EFFICIENT SECURE DATA MARSHALING THROUGH AT LEAST ONE UNTRUSTED INTERMEDIATE PROCESS

US 20130054917A1
Filed: 08/30/2011
Published: 02/28/2013
Est. Priority Date: 08/30/2011
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method for securely marshaling data between processes executing in at least one computing device, the machine-implemented method comprising:

creating a shared memory section by a source process executing in a computing device;

populating the shared memory section by the source process;

marshaling reference information regarding the populated shared memory section from the source process to a first intermediate process of at least one intermediate process executing in the computing device, the reference information not permitting access to the populated shared memory section by the at least one intermediate process;

repeating the marshaling, only when the at least one intermediate process includes at least two intermediate processes, respective reference information from a respective intermediate process to a next respective intermediate process until the next intermediate process is a last intermediate process;

marshaling the reference information regarding the populated shared memory section from a last one of the at least one intermediate process to a target process executing in the computing device;

opening, by the target process, a new handle to the shared memory section by using at least some of the marshaled reference information; and

reading, by the target process, the populated shared memory section.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure marshaling of data via one or more intermediate processes is provided. A source process may create a named shared memory section resulting in a first handle to the shared memory section. The source process may populate the shared memory section with information. An access control list may secure the shared memory section by preventing the one or more intermediate processes from accessing content of the shared memory section, while allowing a target process to access the content. The first handle and a name of the shared memory section may be marshaled to a first intermediate process resulting in a respective new handle to the shared memory section. A last intermediate process may marshal the name to a target process, which may use the name to obtain access to the content of the shared memory section.

Citations

20 Claims

1. A machine-implemented method for securely marshaling data between processes executing in at least one computing device, the machine-implemented method comprising:
- creating a shared memory section by a source process executing in a computing device;
  
  populating the shared memory section by the source process;
  
  marshaling reference information regarding the populated shared memory section from the source process to a first intermediate process of at least one intermediate process executing in the computing device, the reference information not permitting access to the populated shared memory section by the at least one intermediate process;
  
  repeating the marshaling, only when the at least one intermediate process includes at least two intermediate processes, respective reference information from a respective intermediate process to a next respective intermediate process until the next intermediate process is a last intermediate process;
  
  marshaling the reference information regarding the populated shared memory section from a last one of the at least one intermediate process to a target process executing in the computing device;
  
  opening, by the target process, a new handle to the shared memory section by using at least some of the marshaled reference information; and
  
  reading, by the target process, the populated shared memory section.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The machine-implemented method of claim 1, wherein the populating the shared memory section by the source process further comprises:
    - populating the shared memory section with unencrypted information.
  - 3. The machine-implemented method of claim 1, the reference information includes a handle to the shared memory section and a name of the shared memory section.
  - 4. The machine-implemented method of claim 1, further comprising:
    - securing the populated shared memory section using an access control list which does not provide access to contents of the shared memory section by the at least one intermediate process and does provide access to contents of the shared memory section by the target process.
  - 5. The machine-implemented method of claim 1, further comprising:
    - storing, by the source process, authentication data in the shared memory section; and
      
      authenticating, by the target process, the source process based on the authentication data stored in the shared memory section by the source process.
  - 6. The machine-implemented method of claim 1, further comprising:
    - storing, by the source process, sequence data in the shared memory section;
      
      checking, by the target process, the sequence data included in the shared memory section to detect an unexpected gap in sequence numbers.
  - 7. The machine-implemented method of claim 1, further comprising:
    - storing timestamp data in the shared memory section by the source process.
  - 8. The machine-implemented method of claim 1, further comprising:
    - storing size information in the shared memory section by the source process;
      
      opening, by the target process, a fixed size portion of the shared memory section;
      
      accessing, by the target process, the size information stored in the fixed size portion of the shared memory section; and
      
      reopening, by the target process, the shared memory section with a correct size as indicated by the size information.

9. A computing device comprising:
- at least one processor; and
  
  a memory connected to the at least one processor, the memory having instructions recorded therein, such that when the at least one processor executes the instructions, a method is performed comprising;
  
  creating a shared memory section and opening a first handle for a source process, the first handle referencing the shared memory section,populating, by the source process, the shared memory section,creating and opening, by the source process, a new handle that references the shared memory section for a current intermediate process of at least one intermediate process, the second handle being based on the first handle to the shared memory process and having a desired access attribute that permits limited or no access to content of the shared memory section by the at least one intermediate process,closing the first handle by the source process;
  
  marshaling, by the source process, a name of the shared memory section to the intermediate process,repeating while the current intermediate process is not a last intermediate process of the at least one intermediate process;
  
  creating and opening, by the current intermediate process, a respective new handle that references the shared memory section for a next current intermediate process of the at least one intermediate process,marshaling, by the current intermediate process, the name of the shared memory section to the next current intermediate process of the at least one intermediate process,closing the respective new handle by the current intermediate process,preparing to perform processing for the next current intermediate process as the current intermediate process,creating and opening, by the last intermediate process of the at least one intermediate process, a second handle that references the shared memory section for a target process,closing the respective new handle by the last intermediate process,marshaling, by the last intermediate process, the name of the shared memory section to the target process,opening, by the target process, a third handle to the shared memory section by using the marshaled name of the shared memory section,closing the second handle by the target process, andreading, by the target process, the shared memory section.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computing device of claim 9, wherein the method further comprises:
    - guaranteeing existence of the shared memory section as long as at least one handle that references the shared memory section is open.
  - 11. The computing device of claim 9, wherein the method further comprises:
    - securing the shared memory section by using an access control list.
  - 12. The computing device of claim 9, wherein the method further comprises:
    - storing, by the source process, authentication data in the shared memory section;
      
      authenticating, by the target process, the source process based on the authentication data.
  - 13. The computing device of claim 12, wherein the method further comprises:
    - discarding data populating the shared memory section when the target process fails to successfully authenticate the source process.
  - 14. The computing device of claim 9, wherein the method further comprises:
    - storing timestamp data in the shared memory section by the source process; and
      
      detecting, by the target process, a replay attack based on the timestamp data stored in the shared memory section.
  - 15. The computing device of claim 9, wherein the method further comprises:
    - storing sequence information in the shared memory section by the source process; and
      
      detecting, by the target process, an unexpected gap in numbering of the sequence information based on the stored sequence information.

16. A machine-readable storage medium having instructions recorded therein, such that when the instructions are executed by at least one processor of a computing device, the computing device performs a method comprising:
- creating, by a source process executing on the computing device, a shared memory section and opening a first handle that references the shared memory section for the source process,populating, by the source process, the shared memory section, the populating including storing of size information in the shared memory section, the size information indicating a size of the shared memory section used,creating and opening, by the source process, a respective new handle that references the shared memory section for a current intermediate process of at least one intermediate process, the respective new handle having a desired access attribute that permits limited or no access to content of the shared memory section by the at least one intermediate process,closing the first handle by the source process;
  
  marshaling, by the source process, a name of the shared memory section to the current intermediate process,repeating while the current process is not a last intermediate process of the at least one intermediate process;
  
  creating and opening, by the current intermediate process, a respective new handle that references the shared memory section for a next current intermediate process of the at least one intermediate process,marshaling, by the current intermediate process, the name of the shared memory section to the next current intermediate process of the at least one intermediate process,closing the respective new handle by the current intermediate process,preparing to perform processing for the next current intermediate process as the current intermediate process,creating and opening, by the last intermediate process, a second handle that references the shared memory section for a target process,closing the respective new handle by the last intermediate process,marshaling, by the last intermediate process, the name of the shared memory section to the target process,opening, by the target process, a third handle to the shared memory section by using the name of the shared memory section,closing the second handle by the target process, andreading, by the target process, the shared memory section.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The machine-readable storage medium of claim 16, wherein the opening a third handle to the shared memory section by using the name of the shared memory section further comprises:
    - opening, by the target process, a fixed size portion of the shared memory section;
      
      accessing, by the target process, the size information stored in the fixed size portion of the shared memory section; and
      
      reopening, by the target process, the shared memory section with a correct size as indicated by the size information.
  - 18. The machine-readable storage medium of claim 16, wherein the method further comprises:
    - securing the shared memory section by using an access control list which does not provide access to the content the shared memory section by the intermediate process and does provide access to the content of the shared memory section to the target process.
  - 19. The machine-readable storage medium of claim 18, wherein the method further comprises:
    - storing, by the source process, authentication data in the shared memory section; and
      
      authenticating, by the target process, the source process based on the authentication data stored in the shared memory section by the source process.
  - 20. The machine-readable storage medium of claim 16, wherein the method further comprises:
    - storing, by the source process into the shared memory section, sequence data, timestamp data, or both of the sequence data and the timestamp data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ludwig, Charles Alan, De, Pritam, Gonzalbez, Joaquin Guanter

Granted Patent

US 8,645,967 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/1416   by checking the object acce...

G06F 9/468   Specific access rights for ...

G06F 9/544   Buffers; Shared memory; Pipes

EFFICIENT SECURE DATA MARSHALING THROUGH AT LEAST ONE UNTRUSTED INTERMEDIATE PROCESS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT SECURE DATA MARSHALING THROUGH AT LEAST ONE UNTRUSTED INTERMEDIATE PROCESS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links