Sandboxed execution of plug-ins

US 10,542,022 B2
Filed: 06/06/2017
Issued: 01/21/2020
Est. Priority Date: 12/02/2008
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a processor; and

memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to provide;

an interface component configured to receive a plug-in execution request indicative of a plug-in comprising executable code, that is executable to perform a computing operation in association with an application in a hosted environment;

a load management component configured to select a sandbox server based on a load management characteristic associated with the sandbox server, wherein the sandbox server is isolated from an application server corresponding to the application and includes a host process configured to;

identify a worker process that is associated with the sandbox server and is configured to execute the plug-in in an application domain thatisolates the executing plug-in from the application, andis configured to generate an execution call that is indicative of the execution of the plug-in by the application domain; and

provide the execution call to the application; and

a management component configured to;

receive an indication of abnormal execution behavior associated with the execution of the plug-in; and

generate an instruction to stop the execution of the plug-in based on the indication of abnormal execution behavior.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP. Moreover, the architecture is highly scalable, stateless, and low administration architecture for the execution of the plug-ins, which can be scaled by adding/removing additional sandbox servers on-the-fly without prior configuration.

52 Citations

View as Search Results

16 Claims

1. A computing system comprising:
- a processor; and
  
  memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to provide;
  
  an interface component configured to receive a plug-in execution request indicative of a plug-in comprising executable code, that is executable to perform a computing operation in association with an application in a hosted environment;
  
  a load management component configured to select a sandbox server based on a load management characteristic associated with the sandbox server, wherein the sandbox server is isolated from an application server corresponding to the application and includes a host process configured to;
  
  identify a worker process that is associated with the sandbox server and is configured to execute the plug-in in an application domain thatisolates the executing plug-in from the application, andis configured to generate an execution call that is indicative of the execution of the plug-in by the application domain; and
  
  provide the execution call to the application; and
  
  a management component configured to;
  
  receive an indication of abnormal execution behavior associated with the execution of the plug-in; and
  
  generate an instruction to stop the execution of the plug-in based on the indication of abnormal execution behavior.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computing system of claim 1, wherein the sandbox server is selected from a plurality of sandbox servers based on the load management characteristic.
  - 3. The computing system of claim 1, wherein the sandbox server is configured to execute the plug-in based on at least one of:
    - a machine isolation level;
      
      ora process isolation level.
  - 4. The computing system of claim 1, wherein the management component is configured to:
    - determine a penalty metric based on the indication abnormal execution behavior; and
      
      generate an instruction to disable execution of the plug-in based on the penalty metric.
  - 5. The computing system of claim 1, wherein the instructions, when executed, configure the computing system to provide a penalty component configured to:
    - track penalty points based on abnormal execution behavior during execution of the plug-in.
  - 6. The computing system of claim 1, whereinthe application is associated with a first virtual machine that is implemented on a sandbox server, andthe sandbox server comprises a second virtual machine that is securely isolated from the first virtual machine.

7. A computer-implemented method comprising:
- receiving a plug-in execution request indicative of a plug-in comprising executable code that is executable to perform a computing operation in association with an application in a hosted environment;
  
  selecting a sandbox server that is isolated from an application server corresponding to the application;
  
  executing, by a worker process associated with the sandbox server, the plug-in in an application domain that is isolated from the application;
  
  generating, by the worker process an execution call that is indicative of execution of the plug-in by the application domain;
  
  providing the execution call to the application;
  
  receiving an indication of abnormal execution behavior associated with the execution of the plug-in;
  
  identifying an error in execution of the plug-in based on the indication of abnormal execution behavior;
  
  based on the identified error, associating a penalty metric with the plug-in; and
  
  generating an instruction to stop the execution of the plug-in based on a determination that the penalty metric exceeds a pre-determined threshold.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer-implemented method of claim 7, wherein the sandbox server is selected from a plurality of sandbox servers based on a load management characteristic.
  - 9. The computer-implemented method of claim 7, further comprising:
    - identifying a source associated with the plug-in; and
      
      based on a determination that the penalty metric exceeds a pre-determined threshold, preventing registration of second plug-in associated with the source.
  - 10. The computer-implemented method of claim 7, further comprising:
    - managing execution of the plug-in based on a number of times the plug-in has been associated with a penalty metric.
  - 11. The computer-implemented method of claim 7, wherein selecting the sandbox server comprises:
    - selecting the sandbox server based on load balancing data that is indicative of an availability of the sandbox server relative to availability of one or more other sandbox servers.

12. A computer-implemented method comprising:
- receiving a plug-in execution request indicative of a plug-in associated with an application;
  
  selecting a sandbox server that is isolated from an application server corresponding to the application and includes a host process;
  
  identifying, by the host process, a worker process that is associated with the sandbox server;
  
  executing, by the worker process associated with the sandbox server, the plug-in in an application domain that is isolated from the application;
  
  generating an execution call that is indicative of execution of the plug-in by the application domain;
  
  providing the execution call to the application;
  
  receiving an indication of abnormal execution behavior associated with the execution of the plug-in; and
  
  generating an instruction to stop the execution of the plug-in based on indication of abnormal execution behavior.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-implemented method of claim 12, whereinthe plug-in comprises executable code that is configured for execution with the application, andthe sandbox server is selected from a plurality of sandbox servers based on the load management characteristic.
  - 14. The computer-implemented method of claim 12, and further comprising:
    - identifying an error in execution of the plug-in based on the indication of abnormal execution behavior;
      
      based on the identified error, associating a penalty metric with the plug-in; and
      
      based on the associated penalty metric, generating the instruction to stop execution of the plug-in.
  - 15. The computer-implemented method of claim 12, and further comprising:
    - determining that the penalty metric exceeds a pre-determined threshold;
      
      identifying a source associated with the plug-in; and
      
      based on the determination,disabling the plug-in, andpreventing registration of a second plug-in associated with the source.
  - 16. The computer-implemented method of claim 12, and further comprising:
    - selecting the sandbox server based on load balancing data that is indicative of an availability of the sandbox server relative to availability of one or more other sandbox servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Shah, Nirav Yogesh, Hafezipour, Allen F., Jamieson, Steve, Ranjan, Shashi
Primary Examiner(s)
Chiang, Jason

Application Number

US15/615,411
Publication Number

US 20180027007A1
Time in Patent Office

959 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/02   based on web technology, e....

Sandboxed execution of plug-ins

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Sandboxed execution of plug-ins

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others