Browse Prior Art Database

A Mechanism Permitting Safe Code Browsing

IP.com Disclosure Number: IPCOM000015193D
Original Publication Date: 2002-Jan-11
Included in the Prior Art Database: 2003-Jun-20
Document File: 5 page(s) / 55K

Publishing Venue

IBM

Abstract

Background

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 5

A Mechanism Permitting Safe Code Browsing

Background

Many people spend significant time downloading software over the
Internet, installing it on their machine and testing its adequacy
for a given task. The IBM alphaworks web site is an example of a
site that exists for exactly this purpose.

The disadvantages of this approach are:

(a) users must spend time downloading and installing code
themselves
(b) users must have access to an appropriate environment in which
to run the code
(c) users must trust the suppliers of the code and even if the
suppliers are not maliciousunintentional the installed code
may cause failure of existing applications
(d) installing and uninstalling code is not idempotent, i.e. even
after uninstalling, residual traces of the code continue to be
present, for example in registries, potentially causing
problems in the future.

Offering a set of servers upon which the code is preinstalled,
would remove the necessity of the users installing the code
themselves. However, for reasons of security, users' access
rights within such an environment would have to be very limited
meaning that not every general piece of code could be tested.
Moreover users profiling code would start incurring crosstalk as
they carry out different tests simultaneously. Finally, the
number of servers required grows both with the number of
environments supported and the number of mutually exclusive
pieces of code they are required to support, for example for two
httpd and four flavors of Linux would require eight different
servers.

The proposed solution permits code to be installed and executed
at the server side, but in such a way that users can have
complete rights to the environment in which the code is executed,
that multiple users can coexist without interfering and that
execution environments are only created when needed.

Description of the Solution

The solution requires:

(a) a means of creating general purpose virtual servers isolated
from the physical servers on which they are resident
(b) a means of obtaining code from an existing web site

1

Page 2 of 5

(c) a means of loading the code into the virtual servers
(d) a means of notifying users and providing them access to the
created server
(e) a means to destroy the virtual server after an agreed period
of time.

2

Page 3 of 5

Examples of (a) are Ensim, VMWare GSX. Examples of (b) are ftp
and http, (c) is achieved by running a process within the virtual
server which is capable of receiving instructions as to what
software it should install, and (d) is received by e-mailing
users after the successful creation of the virtual server with
the required code, giving the IP address and account which the
user should then access via telnet or a comparable terminal
technology. (e) is achieved by telling the user...