SANDBOX WEB NAVIGATION

US 20100192224A1
Filed: 01/26/2009
Published: 07/29/2010
Est. Priority Date: 01/26/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

detecting selection of a hyperlink in a host session of a host system;

determining that a web page referenced by the hyperlink should be opened in a sandbox session, wherein the sandbox session virtualizes at least some resources of the host system;

creating the sandbox session;

opening a web browser in the sandbox session; and

loading the web page referenced by the hyperlink in the web browser in the sandbox session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Browsing the World Wide Web may expose a user'"'"'s system to malicious attacks that can lead to data loss and/or system failure. Sometimes a user desires to access information on a web page that may contain malicious content. For example, a college student researching computer hacking may need information provided on a hacking website even though the site is potentially dangerous. Although techniques are employed to install potentially harmful executable files into a sandbox (e.g., virtual machine), these techniques do not address navigation of harmful sites. Functionality can be implemented to instantiate a web browser within a controlled virtual environment (“sandbox”) that simulates the host system while restricting the virtual environment to designated space(s) and/or resources of the host system to prevent harmful effects. Instantiating the web browser in the sandbox allows web navigation of risky web sites without deleterious effects on the host system.

120 Citations

23 Claims

1. A method comprising:
- detecting selection of a hyperlink in a host session of a host system;
  
  determining that a web page referenced by the hyperlink should be opened in a sandbox session, wherein the sandbox session virtualizes at least some resources of the host system;
  
  creating the sandbox session;
  
  opening a web browser in the sandbox session; and
  
  loading the web page referenced by the hyperlink in the web browser in the sandbox session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said determining that the web page should be opened in the sandbox session is based on one of manual user indication and automatic determination based on a set of policies.
  - 3. The method of claim 1 further comprising isolating the host from potential malicious content in the hyperlink.
  - 4. The method of claim 3 further comprising preventing content from being stored on the host.
  - 5. The method of claim 1 further comprising saving an artifact of the web page to persist beyond the sandbox session.
  - 6. The method of claim 5 further comprising determining if the artifact contains malicious content.
  - 7. The method of claim 6 further comprising running one or more of an antivirus scan, a spy-ware scan and a mal-ware scan on the artifact.
  - 8. The method of claim 1, wherein said creating the sandbox session further comprising instantiating a virtual machine with a browser plug-in of a web browser in the host session.

9. A method comprising:
- determining that a web page referenced by a hyperlink should be opened in a sandbox session, wherein the sandbox session virtualizes resources of a host system;
  
  loading the web page in a web browser in the sandbox session;
  
  detecting a request to save an artifact of the web page;
  
  determining that the artifact is free of malicious content; and
  
  saving the artifact to persist beyond termination of the sandbox session.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein said determining that the artifact is free of malicious content further comprises running one or more of an antivirus scan, a spy-ware scan and a mal-ware scan on the artifact.
  - 11. The method of claim 10 further comprising attempting to remove malicious content from an artifact if the artifact is determined to contain malicious content.
  - 12. The method of claim 10, wherein said detecting the request to save the artifact comprises detecting a request to save the artifact by a browser plug-in of the web browser in the sandbox session.
  - 13. The method of claim 12 further comprising utilizing virtualization application programming interfaces to determine that the artifact is free of malicious content and to save the artifact to persist beyond termination of the sandbox session.

14. One or more machine-readable media having stored therein a program product, which when executed by a set of one or more processor units causes the set of one or more processor units to perform operations that comprise:
- detecting selection of a hyperlink in a host session of a host system;
  
  determining that a web page referenced by the hyperlink should be opened in a sandbox session, wherein the sandbox session virtualizes at least some resources of the host system;
  
  creating the sandbox session;
  
  opening a web browser in the sandbox session; and
  
  loading the web page referenced by the hyperlink in the web browser in the sandbox session.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The machine-readable media of claim 14, wherein said operation of determining that the web page should be opened in the sandbox session is based on one of manual user indication and automatic determination based on a set of policies.
  - 16. The machine-readable media of claim 14, wherein said operations further comprise isolating the host from potential malicious content in the hyperlink.
  - 17. The machine-readable media of claim 16, wherein the operations further comprise preventing content from being stored on the host.
  - 18. The machine-readable media of claim 14, wherein the operations further comprise saving an artifact of the web page to persist beyond the sandbox session.
  - 19. The machine-readable media of claim 18, wherein the operations further comprise determining if the artifact contains malicious content.
  - 20. The machine-readable media of claim 19, wherein the operations further comprise running one or more of an antivirus scan, a spy-ware scan and a mal-ware scan on the artifact.
  - 21. The machine-readable media of claim 14, wherein said operation of creating the sandbox session further comprises instantiating a virtual machine with a browser plug-in.

22. An apparatus comprising:
- a set of one or more processing units;
  
  a network interface; and
  
  a sandbox session management unit operable to,detect selection of a hyperlink in a host session of a host system;
  
  determine that a web page referenced by the hyperlink should be opened in a sandbox session, wherein the sandbox session virtualizes at least some resources of the host system;
  
  create the sandbox session;
  
  open a web browser in the sandbox session; and
  
  load the web page referenced by the hyperlink in the web browser in the sandbox session.
- View Dependent Claims (23)
- - 23. The apparatus of claim 22 further comprising one or more machine-readable media that embody the sandbox session management unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Secchi, Marco, Pichetti, Luigi, Secomandi, Antonio, Ferri, Luca

Application Number

US12/359,457
Publication Number

US 20100192224A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/53 by executing in a restricte...

SANDBOX WEB NAVIGATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

120 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SANDBOX WEB NAVIGATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links