Executing applications at appropriate trust levels

US 7,676,843 B1
Filed: 06/24/2004
Issued: 03/09/2010
Est. Priority Date: 05/27/2004
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

determining potentially dangerous operations of an application by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL effective to determine whether the code is configured to communicate with one or more remote locations; and

preventing or intercepting the potentially dangerous operations of the application by embedding a requested trust level into the application, the requested trust level comprising at least one of;

a full trust level that requests permission to communicate with any remote location;

ora location-dependent trust level that requests permission to communicate with at least one of the one or more remote locations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that enable execution of applications at appropriate trust levels are described. These systems and methods can determine appropriate trust levels by comparing applications'"'"' permitted trust levels with their requested trust levels. These systems and method can determine applications'"'"' permitted trust levels by comparing applications'"'"' execution locations with their published locations. Applications can also be executed at a restricted trust level at which potentially dangerous operations are prohibited.

813 Citations

26 Claims

1. A computer implemented method comprising:
- determining potentially dangerous operations of an application by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL effective to determine whether the code is configured to communicate with one or more remote locations; and
  
  preventing or intercepting the potentially dangerous operations of the application by embedding a requested trust level into the application, the requested trust level comprising at least one of;
  
  a full trust level that requests permission to communicate with any remote location;
  
  ora location-dependent trust level that requests permission to communicate with at least one of the one or more remote locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the act of preventing or intercepting comprises preventing any information from being sent outside of, or received by, the application.
  - 3. The method of claim 2, wherein the application comprises arbitrary HTML.
  - 4. The method of claim 1, further comprising assigning a fictitious universal resource locator (URL) to a view being rendered by the application.
  - 5. The method of claim 4, wherein the fictitious URL is associated with a low level of permission.
  - 6. The method of claim 1, further comprising trapping outside calls attempted by a view being rendered by the application.
  - 7. The method of claim 1, further comprising finding and neutralizing a universal resource locator (URL) having a redefined interpretation that is in a view being rendered by the application.
  - 8. The method of claim 7, wherein the view comprises Hyper Text Markup Language (HTML) and the act of finding and neutralizing the URL comprising finding and neutralizing a base tag.
  - 9. The method of claim 1, wherein the act of preventing or intercepting comprises preventing or intercepting all outside calls made by the application, and wherein the outside calls comprise a call made by the application to a universal resource locator outside the application'"'"'s boundaries.
  - 10. The method of claim 1, further comprising neutralizing the potentially dangerous operations.
  - 11. The method of claim 1, further comprising removing rights potentially exercisable by the application.
  - 12. The method of claim 11, wherein the act of removing rights comprises assigning a random execution location or published location to the application.
  - 13. The method of claim 1, further comprising making safe custom code of the application.
  - 14. The method of claim 13, wherein the act of making safe comprises forbidding or making inaccessible data connections or custom controls.
  - 15. One or more computer storage media having computer-executable instructions for performing the method recited in claim 1.

16. A computer implemented method comprising:
- determining potentially dangerous operations in an application, the determining including scanning the application for universal resource locators and code that is configured to communicate with one or more remote locations associated with the universal resource locators; and
  
  preventing or intercepting the potentially dangerous operations by embedding a requested trust level into the application, the requested trust level comprising at least one of;
  
  a full trust level that requests permission to communicate with any remote location;
  
  ora location dependent trust level that requests permission to communicate with at least one of the one or more remote locations.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising removing rights potentially exercisable by the application.
  - 18. The method of claim 17, wherein the act of removing rights comprises assigning a random execution location or published location to the application.
  - 19. The method of claim 16, further comprising making safe custom code of the application.
  - 20. The method of claim 19, wherein the act of making safe comprises forbidding or making inaccessible data connections or custom controls.
  - 21. The method of claim 16, wherein the act of preventing or intercepting comprises preventing or intercepting all outside calls made by the application.
  - 22. One or more computer storage media having computer-executable instructions for performing the method recited in claim 16.

23. A computer implemented method comprising:
- determining if an application is configured to access data outside of the applications boundaries based on one or more URL'"'"'s;
  
  responsive to determining that the application is configured to access data outside of the application'"'"'s boundaries based on said one or more URL'"'"'s, embedding a location dependent trust level into the application that requests permission to access data outside of the application'"'"'s boundaries; and
  
  responsive to determining that the application is not configured to access data outside of the application'"'"'s boundaries based on said one or more URL'"'"'s, embedding a restricted trust level into the application that does not request permission to access data outside of the application'"'"'s boundaries.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, further comprising determining the operations and neutralizing the operations.
  - 25. The method of claim 23, further comprising removing rights potentially exercisable by the application.
  - 26. One or more computer storage media having computer-executable instructions for performing the method recited in claim 23.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Narendran, Arungundram, Sikchi, Prakash, Catorcini, Alessandro, O'Connor, Brian G., Stott, Nathaniel W., Kelkar, Amol S, Rosenberg, Lee B
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Louie; Oscar A

Application Number

US10/876,433
Time in Patent Office

2,084 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2119   Authenticating web pages, e...

Executing applications at appropriate trust levels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

813 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Executing applications at appropriate trust levels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

813 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links