Browser protection module
First Claim
1. A computer-implementable method comprising:
- receiving code, at a firewall device, from a server in response to a user request, the code including mark-up language code and script code;
prior to runtime execution, employing a first translation function and a second translation function to transform the code to prevent exploitation of vulnerabilities of a web browser application, wherein;
the first translation function;
parses the mark-up language code;
identifies one or more first order exploits in the parsed mark-up language code; and
removes the one or more first order exploits identified; and
the second translation function;
parses the script code;
identifies one or more second order exploits in the parsed script code; and
inserts one or more checks configured to virtualize the one or more second order exploits identified at runtime execution by modifying statements and expressions in the script code; and
providing the transformed code to a client device that applies the first translation function to new mark-up language code during runtime execution based on the one or more checks inserted, and applies the second translation function to incoming script code during runtime execution based on the one or more checks inserted, to ensure runtime safety.
2 Assignments
0 Petitions
Accused Products
Abstract
An exemplary computer-implementable method (300) transforms information to reduce or eliminate risk of exploitation of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and a browser protection component (264, 268) for transforming the information to prevent exploitation of a vulnerability of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.
86 Citations
16 Claims
-
1. A computer-implementable method comprising:
-
receiving code, at a firewall device, from a server in response to a user request, the code including mark-up language code and script code; prior to runtime execution, employing a first translation function and a second translation function to transform the code to prevent exploitation of vulnerabilities of a web browser application, wherein; the first translation function; parses the mark-up language code; identifies one or more first order exploits in the parsed mark-up language code; and removes the one or more first order exploits identified; and the second translation function; parses the script code; identifies one or more second order exploits in the parsed script code; and inserts one or more checks configured to virtualize the one or more second order exploits identified at runtime execution by modifying statements and expressions in the script code; and providing the transformed code to a client device that applies the first translation function to new mark-up language code during runtime execution based on the one or more checks inserted, and applies the second translation function to incoming script code during runtime execution based on the one or more checks inserted, to ensure runtime safety. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14)
-
-
9. A device comprising:
-
a processor; a memory, coupled to the processor, storing computer executable instructions that, when executed by the processor, configure the device to; receive code executable by a web browser application or an email application on a target client device, the code including mark-up language code and script code; prior to runtime execution, employ a first translation function and a second translation function to transform the code to ensure safe execution of the code by the web browser application or the email application, wherein; the first translation function; parses the mark-up language code; identifies one or more first order exploits in the parsed mark-up language code; and removes the one or more first order exploits identified; and the second translation function; parses the script code; identifies one or more second order exploits in the parsed script code; and inserts one or more checks configured to virtualize the one or more second order exploits identified at runtime execution by modifying statements and expressions in the script code; and at runtime execution, apply the first translation function to new mark-up language code during runtime execution based on the one or more checks inserted, and apply the second translation function to incoming script code during runtime execution based on the one or more checks inserted, to ensure runtime safety; and render for display the transformed code at the target client device. - View Dependent Claims (10, 11, 15)
-
-
12. One or more computer readable storage devices that comprise instructions executable by a processor to implement acts comprising:
-
receiving code via a network interface in response to a user request, the code being executable by a web browser application or an email application and including mark-up language code and script code; prior to runtime execution, employing a first translation function and a second translation function to transform the code received via the network interface to prevent exploitation of vulnerabilities of the web browser application or the email application, wherein; the first translation function; parses the mark-up language code; identifies one or more first order exploits in the parsed mark-up language code; and removes the one or more first order exploits identified; and the second translation function; parses the script code; identifies one or more second order exploits in the parsed script code; and inserts one or more checks configured to virtualize the one or more second order exploits identified at runtime execution by modifying statements and expressions in the script code; and at runtime execution, applying the first translation function to new mark-up language code during runtime execution based on the one or more checks inserted, and applying the second translation function to incoming script code during runtime execution based on the one or more checks inserted, to ensure runtime safety; and rendering for display the transformed code. - View Dependent Claims (16)
-
Specification