Executing applications at appropriate trust levels
First Claim
Patent Images
1. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
- determining operations performable by an application, stored in the memory device, that will endanger a computer or its information by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL to determine whether the code is configured to communicate with one or more remote locations;
building a requested trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform said determined operations that will endanger a computer or its information, and the requested trust level comprising at least one of;
a full trust level that requests permission to perform any operation;
a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
ora restricted trust level that does not request permission to perform a security compromising operation; and
embedding the location-dependent trust level into the application.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods that enable execution of applications at appropriate trust levels are described. These systems and methods can determine appropriate trust levels by comparing applications'"'"' permitted trust levels with their requested trust levels. These systems and methods can determine applications'"'"' permitted trust levels by comparing applications'"'"' execution locations with their published locations. Applications can also be executed at a restricted trust level at which potentially dangerous operations are prohibited.
-
Citations
13 Claims
-
1. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
-
determining operations performable by an application, stored in the memory device, that will endanger a computer or its information by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL to determine whether the code is configured to communicate with one or more remote locations; building a requested trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform said determined operations that will endanger a computer or its information, and the requested trust level comprising at least one of; a full trust level that requests permission to perform any operation; a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
ora restricted trust level that does not request permission to perform a security compromising operation; and embedding the location-dependent trust level into the application. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
-
determining a requested trust level for an application, stored in the memory device, by extracting from the application an embedded requested trust level, the requested trust level corresponding to a minimum trust level at which the application is permitted to perform an operation that can compromise security, wherein the requested trust level comprises at least one of; a full trust level that requests permission to perform any operation; a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
ora restricted trust level that does not request permission to perform a security compromising operation; determining a permitted trust level for the application by comparing a universal resource locator (URL) that indicates an execution location of the application with an additional URL that indicates a published location of the application, and if the execution location is not the same as the published location determining the permitted trust level to be a restricted trust level, and if the execution location is the same as the published location determining the permitted trust level to be a location-dependent trust level, and if the application is highly trusted determining the permitted trust level to be a full trust level; and comparing the requested trust level for the application and the permitted trust level and performing at least one of; executing the application at the requested trust level if the requested trust level is less than the permitted trust level; executing the application at the permitted trust level if the permitted trust level and the requested trust level are equal;
orfailing to execute the application if the requested trust level is greater than the permitted trust level. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
-
determining an appropriate trust level at which to execute an application stored in local memory of the memory device, the determining comparing a requested trust level for the application with a permitted trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform an operation that can compromise security, and the requested trust level extracted from the application and comprising at least one of; a full trust level that requests permission to perform any operation, a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
orrestricted trust level that does not request permission to perform a security compromising operation; the permitted trust level determined by comparing the local memory with a URL that indicates a published location of the application, and, if the local memory is not the same as the published location determining the permitted trust level to be a restricted trust level, and if the local memory is the same as the published location determining the permitted trust level to be a location-dependent trust level, and if the application is highly trusted determining the permitted trust level to be a full trust level; and executing the application at the appropriate trust level, the appropriate trust level being the requested trust level if the requested trust level is less than a permitted trust level or the permitted trust level if the permitted trust level and the requested trust level are equal.
-
Specification