METHOD AND SYSTEM FOR SECURE RUNNING OF UNTRUSTED CONTENT

US 20020019941A1
Filed: 06/12/1998
Published: 02/14/2002
Est. Priority Date: 06/12/1998
Status: Active Grant

First Claim

Patent Images

1. In a system having an operating system provided security mechanism that determines access of processes to resources based on information in an access token associated with each of the processes against security information associated with each of the resources, a method of restricting access of content to resources, comprising the steps of, setting up a process for the content, determining restriction information based on criteria available to the system, adding the restriction information to a restricted access token, and using the restricted access token as the access token of the content'"'"'s process.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content'"'"'s process is information indicative of how trusted or untrusted the content is likely to be.

Citations

35 Claims

1. In a system having an operating system provided security mechanism that determines access of processes to resources based on information in an access token associated with each of the processes against security information associated with each of the resources, a method of restricting access of content to resources, comprising the steps of, setting up a process for the content, determining restriction information based on criteria available to the system, adding the restriction information to a restricted access token, and using the restricted access token as the access token of the content'"'"'s process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 2. The method of claim 1 wherein the content comprises data obtained from an untrusted source.
  - 3. The method of claim 2 wherein the untrusted source is a floppy disk.
  - 4. The method of claim 2 wherein the content writes a file to the system, and further comprising the steps of generating a restricted security identifier corresponding to the site, adding the security identifier to security information of the file, and storing the file in the system.
  - 5. The method of claim 2 wherein the content writes a file to the system, and further comprising the step of redirecting a path provided by the content to a path associated with the site.
  - 6. The method of claim 2 wherein the data comprises network data and the untrusted source is a network site.
  - 7. The method of claim 6 wherein the site is an Internet site, and the step of determining restriction information includes the step of generating a security identifier from unique information of the Internet site.
  - 8. The method of claim 7 wherein the unique information comprises a binary certificate identifier of the Internet site.
  - 9. The method of claim 7 wherein the unique information comprises a Uniform Resource Locator (URL) of the Internet site, and wherein the step of generating a security identifier includes the step of converting the URL to the restricted security identifier.
  - 10. The method of claim 9 wherein the step of converting the URL to the restricted security identifier includes the step of hashing the URL with a cryptographic hash function.
  - 11. The method of claim 1 wherein the content comprises an electronic mail message.
  - 12. The method of claim 11 wherein the step of determining restriction information includes the steps of determining the sender of the message.
  - 13. The method of claim 12 wherein the step of determining the sender of the message includes the step of authenticating the sender.
  - 14. The method of claim 1 wherein the content comprises a script.
  - 15. The method of claim 14 wherein the system is a server, and wherein the step of determining restriction information includes the step of determining how the client was authenticated to the server.
  - 16. The method of claim 1 wherein the content comprises data downloaded from a site, further comprising the steps of determining a zone corresponding to the site, and wherein the step of adding the restriction information to a restricted access token includes the step of adding a restricted security identifier corresponding to the zone to the restricted access token.
  - 17. The method of claim 1 further comprising the step of accessing the resource through a helper process.
  - 18. The method of claim 17 wherein the helper process extracts information associated with the content from the restricted token.
  - 19. The method of claim 17 further comprising the steps of detecting at an application programming interface an attempt to access a resource from the process having the restricted token as its access token, and in response, calling the helper process to access the resource, and returning information from the helper process to the process having the restricted token as its access token.
  - 20. The method of claim 17 further comprising the step of setting the security information of the resource to allow access to the helper process and deny access to the to the process having the restricted token as its access token.
  - 21. The method of claim 1 further comprising the step of putting the process into a job object.
  - 22. The method of claim 1 wherein the content attempts to access a system registry, and further comprising the step of redirecting a registry location provided by the content to a registry location associated with the content.
  - 24. The system of claim 23 wherein the content comprises data downloaded from a site.
  - 25. The system of claim 24 wherein the site is an Internet site, and wherein the discrimination mechanism generates a restricted security identifier from information of the Internet site.
  - 26. The system of claim 25 wherein the information of the Internet site comprises a binary certificate identifier of the Internet site.
  - 27. The system of claim 25 wherein the information of the Internet site comprises a Uniform Resource Locator (URL), and further comprising a converter for converting the URL to the restricted security identifier.
  - 28. The system of claim 27 wherein the converter includes a one-way cryptographic hash function.
  - 29. The system of claim 23 wherein the content comprises an electronic mail message.
  - 30. The system of claim 29 wherein the discrimination mechanism determines a restricted security identifier based on the sender of the message.
  - 31. The system of claim 23 wherein the content comprises a script.
  - 32. The system of claim 23 wherein the system is a server, and wherein a restricted security identifier is generated according to how the client was authenticated to connect to the server.
  - 33. The system of claim 23 further comprising a helper process for extracting information associated with the content from the restricted token and for accessing the resource on behalf of the process.
  - 34. The system of claim 23 further comprising a job object, wherein the process runs in the job object.

23. In a computer system, a system for restricting access of content to resources, comprising, a process set up for the content, a discrimination mechanism for determining at least one restricted security identifier based on information corresponding to the content, a mechanism for creating a restricted access token for the process by adding the at least one restricted security identifier to the restricted access token, and a security mechanism for determining access of the content'"'"'s process to a resource by comparing information in the restricted access token to security information associated with the resource.

35. In a computer server, a system for restricting access of content to resources, comprising, a plurality of content arranged in distinct web sites, the content of each web site having a process set up therefor, a discrimination mechanism for determining at least one restricted security identifier based on information corresponding to each site, a mechanism for creating a restricted access token for each process by adding the at least one restricted security identifier corresponding to the site to the restricted access token for the process thereof, and a security mechanism for determining access of each content'"'"'s process to a resource by comparing information in the restricted access token to security information associated with the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
WARD, RICHARD B., SHAH, BHARAT, GOERTZEL, MARIO C., SWIFT, MICHAEL M., JENSENWORTH, GREGORY, CHAN, SHANNON

Granted Patent

US 6,505,300 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

METHOD AND SYSTEM FOR SECURE RUNNING OF UNTRUSTED CONTENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURE RUNNING OF UNTRUSTED CONTENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links