Hosted application sandbox model
First Claim
1. A server configured to execute an application on behalf of a user of a device connected to the server over a network, the server having a network address and comprising:
- an application memory that stores the application; and
an application domain allocator that allocates at least two subdomains of the server for respective instances of the application, where the at least two subdomains are mapped to the network address of the server through one routing rule in a routing table;
an application instantiator comprising instructions that, when executed by the server, cause the server to;
receive a request from a user to execute the application;
select, from among the at least two subdomains of the server allocated for respective instances of the application, a subdomain that has not yet been selected for another instance of the application;
instantiate a new instance of the application; and
serve the new instance of the application to the device of the user through the selected subdomain.
0 Assignments
0 Petitions
Accused Products
Abstract
An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user'"'"'s computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user'"'"'s computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
-
Citations
20 Claims
-
1. A server configured to execute an application on behalf of a user of a device connected to the server over a network, the server having a network address and comprising:
-
an application memory that stores the application; and an application domain allocator that allocates at least two subdomains of the server for respective instances of the application, where the at least two subdomains are mapped to the network address of the server through one routing rule in a routing table; an application instantiator comprising instructions that, when executed by the server, cause the server to; receive a request from a user to execute the application; select, from among the at least two subdomains of the server allocated for respective instances of the application, a subdomain that has not yet been selected for another instance of the application; instantiate a new instance of the application; and serve the new instance of the application to the device of the user through the selected subdomain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable storage memory device storing instructions that, when executed by at least one processor of a device connected to a network and having a network address and an application memory, cause the device to execute an application by:
-
storing the application in the application memory; allocating at least two subdomains of the device for respective instances of the application, where the at least two subdomains are mapped to the network address of the device through one routing rule in a routing table; receiving a request from a user to execute the application; selecting, from among the at least two subdomains of the device allocated for respective instances of the application, a subdomain that has not yet been selected for another instance of the application; instantiating a new instance of the application; and serving the new instance of the application to a user device of the user through the selected subdomain.
-
-
20. A system that serves an application hosted by a network address and provided to users over a network, the system having a network address and comprising:
-
a processor; and a memory storing instructions that, when executed by the processor, cause the system to; allocate at least two subdomains of the system for respective instances of the application, where the at least two subdomains are mapped to the network address of the system through one routing rule in a routing table; receive a request from a user to execute the application; instantiate a new instance of the application; select, from among the at least two subdomains of the server allocated for respective instances of the application, a subdomain that has not yet been selected for another instance of the application; and serve the new instance of the application to a device of the user through the selected subdomain.
-
Specification