Columbia Technology Ventures

Apiary: User-friendly desktop application fault containment on commodity operating systems

This technology is a system that provides application fault containment while retaining the integrated appearance and ease of use of a traditional computer desktop environment.

Unmet Need: System for full application isolation that maintains ease of use

Application fault containment techniques seek to run software in an isolated execution environment to prevent the processing of malicious data from damaging other parts of a user’s computer system. However, existing fault containment techniques either compromise application isolation for the sake of desktop integration, or provide isolation at the expense of ease of use. Thus, there is currently no system that provides comprehensive application fault containment without compromising user experience and imposing high overhead.

The Technology: User-friendly application fault containment on commodity operating systems

This technology is a system called Apiary that delivers application fault containment on top of commodity operating systems while preserving the integrated appearance and user friendliness of a traditional computer desktop. Apiary does this by creating containers in which individual applications are safely executed without access to user data. When one application must launch another application, the latter is executed in its own container. These containers are integrated to interact with the display and file system in a controlled manner that presents the user with an integrated desktop.

This technology has been implemented on Linux without requiring any modifications to existing applications or the operating system.

Applications:

  • Improve desktop computer security and privacy
  • Facilitate application testing
  • Ease use of applications that run on legacy or incompatible operating systems
  • Ease removal of unwanted applications

Advantages:

  • User-friendly
  • Maintains traditional desktop environment
  • Enables the integrated use of multiple isolated applications
  • Low overhead and minimal complication of interactions between applications

Lead Inventor:

Jason Nieh, Ph.D.

Patent Information:

Patent Issued (US 8,589,947)

Related Publications:

Tech Ventures Reference: