods and systems for allowing a guest operating system to control the resources of a commodity server system. A method of allowing a guest operating system to control and manage computer resources includes receiving, by a host operating system, a call from a guest operating system to control and manage computer resources; creating, by the host operating system, a secure sandbox executing on the host operating system; and creating, by the host operating system, a secure tunnel between the secure sandbox and the guest operating system, the secure tunnel having loopback networking. The secure sandbox is controlled and managed by the guest operating system but executing on the host operating system.

    INVOKING A NATIVE PROCESS AS A CALLED PROCEDURE BY A GUEST OPERATING ENVIRONMENT

    公开(公告)号:US20220027220A1

    公开(公告)日:2022-01-27

    申请号:US16938930

    申请日:2020-07-25

    IPC分类号: G06F9/54

    摘要: The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. A method of invoking a native process as a called procedure, the method including receiving, by a host operating system, a request to invoke a native process as a called procedure form a guest operating system; loading the native process executable into a secure sandbox running on the host operating system; and transforming data from the native process into a representation appropriate for the called the procedure in the host operating environment.

    ALLOWING ROOT FILE ACCESS FROM A GUEST OPERATING SYSTEM

    公开(公告)号:US20220027485A1

    公开(公告)日:2022-01-27

    申请号:US16938932

    申请日:2020-07-25

    IPC分类号: G06F21/62 G06F9/4401

    摘要: The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. According to one embodiment, a method of allowing root file access includes receiving a request from a guest operating system to have root file access in a host operating system; determining, by the host operating system, if the request is asking for information relevant to the guest operating system itself, and if the request is asking for information that has the same credentials as the request; and if the information is relevant to the guest operating system itself and the information has the same credentials as the request, then providing a secure path to the relevant root file system on the host operating system.

    AUTHENTICASTING AND AUTHORIZING A USER IN AN EMULATED ENVIRONMENT

    公开(公告)号:US20220027454A1

    公开(公告)日:2022-01-27

    申请号:US16938928

    申请日:2020-07-25

    摘要: The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. A method of authenticating and authorizing a user in an emulated computing environment is disclosed. The method includes receiving a request by a user operating on a guest operating system and having user credentials to invoke a process in a secure sandbox on a host operating system; searching a pool of credentials for the user credentials in the host operating system; associating the user credentials with the process such that all services running on a guest operating system have the same credentials as a host operating system; and after the process has completed, returning the user credentials to the pool.