Secure and Extensible Policy-Driven Application Platform

US 20090183171A1
Filed: 05/09/2008
Published: 07/16/2009
Est. Priority Date: 01/11/2008
Status: Active Grant

First Claim

Patent Images

1. A method of evaluating a web interactive component, said method comprising:

defining a policy for a component in a content holder, said component providing interactions between a user and other content in the content holder when the component is rendered, said defined policy indicating an execution boundary of the component during runtime, said execution boundary defining resource access of the component;

transmitting the content holder with the component to be rendered in an application on a host device;

in response to the rendering by the application, intercepting a request from the component for a resource of a server, wherein the resource provides services to the component for interaction with at least one of the following;

the user and the other content from the content holder;

evaluating the intercepted request against the execution boundary in the defined policy; and

providing to the server or the application a dynamic resolution in response to the evaluated request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System of evaluating security of script content. A processor executes computer-executable instructions for defining a policy for the script content in a web page. The script content provides interactions between a user and other content within the web page. The defined policy indicates an execution boundary of the script content. The processor further evaluates the script content against the execution boundary in the defined policy. At run time, the processor transforms at least a portion of the web page in response to the evaluating. An interface transmits the web page with the transformed portion of the script content to be rendered in an application on a host device.

92 Citations

View as Search Results

20 Claims

1. A method of evaluating a web interactive component, said method comprising:
- defining a policy for a component in a content holder, said component providing interactions between a user and other content in the content holder when the component is rendered, said defined policy indicating an execution boundary of the component during runtime, said execution boundary defining resource access of the component;
  
  transmitting the content holder with the component to be rendered in an application on a host device;
  
  in response to the rendering by the application, intercepting a request from the component for a resource of a server, wherein the resource provides services to the component for interaction with at least one of the following;
  
  the user and the other content from the content holder;
  
  evaluating the intercepted request against the execution boundary in the defined policy; and
  
  providing to the server or the application a dynamic resolution in response to the evaluated request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein providing the dynamic resolution comprises at least one of the following:
    - granting the request if the requested resource can be executed within the execution boundary, denying the request if the requested resource cannot be executed within the execution boundary, augmenting the request before granting the request, replacing the request with another request before providing a substitute resolution in response to the another request, and requesting a user input from the user for granting or denying the request.
  - 3. The method of claim 1, further comprising providing an application programming interface (API) for receiving the request from the component, and wherein intercepting comprises intercepting a request from the API for a resource of the server.
  - 4. The method of claim 1, further comprising instantiating a plurality of instances of the components.
  - 5. The method of claim 4, wherein intercepting comprises intercepting a request from each of the plurality of instantiated instances of the component for a resource of a server.
  - 6. The method of claim 1, further comprising modifying the request from the component in response to the evaluating, said modifying the request comprises rewriting the request such that the request is within the execution boundary based on the defined policy.

7. A system of evaluating security of script content, said system comprising:
- a processor having configured to execute computer-executable instructions for;
  
  defining a policy for the script content in a web page, said script content providing interactions between a user and other content within the web page, said defined policy indicating an execution boundary of the script content, said execution boundary defining resource access of the script content;
  
  evaluating the script content against the execution boundary in the defined policy;
  
  transforming, at runtime, at least a portion of the web page in response to the evaluating; and
  
  an interface for transmitting the web page with the transformed portion of the script content to be rendered in an application on a host device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The system of claim 7, wherein the processor is further configured to provide to the server or the application a dynamic resolution in response to the evaluating.
  - 9. The system of claim 8, wherein the dynamic resolution comprises at least one of the following:
    - granting a request if the transformed portion of the web page can be executed within the execution boundary, denying a request if the transformed portion of the web page cannot be executed within the execution boundary, augmenting a request before granting the request, replacing the request with another request before providing a substitute resolution in response to the another request, and requesting a user input from the user for granting or denying a request from the transformed portion of the web page.
  - 10. The system of claim 8, further comprising an application programming interface (API) for receiving the request from the script content, and the processor executes the API to process the received request for a resource of a server.
  - 11. The system of claim 7, wherein the processor is further configured to transform at least a portion of the script content to a property value of a function to be executed at runtime.
  - 12. The system of claim 7, wherein the processor is further configured to instantiate a plurality of instances of the script content.
  - 13. The system of claim 7, wherein the processor is further configured to modify the script content during transforming, wherein the processor rewrites the script content to conform with another script content, and said another script content being within the execution boundary based on the defined policy.
  - 14. The system of claim 11, wherein the processor is configured to replace the transformed portion of the script content to another property value mapping another script content, said another property value falling within the execution boundary of the defined policy when executed at runtime.

15. A method of securing a web interactive function, said method comprising:
- defining a policy for the web interactive function in a web page, said web interactive function providing interactions to a user and to other content in the web page, said defined policy indicating an execution boundary of the web interactive function, said execution boundary defining resource access of the web interactive function;
  
  transmitting the web page to be rendered in an application on a host device;
  
  in response to the rendering by the application, monitoring the web interactive function for a request to interact with the user or the other content in the web page;
  
  intercepting the monitored request from the web interactive function for a resource of a server, wherein the resource provides services to the web interactive function for interaction with at least one of the following;
  
  the user and the other content from the web page;
  
  evaluating the intercepted request against the execution boundary in the defined policy; and
  
  providing to the server or the application a dynamic resolution in response to the evaluating.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein providing the dynamic resolution comprises at least one of the following:
    - granting the request if the requested resource can be executed within the execution boundary, denying the request if the requested resource cannot be executed within the execution boundary, augmenting the request before granting the request, replacing the request with another request before providing a substitute resolution in response to the another request, and requesting a user input from the user for granting or denying the request.
  - 17. The method of claim 15, further comprising providing an application programming interface (API) for receiving the request from the function, and wherein intercepting comprises intercepting a request from the API for a resource of the.
  - 18. The method of claim 15, further comprising instantiating a plurality of instances of the function when a plurality of web pages is rendered by the application.
  - 19. The method of claim 18, wherein intercepting comprises intercepting a request from each of the plurality of instantiated instances of the component for a resource of the server.
  - 20. The method of claim 15, further comprising modifying the request from the function in response to the evaluating, said modifying the request comprises rewriting the request such that the request is within the execution boundary based on the defined policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Logan, Ronald Keith, Yolleck, Stephen Mark, Isaacs, Scott

Granted Patent

US 8,438,636 B2
Time in Patent Office

Days
Field of Search
US Class Current

719/311
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2119   Authenticating web pages, e...

G06F 9/451   Execution arrangements for ...

G06F 9/468   Specific access rights for ...

Secure and Extensible Policy-Driven Application Platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure and Extensible Policy-Driven Application Platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others