CPC G06F 21/6209 (2013.01) [G06F 21/572 (2013.01); G06F 21/602 (2013.01); G06F 21/72 (2013.01)] | 12 Claims |
1. An information handling system comprising:
a processor;
a memory communicatively coupled to the processor; and
executable instructions embodied in non-transitory computer-readable media communicatively coupled to the processor, the instructions configured to, when read and executed by the processor, implement a plurality of executable containers comprising:
a process container configured to execute user processes of the information handling system, wherein the process container is associated with an untrusted partition of the memory;
a storage container associated with a trusted partition of the memory and configured to manage data stored to the trusted partition; and
a security container configured to, in response to a request from the process container to access and store data to the trusted partition:
cause the storage container to retrieve a requested data from the trusted partition and provide a copy of the requested data to the security container;
transmit the copy of the requested data to the process container and receive a processed file of the data from the process container;
validate whether the processed file of the data is safe and trusted;
responsive to determining that the processed file of the data is safe and trusted, cause the storage container to store a read-only file of the processed file of the data to the trusted partition;
persist the read-only file through a wipe of the information handling system, such that the read-only file is accessible following a restore of the information handling system following the wipe; and
wherein the process container, the storage container, and the security container each comprise an isolated virtual machine configured to execute on a hypervisor of an operating system of the information handling system.
|