1. Field of the Invention
The present invention is related to virtual private servers, and more particularly, to virtual private servers for use in a desktop or laptop environment.
2. Related Art
With the popularity and success of the Internet, server technologies are of great commercial importance today. An individual server application typically executes on a single physical host computer, servicing client requests. However, providing a unique physical host for each server application is expensive and inefficient.
For example, commercial hosting services are often provided by an Internet Service Provider (ISP), which generally provides a separate physical host computer for each customer on which to execute a server application. However, a customer purchasing hosting services may often neither require nor be amenable to paying for use of an entire host computer. In general, an individual customer will only require a fraction of the processing power, storage, and other resources of a host computer.
Accordingly, hosting multiple server applications on a single physical computer is desirable. In order to be commercially viable, however, every server application needs to be isolated from every other server application running on the same physical host. Clearly, it would be unacceptable to most customers of an ISP to purchase hosting services, only to have another server application program (perhaps belonging to a competitor) access the customer's data and client requests. Thus, each server application program needs to be isolated, receiving requests only from its own clients, transmitting data only to its own clients, and being prevented from accessing data associated with other server applications.
Furthermore, it is desirable to allocate varying specific levels of system resources to different server applications, depending upon the needs of, and amounts paid by, the various customers of the ISP. In effect, each server application needs to be a “virtual private server” or VPS, simulating a server application executing on a dedicated physical host computer.
Such functionality is unavailable on traditional server technology because, rather than comprising a single, discrete process, a virtual private server must include a plurality of seemingly unrelated processes. Each process performs various elements of the sum total of the functionality required by the customer. Because each virtual private server includes a plurality of processes, traditional server technology has been unable to effectively isolate the processes associated with one virtual private server from those processes associated with other virtual private servers.
Thus, a major problem with conventional VPS implementations is the lack of isolation between the VPSs. This means that a conventional VPS has to operate in a “friendly environment,” relying on other VPSs and other applications running in those other VPSs to not invade its address space, or to utilize more than their share of resources. This is also sometimes known as a cooperative environment (vs. a non-cooperative environment, where users or applications of one VPS cannot be trusted to not modify data that does not belong to them or to not attempt to “hog” all system resources). However, there is a difficulty of utilizing “cooperative” VPSs in any number of applications. For example, in the web server context, it is assumed that the host will be subject to attack by hackers. No assumption of a friendly environment can be made in that case. Also, in the absence of isolation between the VPSs, one VPS can “hog” more than its share of system resources, or can affect and/or modify objects and data that belong to other VPSs.
In addition to security being an issue in a server environment, security is also an increasingly important issue for home desktop computing, laptops, and small business environments. For example, with the increasing vulnerability of home computers to viruses that spread through email attachments and executable downloadable files, data on the individual computer can be corrupted. Executable files received via email or data files of known applications (like Microsoft Word files, Excel spreadsheets, bitmaps, etc.) can contain viruses or cause system failure because of bugs in security of mail clients or operating system. Also, such computers are frequently used for what is known as denial of service (DOS) attacks, where a virus infects a computer, but does not perform any hostile acts towards the computer itself. However, at a pre-set time, if the computer is connected to the Internet, the computer sends numerous requests for service to a particular IP address on the Internet. With hundreds and thousands of such computers unwittingly acting as “hosts” for the virus, the server at the target IP address is overwhelmed by fake requests for service, and is either unable to service “real” requests for service, or crashes due to overload.
Some conventional systems employ a relatively primitive scheme that uses “zones” with separate trust levels. For example, the Microsoft Internet Explorer (and .net) approach is URL-based, where the user defines certain links on the Internet has having various levels of trust.
In the case of the Internet Explorer approach, for example, if a particular site is on the company intranet, then it may be permitted the full range of options. If the site is an external site whose trustworthiness is unknown, it may be assigned the lowest trust setting. There are also options for various in-between states, for example, restrictions on downloading from a site, or certain restrictions on javascripts. Similarly, there may be restrictions on downloading of applets, or downloading of applets that access local files on the hard drive. However, such a browser-settings based approach has proven to be inadequate, particularly for computers used in the home and in small businesses.
Accordingly, there is a need in the art to enhance security of data and applications in the end user environment.