Executing applications at appropriate trust levels

US 7,774,620 B1
Filed: 05/27/2004
Issued: 08/10/2010
Est. Priority Date: 05/27/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:

determining operations performable by an application, stored in the memory device, that will endanger a computer or its information by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL to determine whether the code is configured to communicate with one or more remote locations;

building a requested trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform said determined operations that will endanger a computer or its information, and the requested trust level comprising at least one of;

a full trust level that requests permission to perform any operation;

a location-dependent trust level that requests permission to perform at least one operation that can compromise security;

ora restricted trust level that does not request permission to perform a security compromising operation; and

embedding the location-dependent trust level into the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that enable execution of applications at appropriate trust levels are described. These systems and methods can determine appropriate trust levels by comparing applications'"'"' permitted trust levels with their requested trust levels. These systems and methods can determine applications'"'"' permitted trust levels by comparing applications'"'"' execution locations with their published locations. Applications can also be executed at a restricted trust level at which potentially dangerous operations are prohibited.

Citations

13 Claims

1. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
- determining operations performable by an application, stored in the memory device, that will endanger a computer or its information by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL to determine whether the code is configured to communicate with one or more remote locations;
  
  building a requested trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform said determined operations that will endanger a computer or its information, and the requested trust level comprising at least one of;
  
  a full trust level that requests permission to perform any operation;
  
  a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
  
  ora restricted trust level that does not request permission to perform a security compromising operation; and
  
  embedding the location-dependent trust level into the application.
- View Dependent Claims (2, 3)
- - 2. The computer-implemented method of claim 1, wherein the act of embedding comprises attaching the requested trust level to the application.
  - 3. The computer-implemented method of claim 1, further comprising adding an eXtensible Markup Language (XML) attribute to the application that is associated with the requested trust level.

4. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
- determining a requested trust level for an application, stored in the memory device, by extracting from the application an embedded requested trust level, the requested trust level corresponding to a minimum trust level at which the application is permitted to perform an operation that can compromise security, wherein the requested trust level comprises at least one of;
  
  a full trust level that requests permission to perform any operation;
  
  a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
  
  ora restricted trust level that does not request permission to perform a security compromising operation;
  
  determining a permitted trust level for the application by comparing a universal resource locator (URL) that indicates an execution location of the application with an additional URL that indicates a published location of the application, and if the execution location is not the same as the published location determining the permitted trust level to be a restricted trust level, and if the execution location is the same as the published location determining the permitted trust level to be a location-dependent trust level, and if the application is highly trusted determining the permitted trust level to be a full trust level; and
  
  comparing the requested trust level for the application and the permitted trust level and performing at least one of;
  
  executing the application at the requested trust level if the requested trust level is less than the permitted trust level;
  
  executing the application at the permitted trust level if the permitted trust level and the requested trust level are equal;
  
  orfailing to execute the application if the requested trust level is greater than the permitted trust level.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The computer-implemented method of claim 4, further comprising determining the execution location of the application.
  - 6. The computer-implemented method of claim 4, wherein the execution location comprises a location from which the application is cached.
  - 7. The computer-implemented method of claim 4, further comprising determining the published location for the application.
  - 8. The computer-implemented method of claim 4, wherein the requested trust level is the location-dependent trust level.
  - 9. The computer-implemented method of claim 8, wherein the location-dependent trust level comprises a local machine, intranet, or Internet trust level.
  - 10. The computer-implemented method of claim 4, wherein the requested trust level comprises the restricted trust level.
  - 11. The computer-implemented method of claim 10, wherein the restricted trust level does not permit operations configured to access information outside that created by the application.
  - 12. The computer-implemented method of claim 10, wherein the restricted trust level enables safe execution of the application.

13. A computer-implemented method, performed by a processor executing computer executable instructions stored in a memory device, the method comprising:
- determining an appropriate trust level at which to execute an application stored in local memory of the memory device, the determining comparing a requested trust level for the application with a permitted trust level for the application, the requested trust level indicating a minimum trust level at which the application is permitted to perform an operation that can compromise security, and the requested trust level extracted from the application and comprising at least one of;
  
  a full trust level that requests permission to perform any operation,a location-dependent trust level that requests permission to perform at least one operation that can compromise security;
  
  orrestricted trust level that does not request permission to perform a security compromising operation;
  
  the permitted trust level determined by comparing the local memory with a URL that indicates a published location of the application, and, if the local memory is not the same as the published location determining the permitted trust level to be a restricted trust level, and if the local memory is the same as the published location determining the permitted trust level to be a location-dependent trust level, and if the application is highly trusted determining the permitted trust level to be a full trust level; and
  
  executing the application at the appropriate trust level, the appropriate trust level being the requested trust level if the requested trust level is less than a permitted trust level or the permitted trust level if the permitted trust level and the requested trust level are equal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Narendran, Arungundram C., Stott, Nathaniel W., Kelkar, Amol S, Rosenberg, Lee B, Sikchi, Prakash, Catorcini, Alessandro, O'Connor, Brian G.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Louie; Oscar A

Application Number

US10/857,689
Time in Patent Office

2,266 Days
Field of Search

713/193, 713/189, 726 2- 4, 726/16, 726/17, 726/21, 726/22, 726/26, 726/27, 380/59
US Class Current

713/193
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2119   Authenticating web pages, e...

Executing applications at appropriate trust levels

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Executing applications at appropriate trust levels

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links