BROWSER SECURITY STANDARDS VIA ACCESS CONTROL
First Claim
Patent Images
1. A method for running an operating system on a device, the method comprising:
- receiving, from an instance of a web browser, an operating system service request;
running the operating system service request by the operating system, wherein the operating system service request requests access to a resource;
retrieving a security context for the resource; and
applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be appreciated that the security module can apply mandatory access control security policies to such web browser access attempts.
-
Citations
20 Claims
-
1. A method for running an operating system on a device, the method comprising:
-
receiving, from an instance of a web browser, an operating system service request; running the operating system service request by the operating system, wherein the operating system service request requests access to a resource; retrieving a security context for the resource; and applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for operating a web browser, the method comprising:
-
running an instance of the web browser; sending an operating system service request to an operating system when the web browser needs to access a resource; receiving an indication as to whether the access is permitted from the operating system, based upon an access control security policy using a stored security context for the resource and a current context of the instance of the web browser; and accessing the resource only if the indication permits access to the resource. - View Dependent Claims (11)
-
-
12. A method comprising:
creating an extension to a file system of an operating system, wherein the extension adds metadata to one or more files stored by the file system, wherein the metadata for a particular file contains information related to a browser security context corresponding to the particular file. - View Dependent Claims (13)
-
14. An operating system comprising:
-
a file system; and a kernel containing a security module, wherein the security module is configured to; receive, from an instance of a web browser, an operating system service request; run the operating system service request in a kernel of the operating system, wherein the operating system service request requests access to a resource; retrieve a security context for the resource; and apply a security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser. - View Dependent Claims (15, 16, 17)
-
-
18. A system comprising:
-
a web browser; a file system; and an operating system containing a security module; wherein the web browser is configured to; send an operating system service request to the operating system when the web browser needs to access a resource; receive an indication as to whether the access is permitted from the operating system, based upon an access control security policy using a stored security context for the resource and a current context of the instance of the web browser; and accessing the resource only if the indication permits access to the resource;
wherein the security module is configured to;receive, from the web browser, the operating system service request; run the operating system service request by the operating system; retrieve a security context for the resource; and apply a security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of an instance of the web browser.
-
-
19. An apparatus for running an operating system on a device, the apparatus comprising:
-
means for receiving, from an instance of a web browser, an operating system service request; means for running the operating system service request by an operating system, wherein the operating system service request requests access to a resource; means for retrieving a security context for the resource; and means for applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.
-
-
20. A program storage device readable by a machine tangibly embodying a program of instructions executable by the machine to perform a method for running an operating system on a device, the method comprising:
-
receiving, from an instance of a web browser, an operating system service request; running the operating system service request by an operating system, wherein the operating system service request requests access to a resource; retrieving a security context for the resource; and applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.
-
Specification