Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
1998-06-12
2003-01-07
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S165000, C713S166000, C713S167000, C709S229000
Reexamination Certificate
active
06505300
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to computer systems, and more particularly to improvements in security for computer systems.
BACKGROUND OF THE INVENTION
Historically, executable content could only installed on a computer system by physically bringing magnetic media to the computer and having someone with administrative privileges install it. At present, however, the Internet has made it very easy and popular for ordinary computer users to download executable content such as programs, HTML pages and controls. In many cases, executable content may be downloaded and executed via the Internet without the user even realizing that such an event took place. Similarly, computer users may receive electronic mail or news containing files that include executable content, such as executable programs and/or documents containing macros, and moreover, the mail or news itself may be an HTML page. Opening such a message or an attachment therein exposes the recipient's system to whatever executable content is present.
Unfortunately, such executable content is often unruly, e.g., it may be malicious and intentionally destroy data on the client machine, error-prone and cause the client machine to crash, or well-intentioned but careless and divulge confidential information about the client. Although these types of computer problems have previously existed in the form of “viruses” and “trojans,” the ubiquitous presence of World Wide Web has made these problems widespread, and in some cases out of control.
On the server side, web servers launch server programs such as CGI scripts on behalf of clients and return data from the programs back to the clients. The source of such scripts is not necessarily carefully controlled, nor are all such scripts well written. As a result, poorly written CGI scripts have caused web server machines to crash or to slow down by using too many computer resources. Moreover, poorly written server programs may be tricked by a malicious client into performing actions it should not do, such as executing other applications or writing or reading data to or from storage. Lastly, some web servers even allow a client program to send scripts to the server to be executed on the client's behalf, posing many dangers.
In general, client and server operating environments are not adequately protected against unruly executable content. At the same time, because so much executable content is valuable, the need to be able to receive and run executable content continues to grow despite the inherent risks of untrusted content.
SUMMARY OF THE INVENTION
Briefly, the present invention provides restricted execution contexts for untrusted content (such as executable code, dynamic HTML, Java or Active-X controls) that restricts the resources that the content may access. A restricted process is set up for untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which are based on various criteria. Whenever a process attempts to access a resource, a restricted token associated with each process is compared against security information of the resource to determine if the type of access is allowed. The resource's security information thus determines whether a process, and thus the untrusted content, may access the resource, and if so, the type of access that is allowed.
Untrusted content includes data downloaded from websites, and each such site has a restricted process set up therefor based on the site identity and the zone in which the site is categorized. APIs and helper processes enable the website to access its own site, files and registry keys, while ACLs on other resources not related to the site restrict the access of that site as desired, based on the site identity, zone or other criteria. Other untrusted content includes electronic mail messages or news along with any attachments thereto. Such content is similarly run in a restricted execution context wherein the restrictions are based on criteria such as the identity of the sender. Servers also may run untrusted content such as scripts and client processes in restricted execution contexts, whereby the restrictions may be based on criteria such as the script author, the method of client authentication used, and/or any other information available to the server indicative of how trusted or untrusted the content may be.
Other advantages will become apparent from the following detailed description when taken in conjunction with the drawings, in which:
REFERENCES:
patent: 4962449 (1990-10-01), Schlesinger
patent: 5138712 (1992-08-01), Corbin
patent: 5276901 (1994-01-01), Howell et al.
patent: 5321841 (1994-06-01), East et al.
patent: 5390247 (1995-02-01), Fischer
patent: 5412717 (1995-05-01), Fischer
patent: 5506961 (1996-04-01), Carlson et al.
patent: 5542046 (1996-07-01), Carlson et al.
patent: 5638448 (1997-06-01), Nguyen
patent: 5649099 (1997-07-01), Theimer et al.
patent: 5675782 (1997-10-01), Montague et al.
patent: 5678041 (1997-10-01), Baker et al.
patent: 5680461 (1997-10-01), McManis
patent: 5682478 (1997-10-01), Watson et al.
patent: 5745676 (1998-04-01), Hobson et al.
patent: 5757916 (1998-05-01), MacDoran et al.
patent: 5761669 (1998-06-01), Montague et al.
patent: 5812784 (1998-09-01), Watson et al.
patent: 5826029 (1998-10-01), Gore et al.
patent: 5845067 (1998-12-01), Porter et al.
patent: 5922073 (1999-07-01), Shimada
patent: 5925109 (1999-07-01), Bartz
patent: 5940591 (1999-08-01), Boyle
patent: 5941947 (1999-08-01), Brown et al.
patent: 5949882 (1999-09-01), Angelo
patent: 5983270 (1999-11-01), Abraham et al.
patent: 5983350 (1999-11-01), Minear et al.
patent: 6081807 (2000-06-01), Story et al.
patent: 6105132 (2000-08-01), Fritch et al.
patent: 0 398 645 (1990-11-01), None
patent: 0 465 016 (1992-01-01), None
patent: 0 588 415 (1994-03-01), None
patent: 0 697 662 (1996-02-01), None
patent: 0 813 133 (1997-12-01), None
patent: WO 96/05549 (1996-02-01), None
patent: WO 96/13113 (1996-05-01), None
patent: WO 97/15008 (1997-04-01), None
patent: WO 97/26734 (1997-07-01), None
Frost, J. “Windows NT Security”, pp. 1-6, dated May 4, 1995 retrieved form the Internet <http://world.std.com/~jimf/papers
t-security
t-security.html> on May 28, 2001.*
Asche, Ruediger R., “The Guts of Security”, pp. 1-19, dated May 9, 1995, retrieved from the Internet <http://msdn.microsoft.com/library/techart/medn-secguts.htm> on May 28, 2001.*
Asche, Ruediger R. “Windows Security in Theory and Practice”, pp. 1-10, dated May 9, 1995, retrieved from the Internet <http://msdn.microsoft.com/library/techart/msdn-seccpp.htm> on May 28, 2001.*
Soshi et al.,The Saga Security System: A Security Architecture for Open Distributed Systems, IEEE, pp 53-5 (1997).
Anonymous, “Apache suEXEC Support,” (describes the Apache HTTP Server Version 1.3 dating from Jun. 5, 1998 as documented in Written Opinion for PCT Application No. PCT/US99/12912), http://www.apache.org/docs/suexec.html printed Jul. 24, 2000.
Anonymous, “Apache Virtual Host documentation,” (describes the Apache HTTP Server Version 1.3 dating fr Jun. 5, 1998 as documented in Written Opinion for PCT Application No. PCT/US99/12912), http://www.apache.org/docs/vhosts/index.html, printed Jul. 24, 2000.
Bell Telephone Laboratories Incorporated,UNIX™ Time-Sharing System: UNIX Programmer's Manual, 7thEdition, vol. 1, Chmod(1), SU(1), Exec(2) (Jan. 1979).
Copy of Written Opinion in Corresponding PCT Application No. PCT/ US99/12912 dated Mar. 3, 2000.
Copy of International Search Report in Corresponding PCT Application No. PCT/US99/12912 dated May 11, 1999.
“Java Security Model: Java Protection Domains,” http://java.sun.com/security/handout.html, printed Nov. 11, 1999.
Anon, “Privilege Control Mechanism for UNIX Systems,”IBM Technical Disclosure Bulletin, vol. 34, No. 7b pp. 477-479, Dec. 1991.
Erdos et al., “Security Reference Model for the Java Developer's Kit 1.0.2,”Java Security Reference Model, Nov. 13, 1996, http://www.javasoft.com/security/SRM.html printed Jul. 14, 1999.
Fritzinger et al., “Java
Chan Shannon
Goertzel Mario C.
Jensenworth Gregory
Shah Bharat
Swift Michael M.
Law Offices of Albert S. Michalik PLLC
Microsoft Corporation
Peeso Thomas R.
LandOfFree
Method and system for secure running of untrusted content does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for secure running of untrusted content, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for secure running of untrusted content will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3068163