Sandboxed execution of plug-ins

US 8,745,361 B2
Filed: 12/02/2008
Issued: 06/03/2014
Est. Priority Date: 12/02/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented program management system, comprising:

an interface component for receiving auxiliary code for execution with a server application, the interface component located with the server application on a server machine in a corporate hosted environment;

an isolation component for receiving and securely isolating the auxiliary code in an isolated environment using levels of isolation including an application domain that isolates running code within worker processes, to provide an application domain isolation level;

a management component for monitoring and managing execution of the auxiliary code in the isolated environment based in part on abnormal execution behavior; and

a microprocessor that executes computer-executable instructions associated with at least one of the interface component, the isolation component, or the management component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP. Moreover, the architecture is highly scalable, stateless, and low administration architecture for the execution of the plug-ins, which can be scaled by adding/removing additional sandbox servers on-the-fly without prior configuration.

Citations

20 Claims

1. A computer-implemented program management system, comprising:
- an interface component for receiving auxiliary code for execution with a server application, the interface component located with the server application on a server machine in a corporate hosted environment;
  
  an isolation component for receiving and securely isolating the auxiliary code in an isolated environment using levels of isolation including an application domain that isolates running code within worker processes, to provide an application domain isolation level;
  
  a management component for monitoring and managing execution of the auxiliary code in the isolated environment based in part on abnormal execution behavior; and
  
  a microprocessor that executes computer-executable instructions associated with at least one of the interface component, the isolation component, or the management component.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the auxiliary code is a third-party plug-in received for execution with the application, which is a server application, and the isolation component is part of a sandbox server to which the auxiliary code is sent for isolated execution.
  - 3. The system of claim 1, wherein the one or more isolation levels further include at least one of a machine isolation level or a process isolation level.
  - 4. The system of claim 1, wherein the interface component ensures that calls from the auxiliary code are directed to the application.
  - 5. The system of claim 1, wherein the management component stops execution of the auxiliary code by disabling the auxiliary code based on an accumulated total of penalty points applied in response to the abnormal execution behavior.
  - 6. The system of claim 1, further comprising a penalty component for tracking penalty points accumulated by the auxiliary code based on the abnormal execution behavior.
  - 7. The system of claim 1, further comprising a load management component for selecting one or more existing isolation components based on increased execution load.

8. A computer-implemented program management system, comprising:
- an interface component for receiving auxiliary code for execution with a server application and ensuring that calls from the auxiliary code are directed to the application, the interface component located with the server application on a server machine in a corporate hosted environment;
  
  an isolation component for receiving and securely isolating the auxiliary code in an isolated environment using a least one of a machine isolation level, a process isolation level, or an application domain code access isolation level;
  
  a penalty component for tracking penalty points accumulated by the auxiliary code in response to abnormal execution behavior;
  
  a management component for monitoring and managing execution of the auxiliary code in the isolated environment based on the penalty points; and
  
  a microprocessor that executes computer-executable instructions associated with at least one of the interface component, the isolation component, the penalty component, or the management component.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the management component blocks execution of the auxiliary code by blocking registration of the auxiliary code based on an accumulated total of the penalty points applied in response to the abnormal execution behavior.
  - 10. The system of claim 8, wherein the management component blocks auxiliary code of a publisher from being executed based on a history of the publisher providing misbehaving auxiliary code.
  - 11. The system of claim 8, wherein the management component prevents registration of new auxiliary code from an organization based on penalty points accumulated across existing auxiliary code from the organization that has been or is being executed.
  - 12. The system of claim 8, wherein the auxiliary code is a third-party plug-in received for execution with the application, which is a server application, and the isolation component is part of a sandbox server to which the auxiliary code is sent for isolated execution.

13. A computer-implemented method of managing a program performed by a computer system executing machine-readable instructions, the method comprising acts of:
- receiving auxiliary code for execution at a server application on a server machine in a corporate hosted environment;
  
  sending the auxiliary code to an isolated environment within the corporate hosted environment for execution, the isolated environment comprising at least one of a machine isolation level, a process isolation level, and an application domain code access isolation;
  
  executing the auxiliary code in the isolated environment;
  
  monitoring execution of the auxiliary code for abnormal execution behavior;
  
  managing the execution of the auxiliary code based on the abnormal execution behavior; and
  
  configuring a microprocessor to perform at least one of the acts of receiving, sending, executing, monitoring, or managing.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising:
    - applying and accumulating penalty points based on the abnormal execution behavior; and
      
      halting execution of the auxiliary code relative to a predetermined threshold of penalty points.
  - 15. The method of claim 14, wherein the penalties points are based on abnormal behavior related to errors in execution of the auxiliary code.
  - 16. The method of claim 13, further comprising preventing registration of the auxiliary code relative to a predetermined threshold of penalty points.
  - 17. The method of claim 13, further comprising managing the auxiliary code based on a number of times the auxiliary code has been disabled.
  - 18. The method of claim 13, further comprising preventing registration of new auxiliary code from an organization based on penalty points accumulated across existing auxiliary code from the organization that has been or is being executed.
  - 19. The method of claim 13, further comprising blocking auxiliary code from a publisher from being executed based on a history of the publisher providing misbehaving auxiliary code.
  - 20. The method of claim 13, further comprising selecting a sandbox server from among multiple sandbox servers based on load balancing data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shah, Nirav Yogesh, Hafezipour, Allen F., Jamieson, Steve, Ranjan, Shashi
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/326,114
Publication Number

US 20100138639A1
Time in Patent Office

2,009 Days
Field of Search

712/227
US Class Current

712/227
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/02   based on web technology, e....

Sandboxed execution of plug-ins

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Sandboxed execution of plug-ins

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links