Call stack integrity check on client/server systems
First Claim
1. A specialized computing system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to:
- intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment;
determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment;
wherein the one or more instructions include a first dynamic identifier and the one or more instructions are further configured to cause the run-time environment to, as part of determining the first caller identifier;
determine a first caller name that corresponds to the first caller function from the run-time stack; and
perform a hashing function on the first caller name to produce the first caller identifier;
determine whether the first caller function is authorized to call the particular function based on whether the first caller identifier matches the first dynamic identifier.
3 Assignments
0 Petitions
Accused Products
Abstract
Computer systems and methods in various embodiments are configured for improving the security and efficiency of client computers interacting with server computers through supervising instructions defined in a web page and/or web browser. In an embodiment, a computer system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to: intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determine whether the first caller function is authorized to call the particular function based on the first caller identifier.
-
Citations
22 Claims
-
1. A specialized computing system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to:
-
intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; wherein the one or more instructions include a first dynamic identifier and the one or more instructions are further configured to cause the run-time environment to, as part of determining the first caller identifier;
determine a first caller name that corresponds to the first caller function from the run-time stack; and
perform a hashing function on the first caller name to produce the first caller identifier;determine whether the first caller function is authorized to call the particular function based on whether the first caller identifier matches the first dynamic identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing system comprising:
-
a memory; one or more processors coupled to the memory; a protocol logic stored in the memory, executed by the one or more processors, and configured to cause the one or more processors to receive, from a web server computer, a first set of instructions that define one or more original operations; an injection logic stored in the memory, executed by the one or more processors, and configured to cause the one or more processors to add one or more supervisor instructions to the first set of instructions to produce a modified set of instructions prior to providing the modified set of instructions to a client computer; a server logic stored in the memory, executed by the one or more processors, and causing the one or more processors to send the modified set of instructions to a remote client computer; wherein the one or more supervisor instructions are configured to cause a run-time environment executed on the client computer to intercept a first call to execute a particular function from a first caller function, determine whether the first caller function is authorized to call the particular function; wherein the injection logic is further configured to cause the one or more processors to generate a first dynamic identifier based on a first original name assigned to a first original function and add the first dynamic identifier to the modified set of instructions; wherein the one or more supervisor instructions are further configured to cause the run-time environment to generate a first caller identifier based on a first caller name associated with the first caller function, and determine whether the first caller function is authorized to call the particular function based on whether the first caller identifier matches the first dynamic identifier. - View Dependent Claims (11, 12)
-
-
13. A data processing system comprising:
-
a memory; one or more processors coupled to the memory; a protocol logic stored in the memory, executed by the one or more processors, and configured to cause the one or more processors to receive, from a web server computer, a first set of instructions that define one or more original operations; an injection logic stored in the memory, executed by the one or more processors, and configured to cause the one or more processors to add one or more supervisor instructions to the first set of instructions to produce a modified set of instructions prior to providing the modified set of instructions to a client computer; a server logic stored in the memory, executed by the one or more processors, and causing the one or more processors to send the modified set of instructions to a remote client computer; wherein the one or more supervisor instructions are configured to cause a run-time environment executed on the client computer to intercept a first call to execute a particular function from a first caller function, determine whether the first caller function is authorized to call the particular function; wherein the injection logic is further configured to cause the one or more processors to generate a second dynamic identifier based on a second original name assigned to a second original function and add the second dynamic identifier to the modified set of instructions; in response to the run-time environment determining that the first caller function is authorized to call the particular function, the one or more supervisor instructions are further configured to cause the run-time environment to; determine a call stack that led the first caller function to be called; determine a second caller function from the call stack; determine a second caller identifier based on a name associated with the second caller function; determine whether the second caller function is authorized to be in the call stack based on the second dynamic identifier and the second caller identifier; terminate the first call without performing the particular function based on determining the second caller function is not authorized to be in the call stack.
-
-
14. A method comprising:
-
intercepting, within a run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determining a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determining whether the first caller function is authorized to call the particular function based on the first caller identifier; receiving one or more instructions from a server computer, which includes a first dynamic identifier; wherein the determining the first caller identifier comprises determining a first caller name that corresponds to the first caller function from the run-time stack, and performing a hashing function on the first caller name to produce the first caller identifier; wherein the determining whether the first caller function is authorized to call the particular function is based on whether the first caller identifier matches the first dynamic identifier; wherein the method is performed by one or more computing devices. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
Specification