Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory
First Claim
1. An electronic device, comprising:
- a processor;
an operating system;
a memory;
a trusted security zone manager to manage a trusted security zone; and
an anti-trusted-security-zone in the trusted security zone that, when installed and managed by the trusted security zone managerplaces non-trusted applications into the anti-trusted-security-zone for execution,restricts access of the non-trusted applications to at least some resources of the electronic device outside the anti-trusted-security-zone,alerts a user when a non-trusted application of the non-trusted applications inside the anti-trusted-security-zone desires access to any restricted resource of the electronic device outside the anti-trusted-security-zone,asks the user for permission to access the desired resource outside the anti-trusted-security-zone,grants access for the non-trusted application to the desired resource outside the anti-trusted-security-zone upon the permission by the user,moves any of the non-trusted applications from the anti-trusted-security-zone to a normal zone that are determined not to be malicious,keeps any of the non-trusted applications within the anti-trusted-security-zone that do not need to execute outside the anti-trusted-security-zone, anddeletes any of the non-trusted applications that are determined to be malicious,whereby the risk that the non-trusted applications can cause harm to the electronic device is reduced.
6 Assignments
0 Petitions
Accused Products
Abstract
An electronic device. The device comprises an anti-trusted-security-zone in the trusted security zone that, when installed and managed by the trusted security zone manager, places non-trusted applications into the anti-trusted-security-zone for execution, restricts access of the non-trusted applications to at least some resources of the electronic device outside the anti-trusted-security-zone, alerts the user when the non-trusted application inside the anti-trusted-security-zone desires access to any restricted resource of the electronic device outside the anti-trusted-security-zone, asks the user for permission to access the desired resource outside the anti-trusted-security-zone, grants access for the non-trusted application to requested resources outside the anti-trusted-security-zone upon the permission by the user, moves the applications from the anti-trusted-security-zone to the normal zone that are determined not to be malicious, keeps the applications within the anti-trusted-security-zone that do not need to execute outside the anti-trusted-security-zone, and deletes the applications that are determined to be malicious.
-
Citations
19 Claims
-
1. An electronic device, comprising:
-
a processor; an operating system; a memory; a trusted security zone manager to manage a trusted security zone; and an anti-trusted-security-zone in the trusted security zone that, when installed and managed by the trusted security zone manager places non-trusted applications into the anti-trusted-security-zone for execution, restricts access of the non-trusted applications to at least some resources of the electronic device outside the anti-trusted-security-zone, alerts a user when a non-trusted application of the non-trusted applications inside the anti-trusted-security-zone desires access to any restricted resource of the electronic device outside the anti-trusted-security-zone, asks the user for permission to access the desired resource outside the anti-trusted-security-zone, grants access for the non-trusted application to the desired resource outside the anti-trusted-security-zone upon the permission by the user, moves any of the non-trusted applications from the anti-trusted-security-zone to a normal zone that are determined not to be malicious, keeps any of the non-trusted applications within the anti-trusted-security-zone that do not need to execute outside the anti-trusted-security-zone, and deletes any of the non-trusted applications that are determined to be malicious, whereby the risk that the non-trusted applications can cause harm to the electronic device is reduced. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of reducing the risk of a JavaScript injection harming a computing device, comprising:
-
installing an anti-trusted-security-zone into a memory of a computing device; placing dynamically downloaded JavaScript that is part of a web browser into the anti-trusted-security-zone for execution; restricting access of the JavaScript to at least part of the rest of the computing device, wherein when the JavaScript stored in the anti-trusted-security zone is executed, the JavaScript is allowed to write to a screen of the computing device but not to read from the screen of the computing device; alerting a user when the JavaScript inside the anti-trusted-security-zone desires access to any restricted resource of the computing device outside the anti-trusted-security-zone; asking the user for permission to access the desired resource outside the anti-trusted-security-zone; granting access for the JavaScript to the desired resource outside the anti-trusted-security-zone upon the user'"'"'s permission; and moving the JavaScript from the anti-trusted-security-zone to a normal zone that is determined not to be malicious. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of managing untrusted applications on an electronic device to reduce the risk that the untrusted applications can cause harm to the electronic device, comprising:
-
placing non-trusted applications into an anti-trusted-security-zone for execution; restricting access of the non-trusted applications to at least some resources outside the anti-trusted-security-zone; alerting a user when a non-trusted application of the non-trusted applications inside the anti-trusted-security-zone desires access to any restricted resource of the electronic device outside the anti-trusted-security-zone; asking the user for permission to access the desired resource outside the anti-trusted-security zone; granting access for the non-trusted application to the desired resource outside the anti-trusted-security-zone upon the permission by the user; moving one or more of the non-trusted applications from the anti-trusted-security-zone to a normal zone that are determined not to be malicious; keeping any of the non-trusted application within the anti-trusted-security-zone that do not need to execute outside the anti-trusted-security-zone; and deleting any of the non-trusted applications that are determined to be malicious. - View Dependent Claims (17, 18, 19)
-
Specification