The invention relates to systems and methods for preventing a computer system from executing unauthorized software, and in particular, to carrying out such application control in hardware virtualization configurations.
In the modern software-driven economy, as employees move from using desktop computers to using mobile devices such as laptops, tablet computers, and mobile phones, and as work becomes progressively de-localized, managing an ever-increasing count and heterogeneity of software applications becomes a serious problem. Furthermore, running certain applications (such as instant messaging, social networks, and online games, among others) while at work may reduce employee productivity and expose a company to a substantial computer security risk from malicious software, spyware, and unauthorized intrusion.
A further recent development challenging the classical model of computing is hardware virtualization, which allows the creation of emulated computer environments commonly known as virtual machines (VM). In typical applications such as webserver farming and virtual desktop infrastructure (VDI), multiple virtual machines run simultaneously on the same physical machine, sharing the hardware resources among them, thus reducing investment and operating costs. Each virtual machine may run its own operating system and/or software applications, separately from other VMs. In some systems, virtual machines are instantiated and removed dynamically, which further increases the heterogeneity of software executing at any one time on the respective physical platform.
Application control software may be used to prevent a computer system and/or a user from executing any software apart from a selected subset of computer programs. In some forms, application control may further comprise allowing a computer system/user access only to a specific subset of services (protocols) and/or to specific subset of hardware devices (e.g., network ports, storage devices, etc.). There is an increasing interest in developing application control systems and methods particularly suited to modern virtualized environments.