US 12,169,573 B2
Systems and methods for isolated and protected file system and data restoration
Jacob Mink, Austin, TX (US); and Jason Kolodziej, Austin, TX (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Feb. 9, 2022, as Appl. No. 17/668,163.
Prior Publication US 2023/0252172 A1, Aug. 10, 2023
Int. Cl. G06F 21/62 (2013.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/72 (2013.01)
CPC G06F 21/6209 (2013.01) [G06F 21/572 (2013.01); G06F 21/602 (2013.01); G06F 21/72 (2013.01)] 12 Claims
OG exemplary drawing
 
1. An information handling system comprising:
a processor;
a memory communicatively coupled to the processor; and
executable instructions embodied in non-transitory computer-readable media communicatively coupled to the processor, the instructions configured to, when read and executed by the processor, implement a plurality of executable containers comprising:
a process container configured to execute user processes of the information handling system, wherein the process container is associated with an untrusted partition of the memory;
a storage container associated with a trusted partition of the memory and configured to manage data stored to the trusted partition; and
a security container configured to, in response to a request from the process container to access and store data to the trusted partition:
cause the storage container to retrieve a requested data from the trusted partition and provide a copy of the requested data to the security container;
transmit the copy of the requested data to the process container and receive a processed file of the data from the process container;
validate whether the processed file of the data is safe and trusted;
responsive to determining that the processed file of the data is safe and trusted, cause the storage container to store a read-only file of the processed file of the data to the trusted partition;
persist the read-only file through a wipe of the information handling system, such that the read-only file is accessible following a restore of the information handling system following the wipe; and
wherein the process container, the storage container, and the security container each comprise an isolated virtual machine configured to execute on a hypervisor of an operating system of the information handling system.