Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-08-28
2001-08-14
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000, C714S053000, C714S055000, C714S038110
Reexamination Certificate
active
06275938
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to electronic data processing and in particular to avoiding system damage from executing programs containing untrusted code.
BACKGROUND OF THE INVENTION
Advances in Internet browsers are creating dynamic and interactive pages on the World Wide Web. However, the advances are also creating increased computer system security risks which may arise from merely viewing a web page. Internet browsers automatically download and run programs or other executable code which are embedded in the web page. The ability to download and execute programs from a remote computer exposes the host computer to several security risks. Hostile programs can, for example, modify a computer system or data on the computer system, steal user data such as passwords and bank-account information, or make system resources unavailable to the user. As a result, security issues are critical in the development of Internet applications.
One prior-art approach provides security for a particular form of executable code, known as Java applets. The executable-code source program is written, downloaded, and converted to platform-independent byte code. The platform-independent tokenized byte code runs on a virtual machine which places strict limits on what the executable code can do. The executable code in the prior-art approach has only very limited access to the operating system. Accordingly, as the Java language becomes more powerful, it must duplicate many functions that the operating system already performs.
ActiveX controls are a form of executable code which avoid the limited abilities of Java. Active® is an outgrowth of two technologies from Microsoft Corp. called OLE (Object Linking and Embedding) and COM (Component Object Model). ActiveX supports features that enable it to take advantage of the Internet. For example, an ActiveX control can be automatically downloaded and executed by a Web browser.
Because ActiveX controls are written in native code, they have full access to the operating system and the process memory in which the controls are running. This access is powerful when the control is running in a tightly controlled environment such as an extension to a stand-alone application. However, full access to the operating system creates serious security issues when ActiveX controls are downloaded from unknown or untrusted sources on the Internet by an application such as the web browser Internet Explorer®. ActiveX controls are designed to access any of the operating system's services. A hostile ActiveX control could search for information on the host system's hard drive, implant a virus, or damage the host system. The problem with the unrestricted access of ActiveX to the operating system is that the unrestricted access places the host system at risk to security breaches.
Accordingly, there is a need for a form of executable code with the ability to access the power of the host operating system, but without compromising the host system's security.
SUMMARY OF THE INVENTION
The present invention implements a security policy for untrusted executable code written in native, directly executable code. The executable code is loaded into a pre-allocated memory range, or sandbox, from which references to outside memory are restricted. Checks (“sniff code”) added to the executable code enforces these restrictions during execution. Conventional application-program interface (API) calls in the untrusted code are replaced with translation-code modules (“thunks”) that allow the executable code to access the host operating system, while preventing breaches of the host system's security. Static links in the control or applet are replaced by calls to thunk modules. When an API call is made during execution, control transfers to the thunk, which determines whether the API call is one which should be allowed to execute on the operating system or not.
REFERENCES:
patent: 4654799 (1987-03-01), Ogaki et al.
patent: 4688169 (1987-08-01), Joshi
patent: 4796220 (1989-01-01), Wolfe
patent: 4982430 (1991-01-01), Frezza et al.
patent: 5222134 (1993-06-01), Waite et al.
patent: 5390314 (1995-02-01), Swanson
patent: 5644709 (1997-07-01), Austin
patent: 5805829 (1998-09-01), Cohen et al.
patent: 5812668 (1998-09-01), Weber
patent: 5842017 (1998-11-01), Hookway et al.
patent: 5850446 (1998-12-01), Berger et al.
patent: 0646865 (1995-04-01), None
patent: 0667572 (1995-08-01), None
patent: WO94/07204 (1994-03-01), None
“New anti-vandal software provides Next Generation PC Protection”,ESafe Technologies, Inc., Available from Internet: <IRL: http://www.esafe.com/press/pr032997 .html>, (Apr. 28, 1997).
Hamilton, M.A., “Java and the Shift to Net-centric Computing”,Computer, 29(8), pp. 31-39, (Aug. 1996).
O'Malley, S., et al., “USC: A Universal Stub Compiler”,Computer Communication Review, vol. 24, pp. 295-306, (Oct. 1994).
Wei, Y., et al., “The design of a stub generator for heterogeneous RPC Systems”,Journal of Parallel and Distributed Computing, vol. 11, pp. 188-197, (1991).
Bharati Sudeep
Bond Barry
Beausoliel, Jr. Robert W.
Hamdan Wasseem
Microsoft Corporation
Schwegman Lundberg Woessner & Kluth P.A.
LandOfFree
Security enhancement for untrusted executable code does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security enhancement for untrusted executable code, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security enhancement for untrusted executable code will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2483551