Secure isolation of application pools

US 8,640,215 B2
Filed: 03/23/2007
Issued: 01/28/2014
Est. Priority Date: 03/23/2007
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer system for securely isolating applications at a server, comprising:

identifying an application that is to be loaded;

creating a security token that is unique to the computer system and based on a name of the identified application, wherein the security token is a security identifier having a prefix that is common to all created security tokens;

receiving a request to load the identified application; and

creating a process in which to load the identified application, the process having security attributes associated with the created security token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure web hosting system is provided. In various embodiments, the secure web hosting system identifies an application that is to be loaded, creates a security token that is unique to the computer system and based on a name of the identified application, receives a request to load the identified application, and creates a process in which to load the identified application, the process having security attributes associated with the created security token. In various embodiments, the secure web hosting system includes an isolation service component that creates a security token based on an application name of an application identified by the configuration file.

35 Citations

View as Search Results

18 Claims

1. A method performed by a computer system for securely isolating applications at a server, comprising:
- identifying an application that is to be loaded;
  
  creating a security token that is unique to the computer system and based on a name of the identified application, wherein the security token is a security identifier having a prefix that is common to all created security tokens;
  
  receiving a request to load the identified application; and
  
  creating a process in which to load the identified application, the process having security attributes associated with the created security token.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the security token is a security identifier.
  - 3. The method of claim 1 wherein the security token is a security identifier having a prefix that is common to all created security tokens and is associated with a web server that creates the process.
  - 4. The method of claim 1 further comprising providing indications of the application name and the identified application to a local system authority.
  - 5. The method of claim 1 wherein the creating a security token includes generating a hash value based on the name of the identified application.
  - 6. The method of claim 1 wherein the creating a security token includes generating a hash value based on the name of the identified application using a secure hash algorithm.

7. A system for securely isolating applications at a server, comprising:
- a processor and memory;
  
  a web server component that receives and processes requests for applications;
  
  a configuration store component that stores a configuration file associated with the web server component; and
  
  an isolation service component that creates a security token based on an application name of an application identified by the configuration file when the web server component loads the configuration file, wherein the security token is a hash value based on the name of the identified application and is unique to the server and has a prefix that is common to all created security tokens.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7 wherein the configuration file identifies multiple applications and each application is associated with a name.
  - 9. The system of claim 7 wherein the isolation service component provides an indication of the application name and created security token to a local system authority component.
  - 10. The system of claim 7 wherein when the web server component receives a request for the application, the web server component creates a process to handle the application in a security context associated with the created security token.
  - 11. The system of claim 7 further comprising a local security authority component that sets security permissions associated with processes created by the web server, the security permissions relating to the created security token.
  - 12. The system of claim 11 wherein the security permissions are specified in the configuration file.

13. A memory device storing computer-executable instructions that, when executed, cause a computer system to perform a method for securely isolating applications at a server, the method comprising:
- identifying an application that is to be loaded;
  
  creating a security token that is unique to the computer system and based on a name of the identified application;
  
  providing the created security token and an indication of the application name to a local system authority;
  
  creating an account for the identified application; and
  
  creating a process for the identified application upon receiving a request for the application, the created process having security attributes relating to the created security token.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The memory device of claim 13 further comprising instructions for setting permissions for the created account.
  - 15. The memory device of claim 13 further comprising instructions for providing the created security token to the created process.
  - 16. The memory device of claim 13 further comprising instructions for generating a hash value using a one-way hash function based on the name of the identified application.
  - 17. The memory device of claim 13 further comprising instructions for creating the security token that employs a prefix and a hash value, the hash value created using a secure hash algorithm based on the name of the identified application.
  - 18. The memory device of claim 17 wherein the prefix is “
    - S-1-5-81.”

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malhotra, Vikas, Field, Scott A., Dunajsky, Jaroslav
Primary Examiner(s)
McNally, Michael S

Application Number

US11/690,631
Publication Number

US 20080235790A1
Time in Patent Office

2,503 Days
Field of Search

726/10, 726/20
US Class Current

726/10
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 2221/2141 Access rights, e.g. capabil...

Secure isolation of application pools

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Secure isolation of application pools

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others