Compartmentalization of the user network interface to a device

摘要

A device has physical network interface port through which a user can monitor and configure the device. A backend process and a virtual machine (VM) execute on a host operating system (OS). A front end user interface process executes on the VM, and is therefore compartmentalized in the VM. There is no front end user interface executing on the host OS outside the VM. The only management access channel into the device is via a first communication path through the physical network interface port, to the VM, up the VM's stack, and to the front end process. If the backend process is to be instructed to take an action, then the front end process forwards an application layer instruction to the backend process via a second communication path. The instruction passes down the VM stack, across a virtual secure network link, up the host stack, and to the backend process.

主权项

1. A method comprising:
(a) executing a host operating system, a virtual machine, and a backend process on a device, wherein the device includes a physical network interface port, wherein the virtual machine and the backend process are application layer programs executing on the host operating system, wherein the host operating system includes a stack and a virtual network interface port, and wherein the virtual machine includes a stack, a user interface process, a first virtual network interface port, and a second virtual interface port; (b) communicating one or more frames from the physical network interface port of the device to the first virtual network interface port of the virtual machine; (c) processing the one or more frames up the stack of the virtual machine such that a first application layer message is generated by the stack; (d) processing the first application layer message in the user interface process of the virtual machine; (e) in response to the processing of the first application layer message, generating a second application layer message in the user interface process of the virtual machine; (f) processing the second application layer message down the stack of the virtual machine thereby generating one or more Ethernet frames; (g) communicating the one or more Ethernet frames out of the virtual machine via the second virtual network interface port of the virtual machine, and across a virtual secure network link, and into the host operating system through the virtual network interface port of the host operating system; (h) processing the one or more Ethernet frames up the stack of the host operating system thereby generating a third application layer message; and (i) processing the third application layer message in the backend process.