Sandboxed execution of plug-ins
First Claim
1. A computing system comprising:
- a processor; and
memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to provide;
an interface component configured to receive a plug-in execution request indicative of a plug-in comprising executable code, that is executable to perform a computing operation in association with an application in a hosted environment;
a load management component configured to select a sandbox server based on a load management characteristic associated with the sandbox server, wherein the sandbox server is isolated from an application server corresponding to the application and includes a host process configured to;
identify a worker process that is associated with the sandbox server and is configured to execute the plug-in in an application domain thatisolates the executing plug-in from the application, andis configured to generate an execution call that is indicative of the execution of the plug-in by the application domain; and
provide the execution call to the application; and
a management component configured to;
receive an indication of abnormal execution behavior associated with the execution of the plug-in; and
generate an instruction to stop the execution of the plug-in based on the indication of abnormal execution behavior.
2 Assignments
0 Petitions
Accused Products
Abstract
A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP. Moreover, the architecture is highly scalable, stateless, and low administration architecture for the execution of the plug-ins, which can be scaled by adding/removing additional sandbox servers on-the-fly without prior configuration.
52 Citations
16 Claims
-
1. A computing system comprising:
-
a processor; and memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to provide; an interface component configured to receive a plug-in execution request indicative of a plug-in comprising executable code, that is executable to perform a computing operation in association with an application in a hosted environment; a load management component configured to select a sandbox server based on a load management characteristic associated with the sandbox server, wherein the sandbox server is isolated from an application server corresponding to the application and includes a host process configured to; identify a worker process that is associated with the sandbox server and is configured to execute the plug-in in an application domain that isolates the executing plug-in from the application, and is configured to generate an execution call that is indicative of the execution of the plug-in by the application domain; and provide the execution call to the application; and a management component configured to; receive an indication of abnormal execution behavior associated with the execution of the plug-in; and generate an instruction to stop the execution of the plug-in based on the indication of abnormal execution behavior. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method comprising:
-
receiving a plug-in execution request indicative of a plug-in comprising executable code that is executable to perform a computing operation in association with an application in a hosted environment; selecting a sandbox server that is isolated from an application server corresponding to the application; executing, by a worker process associated with the sandbox server, the plug-in in an application domain that is isolated from the application; generating, by the worker process an execution call that is indicative of execution of the plug-in by the application domain; providing the execution call to the application; receiving an indication of abnormal execution behavior associated with the execution of the plug-in; identifying an error in execution of the plug-in based on the indication of abnormal execution behavior; based on the identified error, associating a penalty metric with the plug-in; and generating an instruction to stop the execution of the plug-in based on a determination that the penalty metric exceeds a pre-determined threshold. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-implemented method comprising:
-
receiving a plug-in execution request indicative of a plug-in associated with an application; selecting a sandbox server that is isolated from an application server corresponding to the application and includes a host process; identifying, by the host process, a worker process that is associated with the sandbox server; executing, by the worker process associated with the sandbox server, the plug-in in an application domain that is isolated from the application; generating an execution call that is indicative of execution of the plug-in by the application domain; providing the execution call to the application; receiving an indication of abnormal execution behavior associated with the execution of the plug-in; and generating an instruction to stop the execution of the plug-in based on indication of abnormal execution behavior. - View Dependent Claims (13, 14, 15, 16)
-
Specification