Web application container for client-level runtime control

US 8,918,837 B2
Filed: 12/28/2012
Issued: 12/23/2014
Est. Priority Date: 12/28/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device for establishing client-level web application runtime control, the computing device comprising:

a browser to receive application code associated with a browser-based application from a web server;

a browser security interface to generate machine-executable code and an access control map for the application code, wherein the access control map is generated as a function of at least one of (i) design time rules for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access or (ii) user configurations for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access; and

a web security module to (i) receive application security information associated with the application code from one or more security applications, (ii) perform a security assessment of the browser-based application as a function of the application security information and the access control map, (iii) establish a client-level web application runtime security policy associated with the browser-based application in response to performing the security assessment, and (iv) enforce the established client-level web application runtime security policy on the computing device,wherein the client-level web application runtime security policy is to identify hardware access rules to be enforced on the computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for establishing client-level web application runtime control using a computing device include receiving application code for a browser-based application from a web server and generating machine-executable code and an access control map for the application code. The computing device receives application security information associated with the application code from local and/or remote security applications and performs a security assessment of the application code based on the application security information and the access control map. Further, the computing device establishes a runtime security policy for the browser-based application and enforces that policy.

21 Citations

View as Search Results

21 Claims

1. A computing device for establishing client-level web application runtime control, the computing device comprising:
- a browser to receive application code associated with a browser-based application from a web server;
  
  a browser security interface to generate machine-executable code and an access control map for the application code, wherein the access control map is generated as a function of at least one of (i) design time rules for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access or (ii) user configurations for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access; and
  
  a web security module to (i) receive application security information associated with the application code from one or more security applications, (ii) perform a security assessment of the browser-based application as a function of the application security information and the access control map, (iii) establish a client-level web application runtime security policy associated with the browser-based application in response to performing the security assessment, and (iv) enforce the established client-level web application runtime security policy on the computing device,wherein the client-level web application runtime security policy is to identify hardware access rules to be enforced on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing device of claim 1, wherein the browser-based application comprises a Hypertext Markup Language 5 (HTML 5) application.
  - 3. The computing device of claim 1, further comprising a browser user interface to receive user input regarding the user configurations.
  - 4. The computing device of claim 1, wherein the web security module is to determine whether access to the hardware is a security threat.
  - 5. The computing device of claim 1, wherein the web security module is to receive the application security information from a web security module of at least one other computing device.
  - 6. The computing device of claim 1, wherein the web security module is to establish hardware access rules that identify which hardware of the computing device the browser-based application is authorized to access.
  - 7. The computing device of claim 1, wherein the web security module is to restrict access to hardware of the computing device as a function of the established client-level web application runtime security policy.

8. One or more non-transitory, machine readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, result in a computing device:
- receiving application code associated with a browser-based application from a web server;
  
  generating machine-executable code for the application code;
  
  generating an access control map for the application code as a function of at least one of (i) design time rules for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access or (ii) user configurations for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access;
  
  receiving application security information associated with the application code from one or more security applications;
  
  performing a security assessment of the browser-based application as a function of the application security information and the access control map;
  
  establishing a client-level web application runtime security policy associated with the browser-based application in response to performing the security assessment, the client-level web application runtime security policy identifying hardware access rules; and
  
  enforcing the established client-level web application runtime security policy.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The one or more machine readable media of claim 8, wherein receiving the application security information comprises receiving real-time security monitoring data regarding the security of the application code from the one or more security applications.
  - 10. The one or more machine readable media of claim 8, wherein establishing the client-level web application runtime security policy comprises establishing hardware access rules that identify which hardware of the computing device the browser-based application is authorized to access.
  - 11. The one or more machine readable media of claim 8, wherein establishing the client-level web application runtime security policy comprises establishing mediation security rules to be enforced by the computing device in response to a security concern being raised.
  - 12. The one or more machine readable media of claim 8, wherein enforcing the established client-level web application runtime security policy comprises restricting access to one or more memory addresses of the computing device.
  - 13. The one or more machine readable media of claim 8, wherein enforcing the established client-level web application runtime security policy comprises monitoring accesses by the browser-based application to hardware of the computing device.
  - 14. The one or more machine readable media of claim 8, wherein enforcing the established client-level web application runtime security policy comprises executing the application code in response to no security concern being raised.
  - 15. The one or more machine readable media of claim 8, wherein enforcing the established client-level web application runtime security policy comprises permitting the browser-based application limited access to hardware of the computing device in response to a security concern being raised and no mediation security rules having been established by the computing device.

16. A method for establishing client-level web application runtime control using a computing device, the method comprising:
- receiving, with the computing device, application code associated with a browser-based application from a web server;
  
  generating, on the computing device, machine-executable code for the application code;
  
  generating, on the computing device, an access control map for the application code as a function of at least one of (i) design time rules for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access or (ii) user configurations for the browser-based application that identify hardware of the computing device that the browser-based application is configured to access;
  
  receiving, with the computing device, application security information associated with the application code from one or more security applications;
  
  performing, on the computing device, a security assessment of the browser-based application as a function of the application security information and the access control map;
  
  establishing, on the computing device, a client-level web application runtime security policy associated with the browser-based application in response to performing the security assessment, the client-level web application runtime security policy identifying hardware access rules; and
  
  enforcing, on the computing device, the established client-level web application runtime security policy.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein receiving the application code associated with the browser-based application comprises receiving Hypertext Markup Language 5 (HTML 5) application code.
  - 18. The method of claim 16, wherein receiving the application security information comprises receiving application security information from at least one of a local security applications and a web security module of another computing device.
  - 19. The method of claim 16, wherein establishing the client-level web application runtime security policy comprises establishing hardware access rules that identify which hardware of the computing device the browser-based application is authorized to access.
  - 20. The method of claim 19, wherein enforcing the established client-level web application runtime security policy comprises restricting access to hardware of the computing device as a function of the hardware access rules.
  - 21. The method of claim 16, wherein enforcing the established client-level web application runtime security policy comprises monitoring accesses by the browser-based application to hardware of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Li, Hong, Dewan, Prashant
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/729,605
Publication Number

US 20140189778A1
Time in Patent Office

725 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/20   for managing network securi...

Web application container for client-level runtime control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Web application container for client-level runtime control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links