• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    system and method for preserving references in sandboxes. the present invention relates to computer-readable non-transitory storage systems, methods and media for preserving references in sandboxes. a system implementing the method receives a document for use in a sandbox environment and passes the document to an analyzer, through a coordinator. the analyzer finds references in the document for other resources and produces a list of references. the system passes the list of references to a verifier that checks each reference and produces a list of verified references. the system passes the list of verified references to the application within the sandbox that extends the sandbox to include resources in the list of verified references. in one mode, the system preserves references in sandboxes without the use of a coordinator.
    公开号:BR112013030584B1
    申请号:R112013030584-3
    申请日:2012-05-10
    公开日:2021-04-27
    发明作者:Ivan Krstic;Pierre-Olivier J. Marte
    申请人:Apple Inc.;
    IPC主号:
    专利说明:

    CROSS REFERENCE TO RELATED ORDER (S)
    [0001] This application claims priority for US Patent application Serial No. 13 / 153,274, entitled, "SYSTEM AND METHOD FOR PRESERVING REFERENCES IN SANDBOXES", filed on June 3, 2011, which is incorporated into this document by reference in your totality. Background 1. Technical Field
    [0002] The present invention relates to computer security and more specifically to preserving references in documents for use in a sandbox environment. 2. Introduction
    [0003] Computer security is a critical aspect of the computing world. Many different industries, including the communications, entertainment, transportation, financial and medical industries, rely on computers. Computer security involves protecting these vital computing systems by preventing and detecting computer attacks. Attackers do damage to computer systems in different ways such as stealing passwords, issuing denial of service attacks and distributing malicious software such as viruses and worms.
    [0004] Protecting computer systems against attackers is a challenging and ever-changing task. There are a number of methods for protecting computing systems, from requiring users to change passwords frequently by employing complex cryptographic algorithms in a computing system. One method of protecting a computer system is the sandbox, a computer program to protect a computer system from a potentially malicious program. A sandbox is a mechanism used to separate a computer program running from other programs and / or computing resources. Some secure computing systems run untrusted programs, or programs distributed by untrusted parties, in sandboxes. Sandbox restrictions limit the resources that a computer program can access. An example of a sandbox environment is an applet that runs on a virtual machine or interpreter, such as Adobe® Flash® or Microsoft® Silverlight®.
    [0005] Documents stored in exchange formats such as Portable Document Format (PDF) or Apple® Quicktime® may contain embedded references to other files. When a computer system does not trust a file like this, it can sandbox the application that accesses the untrusted file. When these documents are opened with a sandbox application, the application is unable to follow references to other files because of the restrictions placed on the sandbox application by the computer system. The inaccessibility of references to other documents in a sandbox application can be frustrating for users. Inexperienced users can simply give up and have a bad impression of the computing platform, while more experienced or technically prone users can try to circumvent the sandbox, thereby inadvertently causing a potentially serious security vulnerability. Users who want additional information from references included in a document have no way to access these references in an application within a sandbox. SUMMARY
    [0006] Additional features and benefits of the disclosure will be set out in the description that follows, and in part will be obvious from the description, or may be learned by practicing the principles revealed in this document. The resources and advantages of the disclosure can be realized and obtained through the instruments and combinations highlighted particularly in the attached embodiments. These and other features of the disclosure will become more fully apparent from the following description and the attached embodiments, or can be learned by practicing the principles set out in this document.
    [0007] Readable systems, methods and media are readable for non-transitory computer storage to preserve references in sandboxes. A system practicing the method receives a document, such as a PDF, for use in a sandbox environment. The system passes the document to a coordinator who then passes the document to an analyzer. The analyzer identifies references in the document for other resources and returns a list of references to the coordinator. The coordinator then passes the list of references to a verifier and optionally passes other parameters indicating the type of original document, a desired security and / or confidence level to handle the list of references, a user account and so on. The verifier checks each resource associated with each reference and returns the list of verified references to the coordinator. The verifier can check references when the reference file format is of an expected type and / or the computer system behaves as expected when the file is opened. The verifier can check other attributes of linked resources by the reference list. For example, the verifier can confirm that the resources have been appropriately flagged, a checksum of the resource, file attribute of the resource and / or other characteristics that may indicate that the resource is reliable, expected and / or authentic. The verifier passes the list of verified references back to the coordinator who then passes the list of verified references to the application. The application can then modify the sandbox environment based on the list of verified references to produce a modified sandbox environment that includes the verified references in addition to the original document, or that provides access to the resources indicated by the verified references.
    [0008] In one mode, the system passes the document directly to the analyzer, without using a coordinator. The analyzer finds references in the document for other resources and produces a list of references. The system passes the list of references directly to the verifier, without using a coordinator. The verifier checks each resource associated with each reference and produces a list of verified references. The verifier passes the list of verified references directly to the application, which then extends the sandbox environment to include the verified references in addition to the original document. In this modality, a coordinator is not used; instead, the application communicates directly with the analyzer and the verifier. Although potentially less secure, this modified approach to preserving sandbox references is simpler than the original approach, it can be advantageous for implementation purposes. BRIEF DESCRIPTION OF THE DRAWINGS
    [0009] In order to describe the way in which the previously reported and other advantages and resources of the disclosure can be obtained, a more particular description of the principles described above in a brief form will be presented with reference to the specific modalities of them that are illustrated in the drawings attachments. Understanding that these drawings represent only exemplary forms of disclosure and, therefore, that they are not to be considered as limiting their scope, the principles in this document are described and explained with specificity and additional details through the use of the attached drawings, in which : FIG. 1 illustrates an example system embodiment; FIG. 2 illustrates a first example of a reliable service system example including a coordinator; FIG. 3 illustrates an example unmodified sandbox environment for viewing a document with embedded references; FIG. 4 illustrates an example modified sandbox environment for viewing a document with embedded references; FIG. 5 illustrates a modality of a method of preserving references; FIG. 6 illustrates an example system architecture for analyzing and verifying references in a document for use in a sandbox environment; FIG. 7 illustrates an example sandbox environment; FIG. 8 illustrates an example modified sandbox environment showing verified and unverified references; and FIG. 9 illustrates a second example of a reliable service system example without a coordinator. DETAILED DESCRIPTION
    [00010] Various modalities of the disclosure are discussed in detail below. Although specific implementations are discussed, it should be understood that this is done for illustration purposes only. Those skilled in the art will recognize that other components and other configurations can be used without departing from the spirit and scope of the revelation.
    [00011] The present disclosure addresses the need in the technique to preserve references in sandboxes. A non-transitory computer-readable system, method and media are revealed that preserve references in documents for use in a sandbox environment. A brief introductory description of a basic general purpose computing system or device in FIG. 1 that can be used to practice the concepts is revealed in this document. A more detailed description of preserving references in sandboxes will then be given below. The disclosure now returns to FIG. 1.
    [00012] With reference to FIG. 1, an exemplary system 100 includes a general purpose computing device 100, including a processing unit (CPU or processor) 120 and a bus system 110 that couples various system components including system memory 130, such as memory only readout (ROM) 140 and random access memory (RAM) 150, to processor 120. System 100 may include a high-speed memory cache 122 directly connected, in immediate proximity, or integrated as part of processor 120. The system 100 copies data from memory 130 and / or storage device 160 to cache 122 for quick access by processor 120. In this way, the cache provides a performance boost that prevents processor 120 from delaying while waiting for data. These and other modules can control or be configured to control processor 120 to perform various actions. The other system memory 130 may also be available for use. Memory 130 may include multiple different types of memories with different performance characteristics. It can be seen that the disclosure can operate on a computing device 100 with more than one processor 120 or on a group or grouping of networked computing devices together to provide greater processing power. Processor 120 can include any general purpose processor and a hardware module or software module, such as module 1 162, module 2 164 and module 3 166 stored in storage device 160, configured to control processor 120 as well as a special-purpose processor where software instructions are incorporated into the actual processor design. The processor 120 can essentially be a completely self-contained computing system, containing multiple cores or processors, a bus, memory controller, cache, etc. A multi-core processor can be symmetrical or asymmetric.
    [00013] Bus system 110 can be any one of several types of bus structures including a memory bus or memory controller, a peripheral bus and a local bus using any of a variety of bus architectures. A basic input / output system (BIOS) stored in ROM 140 or the like can provide the basic routine that helps to transfer information between elements within the computing device 100, such as during startup. Computing device 100 additionally includes storage devices 160 such as a hard disk drive, a magnetic disk drive, an optical disk drive, tape drive or the like. Storage device 160 may include software modules 162, 164, 166 for controlling processor 120. Other hardware or software modules are considered. Storage device 160 is connected to bus system 110 via a unit interface. The drives and associated computer-readable storage media provide non-volatile storage of computer-readable instructions, data structures, program modules and other data for computing device 100. In one aspect, a hardware module that performs a function particular includes the software component stored on non-transitory, computer-readable media in connection with the necessary hardware components, such as processor 120, bus 110, display 170, and so on, to perform the function. The basic components are known to those skilled in the art and appropriate variations are considered depending on the type of device, such as whether the device 100 is a small portable computing device, a desktop computer or a server computer.
    [00014] Although the exemplary modality described in this document employs hard disk 160, it should be understood by those skilled in the art that other types of computer-readable media that can store data that are accessible by a computer, such as magnetic tapes, memory cards flash drives, digital versatile disks, cartridges, random access memories (RAMs) 150, read-only memory (ROM) 140, a cable or wireless signal containing a bit stream and more, can also be used in the environment of exemplary operation. Computer-readable non-transitory storage media expressly exclude media such as energy, carrier signals, electromagnetic waves and signals by themselves.
    [00015] To enable user interaction with computing device 100, an input device 190 represents any number of input mechanisms, such as a speech microphone, a touchscreen for gesture or graphic input, a keyboard, mouse, motion input, speech and so on. An output device 170 can also be one or more of several output mechanisms known to those skilled in the art. In some instances, multimodal systems enable a user to provide multiple types of inputs to communicate with computing device 100. Communications interface 180 generally governs and manages user input and system output. There is no restriction to operate on any particular hardware layout and, therefore, here the basic features can easily be replaced by improved hardware or firmware arrangements as they are developed.
    [00016] For clarity of explanation, the illustrative system modality is presented as including individual function blocks including labeled function blocks such as a "processor" or processor 120. The functions that these blocks represent can be provided through the use of hardware shared or dedicated, including, but not limited to, hardware capable of running software and hardware, such as a 120 processor, which is purpose built to operate as an equivalent to software running on a general purpose processor. For example, the functions of one or more processors shown in FIG. 1 can be provided by a single shared processor or by multiple processors (use of the term "processor" should not be interpreted to refer exclusively to hardware capable of running software). Illustrative modalities may include microprocessor and / or digital signal processor (DSP) hardware, read-only memory (ROM) 140 for storing software by performing the operations discussed below, and random access memory (RAM) 150 for storing results . Very large scale integration hardware (VLSI) modes, as well as custom VLSI circuitry in combination with a general purpose DSP circuit, can also be provided.
    [00017] The logical operations of the various modalities are implemented as: (1) a sequence of steps, operations or procedures implemented by a computer running on a programmable circuit inside a general purpose computer, (2) a sequence of steps, operations or computer-implemented procedures running on a programmable circuit for specific use; and / or (3) machine modules or program mechanisms interconnected within programmable circuits. The system 100 shown in FIG. 1 may practice all or part of the reported methods, may be a part of the reported systems and / or may operate according to instructions on the reported computer readable non-transitory storage media. Such logical operations can be implemented as modules configured to control the processor 120 to perform particular functions according to the module's programming. For example, FIG. 1 illustrates the three modules 1, 2 and 3, 162, 164 and 166 respectively, which are modules configured to control processor 120. These modules can be stored on storage device 160 and loaded into RAM 150 or memory 130 at run time. execution or can be stored in other computer readable memory locations as is known in the art.
    [00018] Having revealed some components of a computing system, the revelation now returns to a discussion of handling references in a document in a sandbox environment. FIG. 2 illustrates a trio of reliable services for preserving references in a sandbox. The trio of trusted services are a coordinator 202 that coordinates the reference preservation process, an analyzer 204 that analyzes a document containing embedded references for other resources and a verifier 206 that checks each embedded reference for other resources. The coordinator, analyzer and verifier are considered to be reliable and each operates within its own individual sandbox, which restricts the resources that each service can access. Documents stored in exchange formats such as PDF or Quicktime movie format may contain embedded references to other resources, where references are file paths. When documents such as these are opened in an application inside the sandbox, the system cannot follow the references because the sandbox does not allow access to the referenced resource that is outside the sandbox environment. When embedded references are internal to the document, the application inside the sandbox has access to the resource, because the reference is internal. Internal features do not require a sandbox extension, so the analyzer can ignore them exactly and / or the verifier can skip them. However, in the unlikely event that a document contains a link pointing to itself, the system can optionally extend the sandbox to that link as well. The reference preservation process described in this document allows an application inside a sandbox to have access to the verified references.
    [00019] FIG. 3 illustrates a document storing references that is open in an application restricted to an initial sandbox environment and FIG. 4 illustrates the document opened in an application restricted to a modified sandbox environment. Application 302 cannot access resources 304 that are external to the sandbox environment, because the computer system has placed restrictions on the application in the sandbox. However, internal references 310 are treated differently, because they do not require access to an unverified external resource. After the trusted services perform the process of preserving references in the document, the application modifies or extends the sandbox environment in such a way that the sandbox includes the features verified by the trusted services. A user accessing a 406 document in a modified sandbox environment has access to file 1, file 2 and file 3 of verified references 408. The system can perform the reference preservation process with references to resources locally or through a network connection, such as references to resources on the Internet.
    [00020] FIG. 5 illustrates an exemplary method modality. For the sake of clarity, the method is discussed in terms of an exemplary system 100 as shown in FIG. 1 configured to practice the method. The steps outlined in this document are exemplary and can be implemented in any combination of them, including combinations that exclude, add or modify certain steps. A system 100 practicing the method receives a document for use in a sandbox environment 502, passes the document to an analyzer that finds references in the document to produce a list of references 504, and passes the list of references to a verifier that checks the references to produce a list of verified references 506. Then system 100 can modify the sandbox environment based on the list of verified references 508. A document can be any file or multiple computer files that contain references to other resources, such as PDF and Quicktime documents, but not limited to these specific formats. A document requiring a sandbox environment may be a document from an untrusted source or a document that has possibly been breached, or a system may require that all documents be subjected to the reference preservation process. The system can place all documents of a specific type in a sandbox environment. Specific application or operating system settings can influence the decision to use a sandbox when accessing a file. The file itself may include a sign or label indicating whether that file should be used in a litter box or not. References to other resources in a document can be references to other computer files, or references to other files or resources within the document. Resources can be in the same format as the original document, or in a different format. For example, an original document in PDF format can contain references to other PDF files, or any other file format specified by a user, application, coordinator or verifier such as Excel or Word. System 100 may require that documents storing the Quicktime file format, for example, only be able to access other video formats such as AVI.
    [00021] FIG. 6 illustrates preserving references in a sandbox. An application 602 sends the document to a coordinator 604, who coordinates the verification of references for resources. Coordinator 604 passes the document to an analyzer 606 that finds references in the document for other resources to produce a 504 reference list. The analyzer 606 can operate within its own sandbox for security purposes, so that the analyzer does not have access to any resources other than the document or the part of the document that went through the coordinator. Analyzer 606 analyzes the document to find references to other files and produces a list of references found in the document. For example, the 606 analyzer can analyze HTML for links to documents or images, it can analyze XML for specific tags or data, or it can analyze Portable Document Format (PDF) for references to other resources. Analyzer 606 sends the reference list back to coordinator 604 who then sends the reference list to verifier 608 for verification of the listed references sent by analyzer 506.
    [00022] The scanner can also operate in its own sandbox, so that opening a potentially malicious or harmful computer file does not harm the computing system. Running the analyzer and / or the scanner in its own sandbox environments can protect the rest of the computing system if a resource contains a threat or is otherwise unsafe. In a sandbox environment, a virus can move between areas freely, but the system does not allow any action outside the sandbox, thus protecting the rest of the system.
    [00023] Verifier 608 opens each resource, or file, in the reference list and compares actual system behavior with expected system behavior. The scanner can also check whether a file is an expected file type. For example, system 100 may require that all references in the reference list for a particular document are PDF files. The verifier can verify that all references in the list are PDF files by checking the file name extension and / or opening the file. The verifier can receive parameters and / or instructions from the coordinator 604 regarding which aspects of the references should be checked, how to check the references and what tolerances (if any) should apply when checking the references. For example, the verifier can observe the system behavior when each resource is opened, and can compare that behavior with expected system behavior. The checker will not check a reference that does not perform as expected, such as crashing a program. In a variation, the checker simply checks whether a file exists in a particular path indicated by the reference. Once the verifier completes checking the reference list, it sends a list of verified references back to coordinator 604, who then sends the list of verified references back to application 602. The application extends the sandbox original to the document based on the verified reference list 508, creating a modified sandbox environment. The modified sandbox environment includes and / or provides access to resources associated with the list of references verified by the verifier.
    [00024] FIG. 7 illustrates an exemplary open file with an application inside the sandbox. The system opens the file meteorological conditions.pdf with an application inside the sandbox 702. The meteorological conditions file contains embedded references for tornados.pdf 704, temporal.docx 706, tsunami_advertência.pdf 708 and temperature.xlsx 710. The environment of sandbox does not allow the application to access the embedded references, which can create frustration for the user trying to access the embedded references. Allowing access to references in an application in a sandbox can be beneficial for users who want additional information in addition to what the document provides.
    [00025] FIG. 8 illustrates a system after extracting, analyzing and checking references in the document and extending the sandbox environment. The application sends the file meteorological conditions.pdf to the coordinator, who then sends the file to the analyzer. The analyzer opens the file in a sandbox environment and finds the embedded references for resources, in this example the tornado.pdf 704, temporal.docx 706, tsunami_advertência.pdf 708 and temperature.xlsx 710 files. The analyzer generates a list of the embedded references to these files and send the list of references to the coordinator. The coordinator sends the list of references to the 608 verifier who operates in his own sandbox environment. The verifier can verify that the file format of each file is of the expected format and / or can carry out additional verification measures. For example, if the system requires the verifier to check only PDF files for a particular document, it verifies that each file is in PDF format. The verifier can receive instructions to scan PDF files only, or to scan PDF and Microsoft Word files, for example. In this example, the system requires the scanner to check only PDF files. The scanner can also open each file in the reference list and observe system behavior. If the system behaves as expected and the file format is of the expected type, the verifier can check the file. The verifier sends a list of verified references to the coordinator, in this case the list of verified references are the files tornado.pdf 804 and tsunami_advertência.pdf 808. The files temporal.docx 806 and temperature.xlsx 810 are not included in the reference list checked because they are not of the expected file type, in this example, PDF. The coordinator sends the list of verified references to the application. The application extends the sandbox 712 to create a modified sandbox 812 that includes the verified references tornados.pdf 804 and tsunami_advertência.pdf 808. The files temporal.docx 806 and temperature.xlsx 810 are not allowed inside the sandbox modified because they were not included in the list of verified references sent to the coordinator by the verifier. The 802 application inside the modified sandbox 812 now has access to the verified references tornados.pdf 804 and tsunami_advertência.pdf 808.
    [00026] From a user perspective, clicking on a link under meteorological conditions.pdf for tornados.pdf 804 or for tsunami_advertência.pdf 808 would be transparent. The user can click on links to these files and the system can open them because these resources are inside the modified sandbox 812. However, if the user clicks on a link for temporal.docx 806 or for temperature.xlsx 810, the The system may deny the request to open this resource. For example, the system can simply ignore requests to access resources outside the sandbox. Alternatively, the system may present an error message to the user indicating that the desired resources are inaccessible. The system can present a message to the user indicating the cause of the desired resource being inaccessible, possibly based on a code or message returned by the verifier. Additionally, the system can present this and / or other information to the user and advise the user whether or not to extend the modified sandbox environment to provide access to the inaccessible resource.
    [00027] In one aspect, as part of extending or modifying the sandbox environment to include other features referenced in the document, the system can save a temporary backup of other features that are not accessible in the modified sandbox. In this way, even if malicious code somehow executes in the modified sandbox environment and changes resources, the system can revert to temporary backup.
    [00028] In another embodiment, system 100 preserves references in sandboxes without the use of a coordinator, as shown in FIG. 9. Application 902 in a sandbox environment sends all or part of a document with embedded references to the 904 analyzer. The 904 analyzer discovers references in the document and produces a reference list. The analyzer 904 sends the reference list directly to verifier 906. Verifier 906 checks at least one reference in the reference list and generates a list of verified references. The list of verified references can include zero, one or more references. Verifier 906 sends the list of verified references to application 902, which then extends the sandbox to create a modified sandbox environment if at least one verified reference is included in the list. The sandbox environment is extended to include verified references. At the cost of security, this modified approach to preserving references in sandboxes is a simpler and potentially easier to implement scheme that does not require the use of a coordinator. The coordinator is the only process that doesn't really touch resources. The coordinator does not analyze the document, nor does he attempt to inspect external resources. Therefore, the coordinator is a process that is unlikely to be the target of exploitation. Thus, the coordinator can perform some extra checks that may or may not be related to security with a decreased risk of exploitation or other attacks.
    [00029] In an aspect related to the user experience and / or perceived performance, when processing a document for use in a sandbox, the system can initially load the document in an unmodified sandbox before analyzing or checking references so that the user can quickly load the document for viewing. Then, while the user is viewing the document, the system can analyze and check references in the document in the background and expand the sandbox environment based on the analyzed and verified references. This gives the user the perception that the document is loaded quickly, while providing delayed access to the resources indicated by the references. The system can analyze and check references in the background in a batch mode or one reference at a time. For example, in a batch mode, the system analyzes all references in the document, verifies all references and then extends the sandbox environment in this way. Alternatively, as soon as the system analyzes a reference, the verifier can then verify that reference, and the system can extend the sandbox environment to that single reference, while the analyzer continues to search for other references. In both cases, the sandbox environment is loaded to view the document first, then the sandbox environment is expanded or otherwise modified in the background after loading the document and while the user is able to browse, view or otherwise access the document.
    [00030] Modalities within the scope of the present disclosure may also include tangible and / or non-transitory computer-readable storage media for loading or having instructions or computer-executable data structures stored therein. Such computer-readable non-transitory storage media can be any available media that can be accessed by a general-purpose or special-use computer, including the functional design of any special-use processor as discussed above. For example, and not by way of limitation, such non-transitory computer-readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other media that can be used to load or store desired program code resources in the form of computer executable instructions, data structures or processor chip design. When information is transferred or provided over a network or other communications connection (physically connected, wirelessly or a combination thereof) to a computer, the computer appropriately views the connection as a computer-readable medium. Thus, any such connection is appropriately referred to as computer-readable media. Combinations of those indicated above should also be included in the scope of computer-readable media.
    [00031] Computer executable instructions include, for example, instructions and data that cause a general-purpose computer, special-purpose computer or special-purpose processing device to perform a certain function or group of functions. Computer-executable instructions also include program modules that are run by computers in stand-alone or network environments. In general, program modules include routines, programs, components, data structures, objects and the functions inherent in the design of special-purpose processors, etc. that perform particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of the program code capabilities for performing method steps revealed in this document. The particular sequence of such executable instructions or associated data structures represents examples of corresponding procedures for implementing the functions described in such steps.
    [00032] Those skilled in the art will understand that other modalities of disclosure can be practiced in network computing environments with many types of computer system configurations, including personal computers, handheld devices, multi-processor systems, consumer electronics based devices. microprocessor or programmable, network PCs, minicomputers, large computers and more. Modalities can also be practiced in distributed computing environments where tasks are performed by local and remote processing devices that are connected (by physically connected links, wireless links or a combination of them) through a communications network. In a distributed computing environment, program modules can be located on both local and remote memory storage devices.
    [00033] The various modalities described above are provided by way of illustration only and should not be construed to limit the scope of the disclosure. For example, the principles in this document can apply to any application that uses the sandbox method to protect a computing system. Those skilled in the art will readily notice various modifications and changes that can be made to the principles described in this document without following the example modalities and applications illustrated and described in this document, and without departing from the spirit and scope of the disclosure.
    权利要求:
    Claims (15)
    [0001]
    1. Method, characterized by the fact that it comprises the steps of: receiving, through a processor (120) from a computing device (100), a document (302) internal to a sandbox environment (300) for use by an application (301) running in the sandbox environment (300); passing the document (302) to an analyzer (204, 606) that finds references in the document (302) for resources (304) external to the sandbox environment (300) to produce a list of references; passing the list of references to a verifier (206, 608) that verifies which resources (304) associated with the references in the reference list satisfy predetermined sandbox criteria to produce a list of verified references; and extending the sandbox environment (300) to the application (301) to include the resources (408) associated with a list of references verified as internal resources to the sandbox environment (300) to produce a sandbox environment extended (400) to the application (301).
    [0002]
    2. Method, according to claim 1, characterized by the fact that it still comprises the step of loading the document (302) in the extended sandbox environment (400) based on the list of verified references.
    [0003]
    3. Method, according to claim 2, characterized by the fact that the extended sandbox environment (400) provides the application (301) with access to the resources (408) associated with the list of verified references.
    [0004]
    Method according to any one of claims 1 to 3, characterized by the fact that the sandbox environment (300) provides the application (301) with access to operate within a predefined restricted set of computing resources.
    [0005]
    5. Method, according to claim 4, characterized by the fact that the predefined restricted set of computing resources comprises the reference list.
    [0006]
    6. System, characterized by the fact that it comprises: a processor (120); a computer-readable non-transitory storage medium (130) storing instructions to control the processor (120) to perform steps comprising: receiving (502), from a coordinator (202), a list of references to resources (304) external to the environment sandbox (300), in which the reference list was extracted from a document (302) internal to the sandbox environment (300) for use by an application (301) in the sandbox environment (300); verify (504) which resources (304) indicated by the references in the reference list satisfy predetermined sandbox criteria to produce a list of verified references; and extending (508) the sandbox environment (300) to the application (301) to include the resources (408) indicated by the list of references verified as internal resources to the extended sandbox environment (400).
    [0007]
    7. System, according to claim 6, characterized by the fact that verifying (504) the resources (304) comprises comparing a real resource format with the expected resource format specified by the predetermined sandbox criteria.
    [0008]
    8. System according to claim 7, characterized by the fact that the expected resource format matches a document format (302).
    [0009]
    9. System, according to claim 7, characterized by the fact that the expected resource format is different from a document format (302).
    [0010]
    10. System, according to claim 6, characterized by the fact that verifying (504) the respective resource (304) comprises opening the respective resource (304) and comparing real system behavior with expected system behavior.
    [0011]
    11. Computer-readable non-transitory storage media characterized by the fact that it stores instructions that, when executed by a computing device (100), cause the computing device (100) to preserve references in a sandbox environment ( 300), instructions comprising: passing (502) a document (302) containing references for use by an application (301) executed in the sandbox environment (300) to a coordinator (202), the document (302) internal to the sandbox environment (300); pass (504) the document (302) to an analyzer, through the coordinator (202), in which the analyzer finds references in the document (302) for resources (304) external to the sandbox environment (300) to produce a list of references; pass (506) the list of references to a verifier (206), through the coordinator (202), in which the verifier (206) verifies which resources (304) pointed out by the references in the reference list satisfy predetermined sandbox criteria to produce a list of verified references; and extending the sandbox environment (300) to the application (301) to include the resources (304) pointed out by the list of references verified as resources (408) internal to the extended sandbox environment (400).
    [0012]
    12. Computer readable non-transitory storage media according to claim 11, characterized by the fact that the analyzer operates in an individual sandbox environment (300).
    [0013]
    13. Computer readable non-transitory storage media according to claim 12, characterized by the fact that the individual sandbox environment (300) allows the analyzer to access only the document (302).
    [0014]
    14. Computer-readable non-transitory storage media according to any of claims 11 to 13, characterized by the fact that the tester (206) operates in an individual sandbox environment (300).
    [0015]
    15. Computer readable non-transitory storage media according to claim 14, characterized by the fact that the individual sandbox environment (300) allows the verifier (206) to access only the reference list.
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112013030584B1|2021-04-27|SYSTEM AND METHOD FOR PRESERVING REFERENCES IN SANDBOXES, AND NON-TRANSITIONAL STORAGE MEDIA LEGIBLE BY COMPUTER
    US11244056B1|2022-02-08|Verification of trusted threat-aware visualization layer
    US10025691B1|2018-07-17|Verification of complex software code using a modularized architecture
    JP6248153B2|2017-12-13|Activate trust level
    US9680862B2|2017-06-13|Trusted threat-aware microvisor
    US10831886B2|2020-11-10|Virtual machine manager facilitated selective code integrity enforcement
    US8473961B2|2013-06-25|Methods to generate security profile for restricting resources used by a program based on entitlements of the program
    WO2017112248A1|2017-06-29|Trusted launch of secure enclaves in virtualized environments
    US8646050B2|2014-02-04|System and method for supporting JIT in a secure system with randomly allocated memory ranges
    US9111089B1|2015-08-18|Systems and methods for safely executing programs
    WO2017052947A1|2017-03-30|Hardware-assisted software verification and secure execution
    MX2014007102A|2014-07-28|Facilitating system service request interactions for hardware-protected applications.
    US8271995B1|2012-09-18|System services for native code modules
    Anderson et al.2014|Operating Systems: Principles and Practice, volume 1: Kernel and Processes
    US10929537B2|2021-02-23|Systems and methods of protecting data from malware processes
    Hiet et al.2008|Policy-based intrusion detection in web applications by monitoring java information flows
    Gadyatskaya et al.2014|Security in the Firefox OS and Tizen mobile platforms
    KR101563059B1|2015-10-23|Anti-malware system and data processing method in same
    Birrell et al.2018|SGX enforcement of use-based privacy
    Raval et al.2019|Permissions plugins as android apps
    Chang et al.2018|Towards a multilayered permission‐based access control for extending Android security
    US8844024B1|2014-09-23|Systems and methods for using tiered signing certificates to manage the behavior of executables
    Xiangying et al.2013|A dynamic trustworthiness attestation method based on dual kernel architecture
    US20220006637A1|2022-01-06|File system supporting remote attestation-based secrets
    US11163645B2|2021-11-02|Apparatus and method of control flow integrity enforcement utilizing boundary checking
    同族专利:
    公开号 | 公开日
    EP2715589B1|2018-05-09|
    CN103582888B|2017-02-15|
    AU2012262867B2|2015-12-17|
    CN103582888A|2014-02-12|
    JP5748905B2|2015-07-15|
    WO2012166316A1|2012-12-06|
    JP2014519120A|2014-08-07|
    KR101565230B1|2015-11-02|
    US20120311702A1|2012-12-06|
    US8601579B2|2013-12-03|
    MX2013013970A|2014-02-27|
    BR112013030584A2|2016-09-27|
    EP2715589A1|2014-04-09|
    KR20140016380A|2014-02-07|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US6367012B1|1996-12-06|2002-04-02|Microsoft Corporation|Embedding certifications in executable files for network transmission|
    US7444678B2|2003-10-28|2008-10-28|Aol Llc|Securing resources from untrusted scripts behind firewalls|
    US7908653B2|2004-06-29|2011-03-15|Intel Corporation|Method of improving computer security through sandboxing|
    US7702692B2|2006-02-16|2010-04-20|Oracle International Corporation|Method and apparatus for preventing unauthorized access to computer system resources|
    US20080016339A1|2006-06-29|2008-01-17|Jayant Shukla|Application Sandbox to Detect, Remove, and Prevent Malware|
    US10019570B2|2007-06-14|2018-07-10|Microsoft Technology Licensing, Llc|Protection and communication abstractions for web browsers|
    JP2009031952A|2007-07-25|2009-02-12|Tokai Television Broadcasting Co Ltd|Information providing system and information providing method|
    US8200522B2|2007-10-26|2012-06-12|International Business Machines Corporation|Repeatable and standardized approach for deployment of a portable SOA infrastructure within a client environment|
    US8326872B2|2008-02-22|2012-12-04|Microsoft Corporation|Database sandbox|
    JP5225003B2|2008-10-01|2013-07-03|キヤノン株式会社|Memory protection method, information processing device, memory protection program, and recording medium containing memory protection program|
    US8341738B2|2009-09-29|2012-12-25|Oracle America, Inc.|API signature verification for high-security platforms|
    US9098719B2|2011-02-03|2015-08-04|Apple Inc.|Securing unrusted content for collaborative documents|US9519772B2|2008-11-26|2016-12-13|Free Stream Media Corp.|Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device|
    US10631068B2|2008-11-26|2020-04-21|Free Stream Media Corp.|Content exposure attribution based on renderings of related content across multiple devices|
    US10334324B2|2008-11-26|2019-06-25|Free Stream Media Corp.|Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device|
    US10419541B2|2008-11-26|2019-09-17|Free Stream Media Corp.|Remotely control devices over a network without authentication or registration|
    US9961388B2|2008-11-26|2018-05-01|David Harrison|Exposure of public internet protocol addresses in an advertising exchange server to improve relevancy of advertisements|
    US10880340B2|2008-11-26|2020-12-29|Free Stream Media Corp.|Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device|
    US9386356B2|2008-11-26|2016-07-05|Free Stream Media Corp.|Targeting with television audience data across multiple screens|
    US9986279B2|2008-11-26|2018-05-29|Free Stream Media Corp.|Discovery, access control, and communication with networked services|
    US10567823B2|2008-11-26|2020-02-18|Free Stream Media Corp.|Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device|
    US10977693B2|2008-11-26|2021-04-13|Free Stream Media Corp.|Association of content identifier of audio-visual data with additional data through capture infrastructure|
    US9154942B2|2008-11-26|2015-10-06|Free Stream Media Corp.|Zero configuration communication between a browser and a networked media device|
    US8180891B1|2008-11-26|2012-05-15|Free Stream Media Corp.|Discovery, access control, and communication with networked services from within a security sandbox|
    US8695060B2|2011-10-10|2014-04-08|Openpeak Inc.|System and method for creating secure applications|
    US9026668B2|2012-05-26|2015-05-05|Free Stream Media Corp.|Real-time and retargeted advertising on multiple screens of a user watching television|
    KR102149679B1|2014-02-13|2020-08-31|삼성전자주식회사|Data storage device, method thereof, and data processing system including same|
    US9766981B2|2014-06-10|2017-09-19|Institute For Information Industry|Synchronization apparatus, method, and non-transitory computer readable storage medium|
    US9232013B1|2014-09-05|2016-01-05|Openpeak Inc.|Method and system for enabling data usage accounting|
    US9100390B1|2014-09-05|2015-08-04|Openpeak Inc.|Method and system for enrolling and authenticating computing devices for data usage accounting|
    US20160071040A1|2014-09-05|2016-03-10|Openpeak Inc.|Method and system for enabling data usage accounting through a relay|
    US9350818B2|2014-09-05|2016-05-24|Openpeak Inc.|Method and system for enabling data usage accounting for unreliable transport communication|
    US8938547B1|2014-09-05|2015-01-20|Openpeak Inc.|Method and system for data usage accounting in a computing device|
    US9633200B2|2014-09-26|2017-04-25|Oracle International Corporation|Multidimensional sandboxing for financial planning|
    CN104967615B|2015-06-03|2018-02-23|浪潮集团有限公司|A kind of safe SDN controllers and the network security method based on the controller|
    US20170060112A1|2015-08-24|2017-03-02|Katrina Danielle PIRNER|Control program for accessing browser data and for controlling appliance|
    CN105844151B|2016-03-18|2020-01-21|山东华软金盾软件股份有限公司|File storage protection implementation method and system|
    US10162653B2|2016-03-31|2018-12-25|Vmware, Inc.|Capturing components of an application using a sandboxed environment|
    CN107358095B|2016-05-10|2019-10-25|华为技术有限公司|A kind of threat detection method, device and network system|
    US10700894B2|2016-06-01|2020-06-30|At&T Intellectual Property I, L.P.|Network caching of outbound content from endpoint device to prevent unauthorized extraction|
    US20190007722A1|2017-06-29|2019-01-03|Microsoft Technology Licensing, Llc|Content access|
    US10788957B1|2019-08-22|2020-09-29|Intel Corporation|Web page designing with sandboxed custom editors|
    WO2021262600A1|2020-06-21|2021-12-30|Apple Inc.|Application specific network data filtering|
    法律状态:
    2018-12-11| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|
    2019-10-29| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|
    2021-03-09| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|
    2021-04-27| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 10/05/2012, OBSERVADAS AS CONDICOES LEGAIS. |
    优先权:
    申请号 | 申请日 | 专利标题
    US13/153,274|2011-06-03|
    US13/153,274|US8601579B2|2011-06-03|2011-06-03|System and method for preserving references in sandboxes|
    PCT/US2012/037400|WO2012166316A1|2011-06-03|2012-05-10|System and method for preserving references in sandboxes|
    [返回顶部]