Web browser operating system

US 7,836,303 B2
Filed: 12/09/2005
Issued: 11/16/2010
Est. Priority Date: 12/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securely managing Web applications on a computing device that is coupled in communication with a network, comprising the steps of:

(a) providing a browser operating system to service communications with remote Web sites over the network, the browser operating system being employed for controlling operation of the computing device at least in regard to communication over the network, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and remote Web sites;

(b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system only for that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, and wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and

(c) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Web browsing system using a browser operating system (BOS), which provides a trusted software layer on which Web browsers execute. The BOS runs the client-side component of each Web application (e.g., on-line banking, and Web mail) in its own virtual machine, which provides strong isolation between Web services and the user'"'"'s local resources. Web publishers can thus limit the scope of their Web applications by specifying the URLs and other resources that their browsers are allowed to access, which limits the harm that can be caused by a compromised browser. Web applications are treated as first-class objects that users explicitly install and manage, giving them explicit knowledge about and control over downloaded content and code. An initial embodiment implemented using Linux and the Xen virtual machine monitor has been shown to prevent or contain about 87% of the vulnerabilities that have been identified in a conventional web browser environment.

88 Citations

View as Search Results

27 Claims

1. A method for securely managing Web applications on a computing device that is coupled in communication with a network, comprising the steps of:
- (a) providing a browser operating system to service communications with remote Web sites over the network, the browser operating system being employed for controlling operation of the computing device at least in regard to communication over the network, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and remote Web sites;
  
  (b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system only for that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, and wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and
  
  (c) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the step of spawning comprises the step of executing a single browser instance in the virtual machine to service the Web application that is being implemented.
  - 3. The method of claim 2, further comprising the step of employing a Web service for specifying characteristics of each Web application in a manifest retrieved by the browser operating system when accessing the Web service for the Web application.
  - 4. The method of claim 3, wherein the manifest includes at least one of:
    - (a) a digital signature authenticating the Web service;
      
      (b) a specification of code that will be run in the virtual machine; and
      
      (c) a specification of access policies that will be applied in connection with communications with the network.
  - 5. The method of claim 4, wherein the specification of access policies includes:
    - (a) a network policy, which specifies remote network services with which a browser instance can interact; and
      
      (b) a browser policy, which specifies the code that should be initially installed within the virtual machine in which a browser instance is operating.
  - 6. The method of claim 1, further comprising the step of requiring that the user approve at least an initial installation of a Web application before spawning an instance of the virtual machine in which the Web application will be implemented.
  - 7. The method of claim 1, wherein the resources provided to each instance of the virtual machine include a memory, separate processor services, a virtual storage, and a virtual display screen, and wherein the virtual machine receives input from at least one input device.
  - 8. The method of claim 7, further comprising the step of enabling creation of one or more sprites by an instance of a virtual machine, each sprite comprising a plurality of tiles that are displayed on the virtual display screen using a data structure maintained in the memory of the virtual machine.
  - 9. The method of claim 1, further comprising the step of enabling a Web application to fork a new Web application, by requesting the browser operating system to spawn a new virtual machine implementing the new Web application.
  - 10. The method of claim 1, further comprising the steps of:
    - (a) employing the browser operating system to implement a private temporary storage for each virtual machine, for temporarily holding an object that is to be transferred into or out of the virtual machine;
      
      (b) using a store call to transfer an object from outside the virtual machine into the temporary storage and a fetch call to find an object in the temporary storage for transfer outside the virtual machine; and
      
      (c) enabling a user to explicitly initiate a transfer of an object into or out of the temporary storage.
  - 11. The method of claim 1, wherein the computing device is executing a main operating system, further comprising the step of employing the browser operating system for isolating the main operating system from directly interacting with the Web applications during the communication over the network.
  - 12. A non-transitory machine readable medium having machine instructions that are executable by a computing device for carrying out the steps of claim 1.

13. A system coupled in communication over a network, for securely managing Web applications that are executed with the system, comprising:
- (a) a network interface for communicating with remote Web sites over a network;
  
  (b) a user input device;
  
  (c) a memory that stores data and machine instructions; and
  
  (d) a processor that is connected to the network interface, the user input device, and the memory, the processor executing the machine instructions to carry out a plurality of functions, including;
  
  (i) providing a browser operating system to service communications with the remote Web sites over the network, wherein the browser operating system manages each of one or more browser instances executing on the system and mediates all network interactions between each browser instance and the remote Web sites;
  
  (ii) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system, for use only by that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, wherein the browser operating system enables users to manipulate virtual screens of each browser instance; and
  
  (iii) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The system of claim 13, wherein when the machine instructions cause the processor to spawn an instance of a virtual machine, a single browser instance is executed by the virtual machine to service the Web application that is being implemented.
  - 15. The system of claim 14, wherein the machine instructions further cause the processor to employ a Web service for specifying characteristics of each Web application in a manifest retrieved by the browser operating system when accessing the Web service for the Web application.
  - 16. The system of claim 15, wherein the manifest includes at least one of:
    - (a) a digital signature authenticating the Web service;
      
      (b) a specification of code that will be run in the virtual machine; and
      
      (c) a specification of access policies that will be applied in connection with communications with the network.
  - 17. The system of claim 16, wherein the specification of access policies includes:
    - (a) a network policy, which specifies remote network services with which a browser instance can interact; and
      
      (b) a browser policy, which specifies the code that should be initially installed within the virtual machine in which a browser instance is operating.
  - 18. The system of claim 13, wherein the machine instructions further cause the processor to require the user to approve at least an initial installation of a Web application, before spawning an instance of the virtual machine in which the Web application will be implemented.
  - 19. The system of claim 13, wherein the resources provided to each instance of the virtual machine include a memory accessible only by the virtual machine, separate processor services, a virtual storage, and a virtual display screen, and wherein the virtual machine receives input from the input device.
  - 20. The system of claim 13, wherein the machine instructions further cause the processor to enable creation of one or more sprites by an instance of a virtual machine, each sprite comprising a plurality of tiles that are displayed on the virtual display screen using a data structure maintained in the memory of the virtual machine.
  - 21. The system of claim 13, wherein the machine instructions further cause the processor to enable a Web application to fork a new Web application, by requesting the browser operating system to spawn a new virtual machine implementing the new Web application.
  - 22. The system of claim 13, wherein the machine instructions further cause the processor to:
    - (a) employ the browser operating system to implement a private temporary storage for each virtual machine, for temporarily holding an object that is to be transferred into or out of the virtual machine;
      
      (b) use a store call to transfer an object from outside the virtual machine into the temporary storage and a fetch call to find an object in the temporary storage for transfer outside the virtual machine; and
      
      (c) enable a user to explicitly initiate a transfer of an object into or out of the temporary storage.
  - 23. The system of claim 13, wherein the machine instructions further cause the processor to execute a main operating system and to employ the browser operating system for isolating the main operating system executed by the processor, so that the main operating system is prevented from directly interacting with the Web applications during the communication over the network.

24. A method for isolating each of a plurality of Web applications within a “
- sandbox,”
  
  to avoid direct interaction between the Web applications executing on a computing device on which the Web applications are being executed and which is coupled in communication with a network, comprising the steps of;
  
  (a) executing a browser operating system that runs as an interface between the Web applications, and between each Web application and the main operating system, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and the remote Web sites;
  
  (b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system;
  
  (c) using the browser operating system, creating a virtual machine for use by a Web application as the Web application is being initiated by the user, the Web application executing within the virtual machine and being provided with resources that are separate from resources provided to other Web applications, each virtual machine that is spawned having its own browser instance and separate set of virtual resources, wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and
  
  (d) enabling communication over the network by each Web application only through the browser operating system, so that each Web application is generally isolated in a “
  
  sandbox”
  
  comprising the virtual machine in which it is executed, to protect against security threats made using one of the Web applications and directed toward the other Web applications.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24, wherein at least one Web application includes a browser for communicating with a remote site over the network.
  - 26. The method of claim 24, wherein the browser operating system associates a manifest that defines policies for the Web application in connection with communicating over the network.
  - 27. The method of claim 24, wherein the computing device is also executing a main operating system, further comprising the step of preventing any direct interaction between the Web applications and the main operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Washington
Original Assignee
University of Washington
Inventors
Hansen, Jacob Gorm, Levy, Henry M., Gribble, Steven, Cox, Richard S.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/298,859
Publication Number

US 20070136579A1
Time in Patent Office

1,803 Days
Field of Search

713/168, 709/203, 709/219, 709/229, 726/22
US Class Current

713/168
CPC Class Codes

H04L 63/102 Entity profiles

H04L 67/02 based on web technology, e....

Web browser operating system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Web browser operating system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links