Unified file system on air-gapped endpoints
Abstract
A system and method for providing a unified file system on an air-gapped endpoint are provided. The method includes monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered, preventing the display of a file system dialog window in the first security zone; and displaying the file system dialog window of the second security zone in the second security zone.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for providing a unified file system on a virtually air-gapped endpoint, comprising:
monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered,
preventing the display of a file system dialog window in the first security zone; and
displaying the file system dialog window of the second security zone in the second security zone.
2 . The method of claim 1 , wherein the determination if the detected file system operation triggers the display of the file system dialog window of the second security zone is based on at least a user interface (UX) policy.
3 . The method of claim 2 , wherein the UX policy defines UX functions including file system operations allowed to be performed by a user of the virtually air-gapped endpoint in a corresponding security zone.
4 . The method of claim 1 , wherein each of the file system operation causes displaying windows of applications executed in the first and second security zones on a same computer display of the virtually air-gapped endpoint.
5 . The method of claim 1 , wherein the first security zone is a personal security zone and the second security zone is a corporate security zone.
6 . The method of claim 1 , wherein the at least one file system operation includes at least any one of: save, save-as, and open.
7 . The method of claim 1 , further comprising:
renaming at least frequently accessed folders on at least one of: the first security zone and the second security zone.
8 . The method of claim 7 , wherein displaying the file system dialog window in the second security zone, further comprises:
rendering a graphical user interface (GUI) window with the renamed frequently accessed folders in the second security zone.
9 . The method of claim 1 , wherein the method is performed by a hypervisor of the virtually air-gapped endpoint, the hypervisor including an abstraction layer, at least one native hypervisor, an optimization module, and a security module.
10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process for performing user experience (UX) functions on a virtually air-gapped endpoint, the process comprising:
monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered,
preventing the display of a file system dialog window in the first security zone; and
displaying the file system dialog window of the second security zone in the second security zone.
11 . A computing system, comprising:
a network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to become a virtually air-gapped endpoint that has at least a first virtual machine and a second virtual machine, the first virtual machine instantiating a first security zone and the second virtual machine instantiating a second security zone, the instructions further configuring the processing circuitry to: monitor the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determine if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered,
prevent the display of a file system dialog window in the first security zone; and
display the file system dialog window of the second security zone in the second security zone.
12 . The air-gapped computing system of claim 11 , wherein the determination if the detected file system operation triggers the display of the file system dialog window of the second security zone is based on at least a user interface (UX) policy.
13 . The air-gapped computing system of claim 12 , wherein the UX policy defines UX functions including file system operations allowed to be performed by a user of the virtually air-gapped endpoint in a corresponding security zone.
14 . The air-gapped computing system of claim 11 , wherein each of the file system operation causes displaying windows of applications executed in the first and second security zones on a same computer display of the virtually air-gapped endpoint.
15 . The air-gapped computing system of claim 11 , wherein the first security zone is a personal security zone and the second security zone is a corporate security zone.
16 . The air-gapped computing system of claim 11 , wherein the at least one file system operation includes at least any one of: save, save-as, and open.
17 . The air-gapped computing system of claim 11 , wherein the system is further configured to:
rename at least frequently accessed folders on at least one of: the first security zone and the second security zone.
18 . The air-gapped computing system of claim 17 , wherein the system is further configured to:
render a graphical user interface (GUI) window with the renamed frequently accessed folders in the second security zone.
19 . The air-gapped computing system of claim 11 , wherein the virtually air-gapped endpoint includes a hypervisor, wherein the hypervisor includes an abstraction layer, at least one native hypervisor, an optimization module, and a security module.Join the waitlist — get patent alerts
Track US2021109903A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.