Sandboxing third party components
First Claim
1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method of security management for a data processing system, the method comprising:
- determining whether a third-party component supports access to a network coupled to the data processing system, wherein the third-party component provides input data to a user application;
when the third-party component supports network access, requesting an input regarding whether to restrict access of system resources by the third-party component;
constructing a restrictive access sandbox for the third-party component in response to receiving an input indicating to restrict access to the network by the third-party component, wherein the third-party component, executing within the restrictive access sandbox, sends to the user application, text based on character input to the third-party component, and stores text prediction information received from the user application in the restrictive access sandbox for subsequent access by the third-party component to predict text for input characters, the restrictive access sandbox further storing text predication information generated by the third-party component; and
constructing a normal access sandbox for the third-party component in response to receiving an input indicating not to restrict access of system resources by the third-party component.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus of a device for security management by sandboxing third-party components is described. The device can determine whether a third-party component supports network access. If the third-party component supports network access, the device can request a user input regarding whether to restrict the network access of the component. The device can receive a user input to restrict network access of the third-party component. Upon receiving the user input to restrict network access, the device can construct a sandbox for the third-party component to restrict network access of the component and prevent the component from performing data exfiltration. Other embodiments are also described and claimed.
25 Citations
23 Claims
-
1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method of security management for a data processing system, the method comprising:
-
determining whether a third-party component supports access to a network coupled to the data processing system, wherein the third-party component provides input data to a user application; when the third-party component supports network access, requesting an input regarding whether to restrict access of system resources by the third-party component; constructing a restrictive access sandbox for the third-party component in response to receiving an input indicating to restrict access to the network by the third-party component, wherein the third-party component, executing within the restrictive access sandbox, sends to the user application, text based on character input to the third-party component, and stores text prediction information received from the user application in the restrictive access sandbox for subsequent access by the third-party component to predict text for input characters, the restrictive access sandbox further storing text predication information generated by the third-party component; and constructing a normal access sandbox for the third-party component in response to receiving an input indicating not to restrict access of system resources by the third-party component. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for security management of a data processing system, the method comprising:
-
determining whether a third-party component supports access to a network coupled to the data processing system; when the third-party component supports network access, requesting an input regarding whether to restrict access of system resources by the third-party component; constructing a restrictive access sandbox for the third-party component in response to receiving an input indicating to restrict access to the network by the third-party component, wherein the third-party component executing within the restrictive access sandbox, sends to the user application, text based on character input to the third-party component, and stores text prediction information received from the user application in the restrictive access sandbox for subsequent access by the third-party component to predict text for input characters, the restrictive access sandbox further storing text predication information generated by the third-party component; and constructing a normal access sandbox for the third-party component in response to receiving an input indicating not to restrict access of system resources by the third-party component. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A device to perform security management, the device comprising:
-
a processing system; a memory coupled to the processing system through a bus; a network coupled to the processing system through the bus; and a process executed from the memory by the processing system that causes the processing system to determine whether a third-party component supports access to the network, when the third-party component supports network access, request an input regarding whether to restrict access to the network by the third-party component, construct a restrictive access sandbox for the third-party component in response to receiving the input indicating to restrict access of system resources by the third-party component, wherein the third-party component, executing within the restrictive access sandbox, sends to the user application, text based on character input to the third-party component, and stores text prediction information received from the user application in a the restrictive access sandbox for subsequent access by the third-party component to predict text for input characters, the restrictive access sandbox further storing text predication information generated by the third-party component, and construct a normal access sandbox for the third-party component in response to receiving an input indicating not to restrict access of system resources by the third-party component. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer-implemented method comprising:
-
sending, by a third-party component to a user application, text based on characters input to the third-party component, the third-party component executing on a processor within a restrictive access sandbox generated by the processor in response to receiving a user request to prevent the third-party component from transmitting data through a network; receiving, by the third-party component from the user application, text prediction information; storing, by the third-party component, the text prediction information from the user application in the restrictive access sandbox, the restrictive access sandbox further storing text predication information generated by the third-party component; accessing, by the third-party component, the restrictive access sandbox to predict text from input characters.
-
-
22. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method comprising:
-
sending, by a third-party component to a user application, text based on characters input to the third-party component, the third-party component executing on a processor within a restrictive access sandbox generated by the processor in response to receiving a user request to prevent the third-party component from transmitting data through a network; receiving, by the third-party component from the user application, text prediction information; storing, by the third-party component, the text prediction information from the user application in the restrictive access sandbox, the restrictive access sandbox further storing text predication information generated by the third-party component; accessing, by the third-party component, the text prediction information stored in the restrictive access sandbox to predict text from input characters.
-
-
23. A device comprising:
-
a processing system; a memory coupled to the processing system through a bus; a network coupled to the processing system through the bus; and a third-party component executed from the memory by the processing system that causes the processing system sent to send, to a user application, text based on characters input to the third-party component, the third-party component executing within a restrictive access sandbox generated by the processor in response to receiving a user request to prevent the third-party component from transmitting data through a network, receive text prediction information from the user application, store the text prediction information from the user application in the restrictive access sandbox, the restrictive access sandbox further storing text predication information generated by the third-party component, and access the text prediction information stored in the restrictive access sandbox to predict text from input characters.
-
Specification