BROWSER SECURITY STANDARDS VIA ACCESS CONTROL

US 20110138174A1
Filed: 12/21/2009
Published: 06/09/2011
Est. Priority Date: 12/07/2009
Status: Active Grant

First Claim

Patent Images

1. A method for running an operating system on a device, the method comprising:

receiving, from an instance of a web browser, an operating system service request;

running the operating system service request by the operating system, wherein the operating system service request requests access to a resource;

retrieving a security context for the resource; and

applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be appreciated that the security module can apply mandatory access control security policies to such web browser access attempts.

Citations

20 Claims

1. A method for running an operating system on a device, the method comprising:
- receiving, from an instance of a web browser, an operating system service request;
  
  running the operating system service request by the operating system, wherein the operating system service request requests access to a resource;
  
  retrieving a security context for the resource; and
  
  applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the running the operating system service request includes:
    - calling a hook to a security module prior to an execution of an access of the resource, wherein the security module is located in the operating system.
  - 3. The method of claim 2, wherein the applying of the security policy is performed by the security module.
  - 4. The method of claim 1, wherein the security context is stored using an extension to an existing file stored in a file system of the operating system.
  - 5. The method of claim 1, wherein the security context is stored as a stand-alone file in a file system of the operating system.
  - 6. The method of claim 1, wherein if the resource is a cookie file, then the security policy is a same path security policy.
  - 7. The method of claim 1, further comprising:
    - monitoring execution of the instance of the web browser to determine if any changes occur that alter a property of the instance of the web browser that correspond to a property of the security context; and
      
      upon detection of a change to a property of the instance of the web browser, updating that security context to reflect the change.
  - 8. The method of claim 2, further comprising:
    - on startup of the operating system, running an initialization script to load the security module into a kernel of the operating system.
  - 9. The method of claim 5, further comprising:
    - on startup of the operating system;
      
      mounting the file system;
      
      reading a file containing configuration settings to configure the file system to store security contexts as stand-alone files; and
      
      updating settings of the file system based on the configuration settings from the file.

10. A method for operating a web browser, the method comprising:
- running an instance of the web browser;
  
  sending an operating system service request to an operating system when the web browser needs to access a resource;
  
  receiving an indication as to whether the access is permitted from the operating system, based upon an access control security policy using a stored security context for the resource and a current context of the instance of the web browser; and
  
  accessing the resource only if the indication permits access to the resource.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising:
    - installing a plug-in to the web browser;
      
      wherein the running an instance of the web browser includes running the instance of the web browser including the plug-in; and
      
      wherein the sending an operating system service request is performed by the plug-in.

12. A method comprising:
- creating an extension to a file system of an operating system, wherein the extension adds metadata to one or more files stored by the file system, wherein the metadata for a particular file contains information related to a browser security context corresponding to the particular file.
- View Dependent Claims (13)
- - 13. The method of claim 12, wherein the browser security context includes information that will be utilized by an access control policy to determine whether a requestor is permitted to access the particular file.

14. An operating system comprising:
- a file system; and
  
  a kernel containing a security module, wherein the security module is configured to;
  
  receive, from an instance of a web browser, an operating system service request;
  
  run the operating system service request in a kernel of the operating system, wherein the operating system service request requests access to a resource;
  
  retrieve a security context for the resource; and
  
  apply a security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.
- View Dependent Claims (15, 16, 17)
- - 15. The operating system of claim 14, wherein the resource is a cookie.
  - 16. The operating system of claim 14, wherein the resource is a hardware device on a computing device on which the operating system is run.
  - 17. The operating system of claim 16, wherein the computing device is a mobile phone.

18. A system comprising:
- a web browser;
  
  a file system; and
  
  an operating system containing a security module;
  
  wherein the web browser is configured to;
  
  send an operating system service request to the operating system when the web browser needs to access a resource;
  
  receive an indication as to whether the access is permitted from the operating system, based upon an access control security policy using a stored security context for the resource and a current context of the instance of the web browser; and
  
  accessing the resource only if the indication permits access to the resource;
  
  wherein the security module is configured to;
  
  receive, from the web browser, the operating system service request;
  
  run the operating system service request by the operating system;
  
  retrieve a security context for the resource; and
  
  apply a security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of an instance of the web browser.

19. An apparatus for running an operating system on a device, the apparatus comprising:
- means for receiving, from an instance of a web browser, an operating system service request;
  
  means for running the operating system service request by an operating system, wherein the operating system service request requests access to a resource;
  
  means for retrieving a security context for the resource; and
  
  means for applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.

20. A program storage device readable by a machine tangibly embodying a program of instructions executable by the machine to perform a method for running an operating system on a device, the method comprising:
- receiving, from an instance of a web browser, an operating system service request;
  
  running the operating system service request by an operating system, wherein the operating system service request requests access to a resource;
  
  retrieving a security context for the resource; and
  
  applying an access control security policy based upon the security context and based upon information regarding the instance of a web browser, wherein the security policy grants access to the resource if a property or properties of the security context match a property or properties of the instance of the web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
KALASAPUR, Swaroop S., CHENG, Doreen, ACIICMEZ, Onur, SONG, Yu

Granted Patent

US 8,458,765 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6272   by registering files or doc...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

BROWSER SECURITY STANDARDS VIA ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

BROWSER SECURITY STANDARDS VIA ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links