Safe browser plugins using native code modules

US 9,009,739 B2
Filed: 11/29/2012
Issued: 04/14/2015
Est. Priority Date: 11/10/2008
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating execution of a plugin for a web browser, comprising:

providing a first plugin interface bridge between a first native code module which implements a first plugin and the web browser to enable communication between the first native code module and the web browser, wherein the first plugin is installed on a computer system;

executing the first native code module in a first secure runtime environment such that the first secure runtime environment isolates the first native code module from data and resources on the computer system;

executing a second native code module which implements a second plugin in a second secure runtime environment; and

using the first plugin interface bridge to enable communication between the first native code module and the second native code module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a system that executes plugin for a web browser. During operation, the system obtains the plugin as a native code module and executes the native code module in a secure runtime environment. Next, the system enables communication between the native code module and the web browser by providing an interface bridge between the native code module and the web browser.

34 Citations

View as Search Results

27 Claims

1. A method for facilitating execution of a plugin for a web browser, comprising:
- providing a first plugin interface bridge between a first native code module which implements a first plugin and the web browser to enable communication between the first native code module and the web browser, wherein the first plugin is installed on a computer system;
  
  executing the first native code module in a first secure runtime environment such that the first secure runtime environment isolates the first native code module from data and resources on the computer system;
  
  executing a second native code module which implements a second plugin in a second secure runtime environment; and
  
  using the first plugin interface bridge to enable communication between the first native code module and the second native code module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - enabling communication between the first native code module and an incompatible web browser with an incompatible plugin architecture by providing a second plugin interface bridge between the first plugin interface bridge and the incompatible web browser.
  - 3. The method of claim 2, wherein the incompatible web browser is associated with one of a Netscape Plugin Application Programming Interface (NPAPI) plugin architecture and an ActiveX plugin architecture, and the first plugin is associated with the other of the NPAPI plugin architecture and the ActiveX plugin architecture.
  - 4. The method of claim 1, further comprising:
    - validating the first native code module prior to executing the first native code module in the first secure runtime environment.
  - 5. The method of claim 1, further comprising:
    - enabling communication between the first and second native code modules using a shared memory interface between the first and second native code modules.
  - 6. The method of claim 1, wherein the first plugin interface bridge is implemented using at least one of, a remote procedure call (RPC) mechanism, a socket and a shared memory.
  - 7. The method of claim 1, wherein providing the first plugin interface bridge between the first native code module and the web browser involves using an inter-module communication (IMC) runtime.
  - 8. The method of claim 7, wherein communication between the first native code module and the web browser over the IMC runtime is implemented using a proxy and a stub.
  - 9. The method of claim 8, wherein the proxy and the stub are used to reach objects associated with the first native code module or the web browser.

10. A system for executing a plugin for a web browser, comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a first secure runtime environment, implemented on the processor, that executes a first native code module which implements a first plugin such that the first secure runtime environment isolates the first native code module from data and resources on a computer system, wherein the first plugin is installed on the computer system;
  
  a first plugin interface bridge between the first native code module and the web browser, wherein the first plugin interface bridge enables communication between the first native code module and the web browser; and
  
  a second secure runtime environment that executes a second native code module which implements a second plugin in the second secure runtime environment, wherein the first plugin interface bridge enables communication between the first native code module and the second native code module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, further comprising:
    - a second plugin interface bridge between the first plugin interface bridge and an incompatible web browser with an incompatible plugin architecture, wherein the second plugin interface bridge enables communication between the first native code module and the incompatible web browser.
  - 12. The system of claim 11, wherein the incompatible web browser is associated with one of a Netscape Plugin Application Programming Interface (NPAPI) plugin architecture and an ActiveX plugin architecture, and the first plugin is associated with the other of the NPAPI plugin architecture and the ActiveX plugin architecture.
  - 13. The system of claim 10, further comprising:
    - a validator that validates the first native code module prior to executing the first native code module.
  - 14. The system of claim 10, further comprising:
    - a shared memory interface that enables communication between the first and second native code modules.
  - 15. The system of claim 10, wherein the first plugin interface bridge is implemented using at least one of, a remote procedure call (RPC) mechanism, a socket and a shared memory.
  - 16. The system of claim 10, wherein providing the first plugin interface bridge between the first native code module and the web browser involves using an inter-module communication (IMC) runtime.
  - 17. The system of claim 16, wherein communication between the first native code module and the web browser over the IMC runtime is implemented using a proxy and a stub.
  - 18. The system of claim 17, wherein the proxy and the stub are used to reach objects associated with the first native code module or the web browser.

19. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating execution of a plugin for a web browser, the method comprising:
- providing a first plugin interface bridge between a first native code module which implements a first plugin and the web browser to enable communication between the first native code module and the web browser, wherein the first plugin is installed on a computer system;
  
  executing the first native code module in a first secure runtime environment such that the first secure runtime environment isolates the first native code module from data and resources on the computer system;
  
  executing a second native code module which implements a second plugin in a second secure runtime environment; and
  
  using the first plugin interface bridge to enable communication between the first native code module and the second native code module.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer-readable storage medium of claim 19, wherein the method further comprises:
    - enabling communication between the first native code module and an incompatible web browser with an incompatible plugin architecture by providing a second plugin interface bridge between the first plugin interface bridge and the incompatible web browser.
  - 21. The computer-readable storage medium of claim 20, wherein the incompatible web browser is associated with one of a Netscape Plugin Application Programming Interface (NPAPI) plugin architecture and an ActiveX plugin architecture, and the first plugin is associated with the other of the NPAPI plugin architecture and the ActiveX plugin architecture.
  - 22. The computer-readable storage medium of claim 19, wherein the method further comprises:
    - validating the first native code module prior to executing the first native code module in the first secure runtime environment.
  - 23. The computer-readable storage medium of claim 19, wherein the method further comprises:
    - enabling communication between the first and second native code modules using a shared memory interface between the first and second native code modules.
  - 24. The computer-readable storage medium of claim 19, wherein the first plugin interface bridge is implemented using at least one of, a remote procedure call (RPC) mechanism, a socket and a shared memory.
  - 25. The computer-readable storage medium of claim 19, wherein providing the first plugin interface bridge between the first native code module and the web browser involves using an inter-module communication (IMC) runtime.
  - 26. The computer-readable storage medium of claim 25, wherein communication between the native code module and the web browser over the IMC runtime is implemented using a proxy and a stub.
  - 27. The computer-readable storage medium of claim 26, wherein the proxy and the stub are used to reach objects associated with the first native code module or the web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Labour, Antoine, Papakipos, Matthew, Okasaka, Shiki, Timanus, Jeffrey R.
Primary Examiner(s)
NGUYEN, VAN H

Application Number

US13/688,776
Publication Number

US 20130159394A1
Time in Patent Office

866 Days
Field of Search
US Class Current

719/328
CPC Class Codes

G06F 16/95   Retrieval from the web

G06F 21/53   by executing in a restricte...

G06F 9/44526   Plug-ins; Add-ons

H04L 67/01   Protocols

Safe browser plugins using native code modules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Safe browser plugins using native code modules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others