Systems and methods for secure client applications

US 20050149726A1
Filed: 10/21/2004
Published: 07/07/2005
Est. Priority Date: 10/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method for providing transparent isolation from untrusted content on an enterprise network, comprising:

identifying the origin of all content;

persisting the knowledge of the origin by tagging the content with an indication of whether the content is trusted content or untrusted content;

creating a restricted execution environment, for the isolated execution of untrusted content;

creating a virtual environment, wherein untrusted content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources;

determining whether an action performed on a resource is initiated with the intent of the user; and

consolidating user interfaces between the restricted execution environment and the local environment to allow users to seamlessly work with untrusted content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An innovative security solution which separates a client into a Protected Context, which is the real files and resources of the client, and an Isolated Context, which is a restricted execution environment which makes use of virtualized resources to execute applications and modify content in the Isolated Context, without allowing explicit access to the resources in the Protected Context. The solution further consolidates user interfaces to allow users to seamlessly work with content in both contexts, and provide a visual indication of which display windows are rendered from content executed in the Isolated Context.

853 Citations

60 Claims

1. A method for providing transparent isolation from untrusted content on an enterprise network, comprising:
- identifying the origin of all content;
  
  persisting the knowledge of the origin by tagging the content with an indication of whether the content is trusted content or untrusted content;
  
  creating a restricted execution environment, for the isolated execution of untrusted content;
  
  creating a virtual environment, wherein untrusted content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources;
  
  determining whether an action performed on a resource is initiated with the intent of the user; and
  
  consolidating user interfaces between the restricted execution environment and the local environment to allow users to seamlessly work with untrusted content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The method of claim 1, wherein the content includes:
    - email messages and attachments, internet content and data, content originating through TCP/IP based transports, and external files.
  - 3. The method of claim 1, wherein tagging the content comprises:
    - tagging the content upon transmittal of the content to an external agent.
  - 4. The method of claim 1, wherein tagging the content comprises:
    - tagging content upon creation or upon transmittal to an internal agent.
  - 5. The method of claim 1, wherein identifying the origin of content comprises:
    - determining the destination of the content.
  - 6. The method of claim 5, wherein determining the destination comprises:
    - parsing the headers of content to determine the routing path for the content.
  - 7. The method of claim 1, wherein identifying the origin of content comprises:
    - ascribing an external origin to content that originates from an external internet protocol address; and
      
      ascribing an internal origin to content that originates from an internal internet protocol address.
  - 8. The method of claim 1, wherein identifying the origin of content comprises:
    - ascribing an external origin to content that creates files in the restricted execution environment; and
      
      ascribing an internal origin to content that creates files in the local environment.
  - 9. The method of claim 1, wherein tagging the content of its origins comprises:
    - altering the file name of the content to contain a reference to the origin of the content.
  - 10. The method of claim 9, wherein altering the file name of the content comprises:
    - adding a new prefix, infix, or suffix to the file name, or injecting a particular string into the file name apart from the prefix, infix, or suffix.
  - 11. The method of claim 1, wherein tagging the content of its origins comprises:
    - modifying the file attributes of the content, the file attributes being at least one of a file stream, a name-value tuple, a security descriptor, and a location tag.
  - 12. The method of claim 1, wherein tagging the content comprises:
    - affixing the file content of the content with a descriptive header or a descriptive footer.
  - 13. The method of claim 12, wherein the header or footer carries auxiliary information including:
    - the origin of the content, the modification history, and user execution instructions.
  - 14. The method of claim 12, wherein tagging the content further comprises:
    - modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign, modifications can be detected, and confidentiality can be assured.
  - 15. The method of claim 1, wherein tagging the content comprises:
    - modifying the file system of the operating system to create a modified file system, wherein the modified file system natively understands tags.
  - 16. The method of claim 1, wherein tagging the content comprises:
    - modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign, modifications can be detected, and confidentiality can be assured.
  - 17. The method of claim 1, wherein creating a restricted execution environment comprises:
    - creating an environment wherein access to local and enterprise resources are mediated.
  - 18. The method of claim 17, wherein the resources that are mediated include:
    - files on the local file system, files on the network servers, the local registry, kernel entities and objects, and services on the enterprise intranet.
  - 19. The method of claim 17, wherein mediating the local resources comprises:
    - limiting the amount of shared resources that the environment is allowed to consume.
  - 20. The method of claim 19, wherein the shared resources that are limited include:
    - the amount of physical memory, page file consumption, central processing unit consumption, the frequency and scope of network operations, and the amount of network bandwidth consumed.
  - 21. The method of claim 19, wherein the methods used to limit the resources include:
    - interposition, the creation of restricted accounts or tokens, and full-host virtualization.
  - 22. The method of claim 1, wherein creating a virtual environment comprises:
    - providing an unmangled view of content in the restricted execution environment, and a mangled and obfuscated view of content in the local environment.
  - 23. The method of claim 22, wherein providing a mangled and obfuscated view comprises:
    - modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign.
  - 24. The method of claim 1, wherein creating a virtual environment comprises:
    - presenting the restricted execution environment with a view of the resources such that any changes made to resources in the restricted execution environment are can either be reflected in the local environment or made invisible to the local environment.
  - 25. The method of claim 1, wherein creating a virtual environment comprises:
    - supplying the content with a virtualized view of resources.
  - 26. The method of claim 25, wherein supplying the content a virtualized view of resources comprises:
    - optimizing a file system copy method.
  - 27. The method of claim 1, wherein consolidating user interfaces comprises:
    - providing a visual indication of untrusted content executed in the restricted execution environment.
  - 28. The method of claim 27, wherein providing a visual indication of untrusted content comprises:
    - framing a display of the untrusted content with a customizable color.
  - 29. The method of claim 1, wherein consolidating user interfaces comprises:
    - simultaneously displaying content executed in the restricted execution environment and content executed in the local environment.
  - 30. The method of claim 29, wherein a visual indication of untrusted content executed in the restricted execution environment is provided by framing a display of the untrusted content with a customizable color.

31. A system for maintaining the security of an enterprise network by providing transparent isolation from untrusted content, comprising:
- a content origin identifying means;
  
  a means for tagging the content;
  
  means for creating a restricted execution environment for the isolated execution of untrusted content;
  
  means for creating a virtual environment, wherein content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources. means for determining user intent; and
  
  means for consolidating user interfaces between the restricted execution environment and the local environment.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 32. The system of claim 31, wherein the content includes:
    - email messages and attachments, internet content and data, content originating through TCP/IP based transports, and external files.
  - 33. The system of claim 31, wherein the means for tagging the content tags content upon transmittal of the content to an external agent.
  - 34. The system of claim 31, wherein the means for tagging content tags content upon creation or upon transmittal to an internal agent.
  - 35. The system of claim 31, wherein the means for identifying further comprises:
    - means for determining the destination of the content.
  - 36. The system of claim 35, wherein the means for determining the destination of the content parses the header of content to determine the routing path for the content.
  - 37. The system of claim 31, wherein the identifying means ascribes an external origin to content that originates from an external internet protocol address and ascribes an internal origin to content that originates from and internal internet protocol address.
  - 38. The system of claim 31, wherein the means for identifying ascribes an external origin to content that creates files in the restricted execution environment and ascribes an internal origin to content that creates files in the local execution environment.
  - 39. The system of claim 31, wherein the means for tagging further comprises:
    - means for altering the file name of the content.
  - 40. The system of claim 39, wherein the means for altering the file name adds a new prefix, infix or suffix to the file name.
  - 41. The system of claim 39, wherein the means for altering the file name injects a string into the file name.
  - 42. The system of claim 31, wherein the means for tagging modifies the file attributes of the content.
  - 43. The system of claim 42, wherein the file attributes include:
    - a file stream, a name-value tuple, a security descriptor and a location tag.
  - 44. The system of claim 31, wherein the means for tagging affixes the file content of the content with a descriptive header or a descriptive footer, the header or footer carrying auxiliary information including the origin of the content, the modification history, and user execution instructions.
  - 45. The system of claim 44 wherein the means for tagging further comprises:
    - means for modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign, modifications can be detected, and confidentiality can be assured.
  - 46. The system of claim 31, wherein the means for tagging further comprises:
    - means to create a modified file system that natively understands tags.
  - 47. The system of claim 31, wherein the means for tagging comprises:
    - means for modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign, modifications can be detected, and confidentiality can be assured.
  - 48. The system of claim 31, wherein the means for creating a restricted execution environment further comprises:
    - means for mediating access to local and enterprise resources.
  - 49. The system of claim 48, wherein the resources that are mediated include:
    - local files, enterprise files, the local registry, kernel entities and objects, and services on the enterprise intranet.
  - 50. The system of claim 48, wherein the means for mediating access further comprises:
    - means for limiting the amount of shared resources that the restricted execution environment is allowed to consume.
  - 51. The system of claim 50, wherein the shared resources include:
    - physical memory, page file consumption, central processing unit consumption, the frequency and scope of network operations, and the amount of network bandwidth consumed.
  - 52. The system of claim 51, wherein the means for limiting the amount of shared resources includes:
    - interposition means, means for creating restricted accounts and tokens, and virtualization means.
  - 53. The system of claim 31, wherein the means for creating a virtual environment provides an unmangled view of a resource in the restricted execution environment created by the means for creating a restricted execution environment, and a mangled, obfuscated view of a resource in the local environment.
  - 54. The system of claim 53, wherein the mangled, obfuscated view is provided by means for modifying the content through cryptographic manipulation of the file content of the content such that any malicious content is rendered benign, modifications can be detected, and confidentiality can be assured.
  - 55. The system of claim 31, wherein the means for creating a virtual environment further comprises:
    - means for presenting the restricted execution environment with a view of the resources such that any changes made to resources in the restricted execution environment are either reflected in the local environment or invisible to the local environment.
  - 56. The system of claim 31, wherein the means for creating a virtual environment optimizes a file system copy method to supply a virtualized view of the resources.
  - 57. The system of claim 31, wherein the means for consolidating user interfaces further comprises:
    - means for providing a user a visual indication of untrusted content executed in the restricted execution environment.
  - 58. The system of claim 57, wherein the means for providing a user a visual indication frames a display of the untrusted content with a customizable color.
  - 59. The system of claim 31, wherein the means for consolidating user interfaces simultaneously displays content executed in the restricted execution environment and content executed in the local environment.
  - 60. The system of claim 59, further comprising:
    - means for providing a visual indication of untrusted content executed in the restricted execution environment by framing a display of the untrusted content with a customizable color.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Joshi, Amit, Asgeirsson, Sigurdur, Radhakrishnan, Sanjeev, Sharma, Anurag, Sigurdsson, Johann, Gunnarsson, Tomas, Gray, Wayne, Thorarinsson, Finnur, Iyengar, Ananta, Shilimkar, Sunil

Granted Patent

US 7,694,328 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2105   Dual mode as a secondary as...

Systems and methods for secure client applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

853 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure client applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

853 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links