US2021109903A1PendingUtilityA1

Unified file system on air-gapped endpoints

Assignee: HYSOLATE LTDPriority: Jan 23, 2017Filed: Dec 1, 2020Published: Apr 15, 2021
Est. expiryJan 23, 2037(~10.5 yrs left)· nominal 20-yr term from priority
G06F 16/113G06F 2009/45587G06F 16/168G06F 16/1844G06F 9/45558G06F 21/6218G06F 21/53
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for providing a unified file system on an air-gapped endpoint are provided. The method includes monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered, preventing the display of a file system dialog window in the first security zone; and displaying the file system dialog window of the second security zone in the second security zone.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for providing a unified file system on a virtually air-gapped endpoint, comprising:
 monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone;   determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and   when the file system dialog window of the second security zone is determined to be triggered,
 preventing the display of a file system dialog window in the first security zone; and 
 displaying the file system dialog window of the second security zone in the second security zone. 
   
     
     
         2 . The method of  claim 1 , wherein the determination if the detected file system operation triggers the display of the file system dialog window of the second security zone is based on at least a user interface (UX) policy. 
     
     
         3 . The method of  claim 2 , wherein the UX policy defines UX functions including file system operations allowed to be performed by a user of the virtually air-gapped endpoint in a corresponding security zone. 
     
     
         4 . The method of  claim 1 , wherein each of the file system operation causes displaying windows of applications executed in the first and second security zones on a same computer display of the virtually air-gapped endpoint. 
     
     
         5 . The method of  claim 1 , wherein the first security zone is a personal security zone and the second security zone is a corporate security zone. 
     
     
         6 . The method of  claim 1 , wherein the at least one file system operation includes at least any one of: save, save-as, and open. 
     
     
         7 . The method of  claim 1 , further comprising:
 renaming at least frequently accessed folders on at least one of: the first security zone and the second security zone.   
     
     
         8 . The method of  claim 7 , wherein displaying the file system dialog window in the second security zone, further comprises:
 rendering a graphical user interface (GUI) window with the renamed frequently accessed folders in the second security zone.   
     
     
         9 . The method of  claim 1 , wherein the method is performed by a hypervisor of the virtually air-gapped endpoint, the hypervisor including an abstraction layer, at least one native hypervisor, an optimization module, and a security module. 
     
     
         10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process for performing user experience (UX) functions on a virtually air-gapped endpoint, the process comprising:
 monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone;   determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and   when the file system dialog window of the second security zone is determined to be triggered,
 preventing the display of a file system dialog window in the first security zone; and 
 displaying the file system dialog window of the second security zone in the second security zone. 
   
     
     
         11 . A computing system, comprising:
 a network card interface;   a processing circuitry; and   a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to become a virtually air-gapped endpoint that has at least a first virtual machine and a second virtual machine, the first virtual machine instantiating a first security zone and the second virtual machine instantiating a second security zone, the instructions further configuring the processing circuitry to:   monitor the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone;   determine if the detected file system operation triggers a display of a file system dialog window of the second security zone; and   when the file system dialog window of the second security zone is determined to be triggered,
 prevent the display of a file system dialog window in the first security zone; and 
 display the file system dialog window of the second security zone in the second security zone. 
   
     
     
         12 . The air-gapped computing system of  claim 11 , wherein the determination if the detected file system operation triggers the display of the file system dialog window of the second security zone is based on at least a user interface (UX) policy. 
     
     
         13 . The air-gapped computing system of  claim 12 , wherein the UX policy defines UX functions including file system operations allowed to be performed by a user of the virtually air-gapped endpoint in a corresponding security zone. 
     
     
         14 . The air-gapped computing system of  claim 11 , wherein each of the file system operation causes displaying windows of applications executed in the first and second security zones on a same computer display of the virtually air-gapped endpoint. 
     
     
         15 . The air-gapped computing system of  claim 11 , wherein the first security zone is a personal security zone and the second security zone is a corporate security zone. 
     
     
         16 . The air-gapped computing system of  claim 11 , wherein the at least one file system operation includes at least any one of: save, save-as, and open. 
     
     
         17 . The air-gapped computing system of  claim 11 , wherein the system is further configured to:
 rename at least frequently accessed folders on at least one of: the first security zone and the second security zone.   
     
     
         18 . The air-gapped computing system of  claim 17 , wherein the system is further configured to:
 render a graphical user interface (GUI) window with the renamed frequently accessed folders in the second security zone.   
     
     
         19 . The air-gapped computing system of  claim 11 , wherein the virtually air-gapped endpoint includes a hypervisor, wherein the hypervisor includes an abstraction layer, at least one native hypervisor, an optimization module, and a security module.

Join the waitlist — get patent alerts

Track US2021109903A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.