CN101208928A - 运行具有低权限的因特网应用程序 - Google Patents

运行具有低权限的因特网应用程序 Download PDF

Info

Publication number
CN101208928A
CN101208928A CNA2006800191854A CN200680019185A CN101208928A CN 101208928 A CN101208928 A CN 101208928A CN A2006800191854 A CNA2006800191854 A CN A2006800191854A CN 200680019185 A CN200680019185 A CN 200680019185A CN 101208928 A CN101208928 A CN 101208928A
Authority
CN
China
Prior art keywords
user
space
internet applications
visit
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006800191854A
Other languages
English (en)
Other versions
CN101208928B (zh
Inventor
R·A·弗兰科
A·P·盖加姆
J·G·贝德沃茨
P·T·伯德瑞特
R·K·托库米
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101208928A publication Critical patent/CN101208928A/zh
Application granted granted Critical
Publication of CN101208928B publication Critical patent/CN101208928B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

在各种实施例中,被配置成以某些方式与因特网交互的应用程序在具有简化特权级别的受限进程中被执行,其中该简化特权级别可以禁止应用程序访问计算设备的各部分(100)。例如,在一些实施例中,受限进程能禁止应用程序对系统的诸如硬盘的计算机可读介质各部分的读和写访问,其中该计算机可读介质包含管理数据和设置信息以及用户数据和设置。在这些实施例中,指定被称“封锁区域”(110)的磁盘的特别部分,并由这一受限进程中的各应用程序使用。

Description

运行具有低权限的因特网应用程序
技术领域
本发明涉及运行具有低权限的因特网应用程序。
背景
许多不同类型的应用程序能够与因特网交互并从因特网获取数据或其他信息。例如,一些应用程序能允许用户下载特定内容,如网页、文件等。与这种交互相关联的各种危险也随着与因特网交互的能力而出现。
例如,通过在应用程序和因特网之间发生的各种互动,通常所说的恶意软件(malware)或间谍软件(spyware)可以被下载到用户系统上并可以有害地影响系统性能,并且也许更重要的是,可以未经允许地安装恶意软件。例如,缓冲区溢出(buffer overrun)和其他安全漏洞能允许恶意软件恶意地进入到用户系统上。
关于影响系统性能,考虑下列各项。在一些例子中,恶意软件可以尝试或可以实际上改变与一特定应用程序或总体上与用户系统关联的安全设置,从而使得恶意篡改更有可能发生。
针对这些和其他安全考虑的背景,软件开发者仍旧经常期望给用户提供一种安全、丰富的体验。
概述
在各种实施例中,被配置成以某些方式与因特网交互的应用程序在具有简化特权级别(reduced privilege level)的受限进程(restricted process)中被执行,其中该简化特权级别可以禁止应用程序访问计算设备的各部分。例如,在一些实施例中,受限进程能禁止应用程序对系统的诸如硬盘的计算机可读介质的部分的读和写访问,其中该计算机可读介质包含管理数据和设置信息以及用户数据和设置。在这些实施例中,指定被称为“封锁区域(containment zone)”的磁盘的特别部分,并由这一受限进程中的应用程序使用。
在其他实施例中,利用一个代理人机制(broker mechanism)并在逻辑上将其插入到应用程序和计算系统的受限部分或封锁区域之间。该代理人机制代理对这些受限部分的访问,并确保用户知晓并且能够批准该应用程序对计算系统的这些受限部分的访问。
在其他实施例中,一个垫层机制(shim mechanism)被用来通常为第三方扩展而把访问重定向到封锁区域。
在其他实施例中,受限进程中的应用程序执行会导致另一应用程序被启动,该另一应用程序在功能上类似于受限的应用程序,然而受到较少限制以便于已经被认为是可信赖的或至少像所期望的那样安全的特定上下文中的用户体验。
附图简述
图1是依照一个实施例的系统的方框图。图2是依照一个实施例的系统的方框图。
图3是描述依照一个实施例的一种方法中的步骤的流程图。
图4是依照一个实施例的系统的方框图。
图5是依照一个实施例的系统的方框图。
图6是依照一个实施例的客户端计算设备的方框图。
详细描述
纵览
在下面所描述的实施例中,被配置成以某些方式与因特网交互的应用程序在具有简化特权级别的受限进程中被执行,其中该简化特权级别可以禁止应用程序访问计算设备的部分。例如,在一些实施例中,受限进程能禁止应用程序对系统的诸如硬盘的计算机可读介质的部分的读和写访问,其中该计算机可读介质包含管理数据和设置信息以及用户数据和设置。在这些实施例中,指定被称“封锁区域”的磁盘的特别部分,并由这一受限进程中的应用程序使用。
在其他实施例中,利用一个代理人机制并在逻辑上将其插入到应用程序和计算系统的受限部分或封锁区域之间。代理人机制代理对这些受限部分的访问,并确保用户知晓并且能够批准该应用程序对计算系统的这些受限部分的访问。
在其他实施例中,一个垫层机制被用来通常为第三方扩展而把访问重定向到封锁区域。
在其他实施例中,受限进程的应用程序执行会导致另一应用程序被启动,该另一应用程序在功能上类似于受限的应用程序,然而受到较少限制以便于已经被认为是可信赖的或至少像所期望的那样安全的特定上下文中的用户体验。
可以结合与因特网交互的任何类型应用程序使用在这一文档中所描述的技术。熟练技术人员将会理解,有很多各种各样的这些类型的应用程序。然而,为提供一个实际的上下文以理解发明实施例,利用以web浏览器应用程序形式的应用程序。然而可以理解,技术可以与其他类型的应用程序一起使用而不会偏离所要求主题的精神和范围。作为例子而非限制,这些其他类型的应用程序包括即时消息客户端、对等客户端、RSS阅读器、电子邮件客户端、字处理客户端等。
限制因特网应用程序以及使用代理人
图1例示依照一个实施例的系统100的高级别视图。在这一实例中,系统100包括可以与因特网交互的web浏览器102的形式的因特网应用程序。系统100也包括包含不同部分或“空间”的诸如硬盘指令的计算机可读介质104,其中该不同部分或“空间”包含不同类型的信息、设置数据等。
在这一实例中,一个部分或空间是包括通常是可由系统管理员访问并操作的信息和数据的管理空间106。这一类型的信息和数据可以包括通常被包含在操作系统文件夹、计算机系统文件夹、永久文件文件夹等中的信息和数据。这一空间通常需要管理员带有适当证书和特权以使其内容能被访问和操作。
另一部分或空间是包括用户信息和数据的用户空间108。这一类型的信息和数据可以包括通常被包含在诸如“我的文档”、“我的音乐”、“桌面”之类的用户可访问文件夹中的信息和数据。这一空间通常与较少的特权关联,以使得访问可被准许。
依照一个实施例,计算机可读介质104包括一个或多个封锁区域110。封锁区域是至少在一些实施例中可由浏览器102直接写入的唯一区域。为了促进这一功能性,提供一个墙(wall)或阻断(blocking)机制112,该机制阻止浏览器102直接地写入管理空间106或用户空间。在至少一些实施例中,封锁区域允许对在各会话之间要被保存到它们不能够污染机器上任何其他应用程序的位置上的受限应用程序进行设置。封锁区域可以包括一些注册表位置和文件文件夹。在web浏览器应用程序的上下文中,封锁区域110可以包括被用来改进网页加载时间和缓存其他类型的数据的临时因特网文件文件夹。
因此,在这一实施例中,具体地定义一个或多个封锁区域并将其指定为诸如web浏览器应用程序的因特网应用程序可以访问的那些计算设备的部分。这不同于基于可能尝试这类访问的特定用户而简单地拒绝对磁盘各部分的访问并允许对其他各部分的访问的方式。相反,在本发明类型的方式中,限制是以应用程序为中心的,而不是必然以用户为中心的。即是说,本发明方式可以被认为是独立于用户的。这一方式有助于确保只有少数(例如,最少)所需要的位置被暴露在封锁区域中,并且这一方式还有助于确保其他应用程序不将设置存储在该封锁区域中。另外,这种以应用程序为中心的方式能使得管理和用户空间两者都不能被该应用程序访问。
因此,在这一点上,墙或阻断机制112在逻辑上被插入到浏览器102和诸如管理和用户空间之类的某些预定义的空间之间,以阻止浏览器直接地访问这类空间。然而,在一些例子中,希望允许应用程序访问管理或用户空间。例如,是系统管理员的用户可能希望合法地操作一些系统设置。另外,常规用户可能希望将一张照片保存到“我的文档”文件夹。
在这一实施例中,利用代理人机制并将其逻辑地插入到应用程序(在这一情况中是浏览器102)和计算系统的受限部分或封锁区域之间。代理人机制代理对这些受限部分的访问,并确保用户知晓并且能够批准该应用程序对计算系统的这些受限部分的访问。
作为例子,考虑图2,其中使用来自图1实施例的类似数字。其中,以代理人对象200、202的形式提供一个代理人机制。在这一实例中,代理人对象200是一个管理空间代理人对象,它代理对管理空间106的访问。另一方面,代理人对象202是一个用户空间代理人对象,它代理对用户空间的访问。该代理人机制能够使用任何合适类型的对象以任何合适方式实现。在一种实现中,每个代理人对象都被实现为DCOM本地服务器对象(DCOM local serverobject)。另外,代理人对象在与浏览器102分隔开的进程中运行,从而提供防止以浏览器102为目标的恶意代码的攻击的某种程度的保护。另外,在至少一种实现中,代理人对象是基于任务的,并且它们的生存期是由它们将要完成的任务所定义的。
在这一实例中,当诸如浏览器102的应用程序希望访问诸如管理或用户空问的特定受限空间时,该应用程序调用该关联代理人对象,该代理人对象随后则检查该应用程序的请求。代理人对象可以出于多个理由检查该请求,其中包括确保它是构造良好的请求,或者检查该应用程序正在下载的文件上的电子签名。一旦请求已检查,代理人对象采取措施来代理对受限空间的访问。
在一些实施例中,这可以包括提示用户确定该用户是否希望以在该要求中所表示的方式来访问该空间。例如,如果用户正在尝试把一张照片保存到他们的“我的文档”文件夹,代理人对象可以通过一个适当的对话框简单地询问用户这是否是该用户的意图。如果得到证实,那么代理人对象可以允许并促进该访问。备选地或附加地,如果用户是管理员并且正在尝试写入管理空间,则代理人对象可以请求管理员输入他们的证书。以这一方式,就能维护对受限空间的访问。在这些例子中,代理人对象执行写入或修改受限空间,以便将该进程从正在发起调用的应用程序提取出来。
因此,墙或阻断机制112和代理人机制200、202一起工作以阻断对磁盘各受限部分的访问,但却不禁止适当场合中对那些部分的访问。
已经探讨了墙或阻断机制以及代理人机制的概念,接下来的讨论只提供如何可以实现阻断机制的一个实例(连同一个备选实例)。应该认识并理解,能够以其他方式实现阻断机制和代理人机制而不会偏离所要求主题的精神和范围。
阻断机制——实现示例
在以下讨论中,在把低权限强加给因特网应用程序的令牌化系统的上下文中描述一个阻断机制。低权限的强加反过来引起该应用程序对诸如管理和用户空间之类的客户端系统的特定部分的访问的限制。在第一实施例中,对不必然被构建成固有地允许这一类型的以应用者为中心的功能性的令牌进行处理,并将其重新配置以实现这一功能性。在第二实施例中,令牌通过所谓的“完整性级别”被构建,以允许上述以应用程序为中心的功能性。
第一实施例——重新配置令牌
在许多系统中,当用户运行或执行应用程序时,该应用程序在用户的上下文中执行。这意味着用户通常拥有约束该应用程序的执行的诸如用户名和用户特权之类的用户数据。更具体地,用户名和特权能由令牌表示且在令牌的上下文中表示。因此,当用户执行应用程序时,该应用程序经由令牌就可知晓并继承诸如用户特权之类的用户上下文的各方面。因此,如果用户是系统管理员,那么关联令牌将会把该用户标识为系统管理员,而且该应用程序会继承该系统管理员特权,而该系统管理员特权反过来允许该应用程序写入上述管理空间。
图3是描述依照一个实施例的令牌处理方法的各步骤的流程图。该方法能够以任何合适的硬件、软件、固件或它们的组合来实现。在一个实施例中,该方法的各方面由一个别合适地配置的应用程序实现,诸如由图1和2中的浏览器应用程序102实现。
步骤300启动一个应用程序,而该应用程序在本示例中是一个诸如以上示出并描述的浏览器之类的web浏览器。当用户启动该应用程序时,与该用户相关联的令牌变得可以由能如上所述从中继承用户特权的该应用程序使用。
步骤302确定用户类型。可以存在不同类型的用户,如管理用户、高级用户(power user)、备份操作员等。步骤304移除与用户类型关联的特权。在所例示的实施例中,该步骤通过有效地操作令牌的数据以移除指示与令牌关联从而移除与用户类型关联的任何特权的标志而得以实现。这一步骤本质上把一个块创建到计算设备的管理空间,诸如图1和2中的管理空间106。
步骤306添加对用户空间的限制。在所例示并描述实施例中,这通过有效地操纵令牌的数据以把用户名从该令牌中移除而得以实现。通过把用户名从令牌中移除,与特定用户相关联的特权也被移除。
然后,步骤308为读/写访问定义一个或多个封锁区域。在这一特定实例中,这一步骤通过用一个特别定义的用户组名称(例如“IEUsersGroup”)来替代所移除的用户名而得以实现。现在,对于一个或多个封锁区域,这些区域是被指定为用于该已特别定义的组名各成员的读/写访问的唯一区域。
因此,在这一点上,任何管理特权已被移除,从而有效阻断管理空间。同样地,用户特权已被移除,从而阻断对用户空间的访问。然而,通过将用户名改变为一特别组名并将该特别组名与一个或多个封锁区域相关联,该应用程序的读/写访问现在就被限制仅为上述的一个或多个封锁区域。
更具体地,如上所述继续行进,步骤310终止与被启动的应用程序相关联的旧进程,并且步骤312用重新配置的令牌为应用程序创建新的进程。
使用这一已被重新配置的令牌,该应用程序将会无法直接地访问管理空间或用户空间。相反,该应用程序将只能够直接地写入封锁区域,并且由于不受(例如,代理人机制的)进一步干预,该应用程序将无法使得数据被写入用户或管理空间。
第二实施例——使用完整性级别
在另一实施例中,通过所谓的“完整性级别”利用并且构建令牌,从而允许上述以应用程序为中心的功能性。即是说,通过被称为强制完整性控件(Mandatory Integrity Control)的进程,与用户相关联的令牌具有不同的完整性级别,诸如可以被设置为“高”、“中”和“低”。同样地,客户端设备上的计算资源具有相关联的完整性级别,并且为了访问资源,该资源必须具有与用户完整性级别相同或更低的完整性级别。
因此,例如,通过将管理和用户空间的完整性级别分别建立为“高”和“中”,将用户的完整性建立为“低”,就能够有效阻断对管理和用户空间的访问。然而,将封锁区域指定为具有“低”级别的完整性就能允许用户通过用户正在使用的任何应用程序来访问该封锁区域。
使用垫层
在至少一些实施例中,诸如在图4的垫层400的垫层机制被用来通常为第三方扩展而把访问重定向到封锁区域。更具体地,在浏览器应用程序的上下文中,可以提供许多不同的第三方扩展,并且这些第三方扩展结合该浏览器或者在该浏览器内运行。例如,Google工具栏是被设计用于在浏览器内运行的扩展的一个实例。
特定扩展通常要求对文件系统或注册表的部分的写入访问,以便正确地工作。例如,Google工具栏可能希望保存特定用户的喜好搜索的列表。然而,若不访问用户空间,这一类型的写入就会被墙或阻断机制112阻断。
依照一个实施例,当应用程序102或关联的第三方组件尝试写入受限空间时,垫层400被配置用以俘获和重定向该调用并将数据写入封锁区域。该应用程序对被重定向到该封锁区域的数据的随后调用由该垫层处理,并从封锁区域检索适当的数据。因此,特定扩展或应用程序想要写入到管理或用户空间的数据被重定向到适当的封锁区域。
这允许第三方扩展继续工作而无须要求重写任何第三方代码。在工作中,第三方扩展相信它正在把数据写入用户或管理空间。然而,通过该垫层机制,这样的数据就被写入封锁区域并从中读取。
启动不受限的应用程序
如上所述,在其他实施例中,受限进程中的应用程序执行会导致另一应用程序被启动,该另一应用程序在功能上类似于受限的应用程序,然而受到较少限制以便于已经被认为是可信赖的或至少像所期望的那样安全的特定上下文中的用户体验。
作为一个更实际的实例,在浏览器上下文中考虑下列各项。假定一个公司用户可以通过他们的客户端计算设备访问因特网和公司内联网。也假定公司内联网是安全的和可信赖的实体。进一步假定用户的计算设备正在执行需要高度兼容性以保持正确运行的若干不同商业应用程序。在像这样和其他的上下文中,当在公司内联网的上下文中执行时,希望能够允许应用程序以不受限方式工作一一即,以不受阻断机制112限制的方式工作。
作为例子,结合下列各项考虑图5。存在应用程序可以尝试在其中运行的特定上下文,而且这些上下文属于已经被定义为是可信赖的或在其他方面带有已经被定义为“安全”的安全性级别的特定区域。在浏览器的示例中,用户可以尝试导航到一个公司内联网或其他安全区域。在这种情况中,受限浏览器102调用代理人机制,而该代理人机制基于应用程序正做出的调用就可实例化不受限浏览器500,其中该用户可以用该不受限浏览器500在他们已经导航至的特定区域中操作。在这一示例中,令牌被创建并被配置成包括与用户相关联的特权(如管理特权,高级用户特权等)以及与用户相关联的用户名,从而向用户提供对用户空间适当部分的访问。
另外,在这一实施例中,以各自在受限和不受限浏览器102和500之间维持隔离的方式来定义封锁区域。具更具体地,回想提供了一种受限浏览器102和其他组件可对其进行读写的按临时因特网文件文件夹形式的封锁区域。然而在本实施例中,如果不受限浏览器500使用这一封锁区域来写入临时因特网文件,则会存在这样的机会,即受限浏览器可以访问这一数据或使用这一封锁区域重叠来尝试恶意地获得对它应该不能访问的计算设备部分的访问。
因此,为解决这一情况和其他情况,定义不同的封锁区域,这些不同封锁区域之一与受限浏览器102相关联,其他的封锁区域与不受限浏览器500相关联并与该受限浏览器隔离开来。在所例示的实例中,封锁区域110a与浏览器102关联,并只能由浏览器102使用。而且,封锁区域110b与不受限浏览器500关联,并只能由浏览器500使用。两个浏览器都不能对其他的关联封锁区域进行读写。由此可观察到墙112向下扩展并阻断从受限浏览器102到封锁区域110b的访问。
在令牌被处理并被重新配置的以上实现中,封锁区域110a被指定为只可以由令牌中所标识的组从中读取并向其写入。因此,在这一令牌的上下文中执行的应用程序不能够访问封锁区域110b。
示例性的使用场景
下列使用场景提供在web浏览器的上下文中如何利用上述发明各实施例的一些附加例子。
首先考虑一个实例,其中发明各实施例可以被用来保护用户。假定用户Abby访问一个利用浏览器中的缓冲区溢出来安装一个控件的网站。在这里,Abby导航到使用浏览器中的缓冲区溢出漏洞来将本地代码注入到进程空间中的页面。本地代码将一个动态链接库(DLL)下载到她的机器上的文件夹中,并尝试通过在注册表中创建条目来注册为由该浏览器加载的ActiveX控件。然而这里因为浏览器不被允许写入到注册表,该操作失败。然后Abby接收到一个通知,继续安全地浏览。
作为另一实例,假定用户Abby访问一个使用她已经安装的控件来尝试盖写系统的网站。在这里,Abby导航到包含已经安装的ActiveX控件的页面。该控件尝试盖写她的系统文件夹中的一个DLL。然而在这里,该操作被拒绝,Abby接收到一个告知她该页面尝试执行一个特许操作的通知。然后她继续安全地浏览。
现在考虑一个其中发明各实施例能被用来维持Abby的系统的兼容性的实例。这里,假定Abby从一个网站升级她的视频驱动程序。Abby导航到该网站并点击对driver.exe文件的链接。该文件被下载,并且可执行的安装代理人(也就是代理人机制)提示Abby以确认她信赖该可执行(文件)并希望安装之。如果经Abby批准,安装成功地完成,Abby继续安全地浏览。
现在假定Abby访问她的收藏夹网站。已经添加一个新的菜单控件,因此浏览器需要安装该控件。提示Abby,询问她是否信赖该控件并授权该安装。如果被批准,安装该控件,Abby继续导航至该网站并安全地浏览。
示例性的计算系统
图6示出具有可以被用来实现上述一个或多个实施例的组件的示例性计算机系统。
计算机系统630包括一个或多个处理器或处理单元632、系统存储器634和将包括系统存储器634在内的各种系统组件耦合到处理器632的总线636。总线636代表多种类型的总线结构中的任何一个或多种,包括存储器总线或存储器控制器、外围总线、加速图形端口,以及处理器或使用各种总线体系结构中的任何一种的局部总线。系统存储器634包括只读存储器(ROM)638和随机存存取储存器(RAM)640。基本输入/输出系统(BIOS)642存储在ROM 638中,它包含比如在启动过程中帮助在计算机630内的元件之间传输信息的基本例程。
计算机630进一步包括用于从硬盘(未示出)读取和向其写入的硬盘驱动器644、用于从可移动磁盘648读取和向其中写入的磁盘驱动器646、用于从诸如CD ROM或其他光学介质的可移动光盘652读取和向其写入的光盘驱动器650。硬盘驱动器644、磁盘驱动器646和光盘驱动器650由SCSI接口654或其他适当的接口连接到总线636。驱动器及其相关的计算机可读介质为计算机630提供计算机可读指令、数据结构、程序模块和其他数据的非易失性存储。尽管在此描述的示例性环境使用硬盘、可移动磁盘648和可移动光盘652,但本领域中的技术人员应该明白,可以存储计算机可访问数据的其他类型计算机可读介质,如盒式磁带、闪存卡、数字视频盘、随机存取存储器(RAM)、只读存储器(ROM)等等,也可以用于该示例性操作环境。
一些程序模块可以被存储在硬盘644、磁盘648、光盘652、ROM 638或RAM 640中,包括操作系统658、一个或多个应用程序660、其他程序模块662和程序数据664。用户可以通过诸如键盘666的输入设备和定位设备668向计算机630输入命令和信息。其他输入设备(未示出)可以包括话筒、操纵杆、游戏垫、圆盘式卫星天线、扫描仪等等。这些和其他输入设备通过一个被耦合到总线636的接口670被连接到处理单元632。监视器672或其他类型的显示设备也经由诸如视频适配器674的接口被连接到总线636。除了监视器之外,个人计算机通常包括其他的外围输出设备(未示出),如扬声器和打印机。
计算机630通常运行在使用到诸如远程计算设备676的一个或多个远程计算机的逻辑连接的网络化的环境中。远程计算机676可以是另一个人计算机、服务器、路由器、网络PC、对等设备或其他公共网络节点,并且一般包括与计算机630相关的许多或所有上述元件,尽管图6中仅例示了存储器存储设备678。在图6中所描述的逻辑连接包括局域网(LAN)680和广域网(WAN)682。这种网络环境常见于办公室、企业范围的计算机网络、企业内联网和因特网。
当用于LAN网络环境时,计算机630通过网络接口或适配器684连接到局域网680。当用于WAN网络环境时,计算机630通常包括调制解调器686或其他用于在诸如因特网的广域网682上建立通信的装置。可以内置或外置的调制解调器686经由串行端口接口656连接到总线636。在网络化环境中,所述与个人计算机630相关的程序模块或其部分可以被存储在远程存储器设备内。应该明白,所示出的网络连接是示例性的,并且可以使用在计算机之间建立通信链路的其他方式。
一般地,计算机630的数据处理器通过在不同时间存储在计算机上的各种计算机可读存储介质中的指令来编程。程序和操作系统通常是分布式的,例如,分布在软盘或CD-ROM上。从那里,它们被安装或加载到计算机的辅助存储器中。在执行时,它们被至少部分地加载到计算机的主要电子存储器中。当这类介质包含用于与微处理器或其他数据处理器一起实现下面描述的步骤的指令或程序时,此处描述的本发明包括这些和其他各种类型的计算机可读存储介质。当根据下面描述的方法和技术进行编程时,本发明也包括计算机本身。
尽管认识到应用程序和诸如操作系统的其他可执行程序组件在不同的时刻驻留于计算机的不同存储组件中并由计算机的数据处理器执行,但为了进行例示,此类程序和组件被例示成离散的块。
结论
上面所描述的实施例能减少与可以访问因特网的应用程序相关联的安全风险,同时仍向用户提供安全、丰富的体验。
尽管已经用结构特征和/或方法步骤的特有语言对本发明进行了描述,但应该明白,在所附权利要求书中定义的本发明,并不一定限于所描述的特定功能或步骤。相反,具体的特征和动作只是作为实现所要求的发明的示例性形式而揭示的。

Claims (20)

1.一种计算机实现方法,包括:
提供阻断机制,所述阻断机制被配置用以阻断因特网应用程序对在其上执行所述因特网应用程序的客户端计算设备的已定义空间的访问;以及
定义至少一个所述因特网应用程序将在其中写入和读取数据的封锁区域。
2.如权利要求1所述的方法,其特征在于,所述已定义空间包括所述客户端计算设备的管理空间和用户空间。
3.如权利要求1所述的方法,其特征在于,所述阻断机制被配置用以按独立于用户的方式来阻断访问。
4.如权利要求1所述的方法,进一步包括逻辑地将代理人机制插入到所述因特网应用程序和所述已定义空间之间,以代理对所述已定义空间的访问。
5.如权利要求4所述的方法,其特征在于,所述代理人机制包括单独的代理人对象,所述单独的代理人对象中的每一个都与一个不同的已定义空间相关联。
6.如权利要求5所述的方法,其特征在于,一个已定义空间包括用户空间,并且一个已定义空间包括管理空间。
7.如权利要求4所述的方法,其特征在于,所述代理人机制被配置用以使得用户能够批准对关联已定义空间的访问。
8.如权利要求1所述的方法,其特征在于,提供阻断机制的所述动作通过重新配置与所述因特网应用程序的用户相关联的令牌来执行。
9.如权利要求1所述的方法,其特征在于,提供阻断机制的所述动作通过在与所述因特网应用程序的用户相关联的令牌上设置完整性级别来执行。
10.如权利要求1所述的方法,进一步包括使用垫层把到已定义空间的所尝试的访问重定向到封锁区域。
11.如权利要求1所述的方法,其特征在于,所述因特网应用程序包括web浏览器应用程序。
12.如权利要求1所述的方法,其特征在于,还包括,作为用户和所述因特网应用程序交互的结果,启动不被阻断机制阻断的且使用与所述至少一个封锁区域隔离的封锁区域的不同的因特网应用程序。
13.一种计算机实现方法,包括:
提供基于令牌的阻断机制,所述阻断机制被配置用以阻断因特网应用程序对在其上执行所述因特网应用程序的客户端计算设备的至少管理和用户空间的访问;
定义至少一个所述因特网应用程序将在其中写入和读取数据的封锁区域;
逻辑地把管理代理人对象插入到所述因特网应用程序和所述管理空间之间,以代理对所述管理空间的访问;以及
逻辑地把用户空间代理人对象插入到所述因特网应用程序和所述用户空间之间,以代理对所述用户空间的访问。
14.如权利要求13所述的方法,其特征在于,所述代理人对象被配置用以使得用户能够批准对关联已定义空间的访问。
15.如权利要求14所述的方法,其特征在于,所述管理代理人对象被配置用以提醒管理用户输入关联证书以访问所述管理空间。
16.如权利要求13所述的方法,其特征在于,提供基于令牌的阻断机制的所述动作包括:
从与所述因特网应用程序的用户相关联的令牌中移除特权;以及
在所述令牌上添加对所述用户空间的访问限制。
17.如权利要求16所述的方法,其特征在于,添加限制的所述动作包括:
从所述令牌中移除用户名;以及
其中定义至少一个封锁区域的所述动作通过用组名来替代所述被移除的用户名来执行,其中所述组名将所述至少一个封锁区域指定为用于所述组名各成员的读/写访问的唯一区域。
18.如权利要求13所述的方法,其特征在于,提供基于令牌的阻断机制的所述动作包括在关联令牌上设置完整性级别。
19.如权利要求13所述的方法,其特征在于,所述因特网应用程序包括web浏览器应用程序。
20.如权利要求13所述的方法,其特征在于,还包括,作为用户和所述因特网应用程序交互的结果,启动不被阻断机制阻断的且使用与所述至少一个封锁区域隔离的一个封锁区域的不同的因特网应用程序。
CN2006800191854A 2005-06-03 2006-05-12 运行具有低权限的因特网应用程序 Active CN101208928B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/145,530 US8078740B2 (en) 2005-06-03 2005-06-03 Running internet applications with low rights
US11/145,530 2005-06-03
PCT/US2006/018752 WO2006132765A2 (en) 2005-06-03 2006-05-12 Running internet applications with low rights

Publications (2)

Publication Number Publication Date
CN101208928A true CN101208928A (zh) 2008-06-25
CN101208928B CN101208928B (zh) 2011-06-29

Family

ID=37495375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006800191854A Active CN101208928B (zh) 2005-06-03 2006-05-12 运行具有低权限的因特网应用程序

Country Status (5)

Country Link
US (3) US8078740B2 (zh)
KR (1) KR101242312B1 (zh)
CN (1) CN101208928B (zh)
HK (1) HK1119321A1 (zh)
WO (1) WO2006132765A2 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102073598A (zh) * 2010-12-28 2011-05-25 北京深思洛克软件技术股份有限公司 一种实现磁盘数据安全保护的方法及装置
CN101751287B (zh) * 2008-12-03 2013-01-09 北京天融信科技有限公司 在Windows下不受用户权限限制执行操作的方法
CN106126350A (zh) * 2009-11-27 2016-11-16 谷歌公司 客户端‑服务器输入法编辑器体系结构

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US8078740B2 (en) * 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US8245270B2 (en) 2005-09-01 2012-08-14 Microsoft Corporation Resource based dynamic security authorization
US8490168B1 (en) * 2005-10-12 2013-07-16 At&T Intellectual Property I, L.P. Method for authenticating a user within a multiple website environment to provide secure access
US9573067B2 (en) * 2005-10-14 2017-02-21 Microsoft Technology Licensing, Llc Mass storage in gaming handhelds
US8250082B2 (en) 2006-06-23 2012-08-21 Microsoft Corporation Cross domain communication
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US8856782B2 (en) 2007-03-01 2014-10-07 George Mason Research Foundation, Inc. On-demand disposable virtual work system
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US8621495B2 (en) 2008-01-18 2013-12-31 Microsoft Corporation Methods and apparatus for securing frames from other frames
US8635701B2 (en) * 2008-03-02 2014-01-21 Yahoo! Inc. Secure browser-based applications
US9418219B2 (en) * 2008-04-11 2016-08-16 Microsoft Technology Licensing, Llc Inter-process message security
US8522200B2 (en) * 2008-08-28 2013-08-27 Microsoft Corporation Detouring in scripting systems
US9098698B2 (en) 2008-09-12 2015-08-04 George Mason Research Foundation, Inc. Methods and apparatus for application isolation
US8745213B2 (en) 2008-12-19 2014-06-03 Openpeak Inc. Managed services platform and method of operation of same
US8612582B2 (en) 2008-12-19 2013-12-17 Openpeak Inc. Managed services portals and method of operation of same
US8615581B2 (en) 2008-12-19 2013-12-24 Openpeak Inc. System for managing devices and method of operation of same
US20100157990A1 (en) * 2008-12-19 2010-06-24 Openpeak, Inc. Systems for providing telephony and digital media services
US8788655B2 (en) 2008-12-19 2014-07-22 Openpeak Inc. Systems for accepting and approving applications and methods of operation of same
US8856322B2 (en) 2008-12-19 2014-10-07 Openpeak Inc. Supervisory portal systems and methods of operation of same
US8650290B2 (en) 2008-12-19 2014-02-11 Openpeak Inc. Portable computing device and method of operation of same
US8713173B2 (en) 2008-12-19 2014-04-29 Openpeak Inc. System and method for ensuring compliance with organizational policies
US20100180330A1 (en) * 2009-01-09 2010-07-15 Microsoft Corporation Securing Communications for Web Mashups
CN102282565B (zh) * 2009-01-19 2016-08-03 皇家飞利浦电子股份有限公司 用于隐私保护的具有双脚本引擎的浏览器
US8601465B2 (en) * 2009-09-08 2013-12-03 Abbott Diabetes Care Inc. Methods and articles of manufacture for hosting a safety critical application on an uncontrolled data processing device
US8839422B2 (en) 2009-06-30 2014-09-16 George Mason Research Foundation, Inc. Virtual browsing environment
US8613059B2 (en) 2009-12-18 2013-12-17 At&T Intellectual Property I, L.P. Methods, systems and computer program products for secure access to information
US8732797B2 (en) 2010-08-31 2014-05-20 Microsoft Corporation Host usability and security via an isolated environment
US20120066223A1 (en) * 2010-09-13 2012-03-15 Openpeak Inc. Method and computing device for creating distinct user spaces
US8650658B2 (en) 2010-10-25 2014-02-11 Openpeak Inc. Creating distinct user spaces through user identifiers
US20120304283A1 (en) * 2011-05-27 2012-11-29 Microsoft Corporation Brokered item access for isolated applications
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
WO2013082437A1 (en) 2011-12-02 2013-06-06 Invincia, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
US9174118B1 (en) 2012-08-20 2015-11-03 Kabum, Inc. System and method for detecting game client modification through script injection
US9436838B2 (en) * 2012-12-20 2016-09-06 Intel Corporation Secure local web application data manager
JP6147139B2 (ja) * 2013-08-23 2017-06-14 キヤノン株式会社 情報処理装置、その制御方法、及びコンピュータプログラム
US9100390B1 (en) 2014-09-05 2015-08-04 Openpeak Inc. Method and system for enrolling and authenticating computing devices for data usage accounting
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US10037422B2 (en) * 2015-01-21 2018-07-31 Open Text Sa Ulc Systems and methods for integrating with a native component using a network interface
US10375111B2 (en) 2016-11-12 2019-08-06 Microsoft Technology Licensing, Llc Anonymous containers
JP2018198000A (ja) * 2017-05-24 2018-12-13 富士通株式会社 監視プログラム、監視方法および情報処理装置

Family Cites Families (329)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4227253A (en) 1977-12-05 1980-10-07 International Business Machines Corporation Cryptographic communication security for multiple domain networks
US5210874A (en) 1988-03-22 1993-05-11 Digital Equipment Corporation Cross-domain call system in a capability based digital data processing system
US4984272A (en) 1988-11-30 1991-01-08 At&T Bell Laboratories Secure file handling in a computer operating system
US5428529A (en) 1990-06-29 1995-06-27 International Business Machines Corporation Structured document tags invoking specialized functions
US5339422A (en) 1991-03-07 1994-08-16 Digital Equipment Corporation System and method for jacketing cross-domain calls in a multi-code execution and debugging system within a multi-architecture environment
US6850252B1 (en) 1999-10-05 2005-02-01 Steven M. Hoffberg Intelligent electronic appliance system and method
US5675762A (en) 1992-04-03 1997-10-07 International Business Machines Corporation System for locking down part of portion of memory and updating page directory with entry corresponding to part of portion of the memory locked down
JP3305769B2 (ja) 1992-09-18 2002-07-24 株式会社東芝 通信装置
US5623604A (en) 1992-11-18 1997-04-22 Canon Information Systems, Inc. Method and apparatus for remotely altering programmable firmware stored in an interactive network board coupled to a network peripheral
DE69505717T2 (de) 1994-03-08 1999-06-24 Digital Equipment Corp Verfahren und Vorrichtung zur Feststellung und Durchführung von kreuzweisen Unterprogrammanrufen
US5729710A (en) 1994-06-22 1998-03-17 International Business Machines Corporation Method and apparatus for management of mapped and unmapped regions of memory in a microkernel data processing system
US5771383A (en) 1994-12-27 1998-06-23 International Business Machines Corp. Shared memory support method and apparatus for a microkernel data processing system
US5659539A (en) 1995-07-14 1997-08-19 Oracle Corporation Method and apparatus for frame accurate access of digital audio-visual information
US5812394A (en) 1995-07-21 1998-09-22 Control Systems International Object-oriented computer program, system, and method for developing control schemes for facilities
US5941947A (en) 1995-08-18 1999-08-24 Microsoft Corporation System and method for controlling access to data entities in a computer network
US5799090A (en) 1995-09-25 1998-08-25 Angert; Joseph C. pad encryption method and software
US5760767A (en) 1995-10-26 1998-06-02 Sony Corporation Method and apparatus for displaying in and out points during video editing
US20020002562A1 (en) 1995-11-03 2002-01-03 Thomas P. Moran Computer controlled display system using a graphical replay device to control playback of temporal data representing collaborative activities
US6553410B2 (en) 1996-02-27 2003-04-22 Inpro Licensing Sarl Tailoring data and transmission protocol for efficient interactive data transactions over wide-area networks
US6076109A (en) 1996-04-10 2000-06-13 Lextron, Systems, Inc. Simplified-file hyper text protocol
US5758093A (en) 1996-03-29 1998-05-26 International Business Machine Corp. Method and system for a multimedia application development sequence editor using time event specifiers
US5852435A (en) 1996-04-12 1998-12-22 Avid Technology, Inc. Digital multimedia editing and data management system
US6263442B1 (en) 1996-05-30 2001-07-17 Sun Microsystems, Inc. System and method for securing a program's execution in a network environment
US7185210B1 (en) 1996-06-24 2007-02-27 Sun Microsystems, Inc. Policy abstraction mechanism
US6154844A (en) 1996-11-08 2000-11-28 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US6167520A (en) 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
US6006228A (en) 1996-12-11 1999-12-21 Ncr Corporation Assigning security levels to particular documents on a document by document basis in a database
US5949882A (en) * 1996-12-13 1999-09-07 Compaq Computer Corporation Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US5987611A (en) 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6029245A (en) 1997-03-25 2000-02-22 International Business Machines Corporation Dynamic assignment of security parameters to web pages
US5974549A (en) 1997-03-27 1999-10-26 Soliton Ltd. Security monitor
US6266681B1 (en) 1997-04-08 2001-07-24 Network Commerce Inc. Method and system for inserting code to conditionally incorporate a user interface component in an HTML document
US5987523A (en) 1997-06-04 1999-11-16 International Business Machines Corporation Applet redirection for controlled access to non-orginating hosts
US6701376B1 (en) 1997-06-19 2004-03-02 International Business Machines Corporation Web server enabling browser access to HTML and Non-HTML documents
US5995945A (en) 1997-08-25 1999-11-30 I2 Technologies, Inc. System and process for inter-domain planning analysis and optimization using model agents as partial replicas of remote domains
US5931900A (en) 1997-08-25 1999-08-03 I2 Technologies, Inc. System and process for inter-domain interaction across an inter-domain connectivity plane
US6275938B1 (en) 1997-08-28 2001-08-14 Microsoft Corporation Security enhancement for untrusted executable code
US5983348A (en) 1997-09-10 1999-11-09 Trend Micro Incorporated Computer network malicious code scanner
US6158007A (en) 1997-09-17 2000-12-05 Jahanshah Moreh Security system for event based middleware
US8225408B2 (en) 1997-11-06 2012-07-17 Finjan, Inc. Method and system for adaptive rule-based content scanners
US6275937B1 (en) 1997-11-06 2001-08-14 International Business Machines Corporation Collaborative server processing of content and meta-information with application to virus checking in a server network
EP0926605A1 (en) 1997-11-19 1999-06-30 Hewlett-Packard Company Browser system
IL123512A0 (en) * 1998-03-02 1999-03-12 Security 7 Software Ltd Method and agent for the protection against hostile resource use access
US6457130B2 (en) 1998-03-03 2002-09-24 Network Appliance, Inc. File access control in a multi-protocol file server
US6385301B1 (en) 1998-03-26 2002-05-07 Bell Atlantic Services Network, Inc. Data preparation for traffic track usage measurement
US6345361B1 (en) 1998-04-06 2002-02-05 Microsoft Corporation Directional set operations for permission based security in a computer system
US6366912B1 (en) 1998-04-06 2002-04-02 Microsoft Corporation Network security zones
EP0993631B1 (en) 1998-05-06 2009-07-22 Sun Microsystems, Inc. Processing apparatus and method
US6253326B1 (en) 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications
US20020049818A1 (en) 1998-05-29 2002-04-25 Gilhuly Barry J. System and method for pushing encrypted information between a host system and a mobile data communication device
US6505300B2 (en) * 1998-06-12 2003-01-07 Microsoft Corporation Method and system for secure running of untrusted content
US6279111B1 (en) * 1998-06-12 2001-08-21 Microsoft Corporation Security model using restricted tokens
US6311269B2 (en) 1998-06-15 2001-10-30 Lockheed Martin Corporation Trusted services broker for web page fine-grained security labeling
US6182142B1 (en) 1998-07-10 2001-01-30 Encommerce, Inc. Distributed access management of information resources
US6321334B1 (en) 1998-07-15 2001-11-20 Microsoft Corporation Administering permissions associated with a security zone in a computer system security model
US6473800B1 (en) 1998-07-15 2002-10-29 Microsoft Corporation Declarative permission requests in a computer system
US6343362B1 (en) 1998-09-01 2002-01-29 Networks Associates, Inc. System and method providing custom attack simulation language for testing networks
US6041309A (en) 1998-09-25 2000-03-21 Oneclip.Com, Incorporated Method of and system for distributing and redeeming electronic coupons
US6598046B1 (en) 1998-09-29 2003-07-22 Qwest Communications International Inc. System and method for retrieving documents responsive to a given user's role and scenario
US6754702B1 (en) 1998-10-02 2004-06-22 Nortel Networks, Ltd. Custom administrator views of management objects
US6691230B1 (en) 1998-10-15 2004-02-10 International Business Machines Corporation Method and system for extending Java applets sand box with public client storage
US7010681B1 (en) 1999-01-29 2006-03-07 International Business Machines Corporation Method, system and apparatus for selecting encryption levels based on policy profiling
US6460079B1 (en) 1999-03-04 2002-10-01 Nielsen Media Research, Inc. Method and system for the discovery of cookies and other client information
US6212640B1 (en) 1999-03-25 2001-04-03 Sun Microsystems, Inc. Resources sharing on the internet via the HTTP
US6553393B1 (en) 1999-04-26 2003-04-22 International Business Machines Coporation Method for prefetching external resources to embedded objects in a markup language data stream
US6629246B1 (en) 1999-04-28 2003-09-30 Sun Microsystems, Inc. Single sign-on for a network system that includes multiple separately-controlled restricted access resources
US6546546B1 (en) 1999-05-19 2003-04-08 International Business Machines Corporation Integrating operating systems and run-time systems
US6662341B1 (en) 1999-05-20 2003-12-09 Microsoft Corporation Method and apparatus for writing a windows application in HTML
US6820261B1 (en) 1999-07-14 2004-11-16 Sun Microsystems, Inc. Inheritable thread-local storage
US6519647B1 (en) 1999-07-23 2003-02-11 Microsoft Corporation Methods and apparatus for synchronizing access control in a web server
US6601233B1 (en) 1999-07-30 2003-07-29 Accenture Llp Business components framework
US6526513B1 (en) 1999-08-03 2003-02-25 International Business Machines Corporation Architecture for dynamic permissions in java
US6609198B1 (en) 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6339423B1 (en) 1999-08-23 2002-01-15 Entrust, Inc. Multi-domain access control
US6691153B1 (en) 1999-08-30 2004-02-10 Zaplet, Inc. Method and system for process interaction among a group
GB2354350B (en) 1999-09-17 2004-03-24 Mitel Corp Policy representations and mechanisms for the control of software
US6931532B1 (en) 1999-10-21 2005-08-16 International Business Machines Corporation Selective data encryption using style sheet processing
US6978367B1 (en) 1999-10-21 2005-12-20 International Business Machines Corporation Selective data encryption using style sheet processing for decryption by a client proxy
US6941459B1 (en) 1999-10-21 2005-09-06 International Business Machines Corporation Selective data encryption using style sheet processing for decryption by a key recovery agent
US6961849B1 (en) 1999-10-21 2005-11-01 International Business Machines Corporation Selective data encryption using style sheet processing for decryption by a group clerk
US6430561B1 (en) 1999-10-29 2002-08-06 International Business Machines Corporation Security policy for protection of files on a storage device
US7051368B1 (en) 1999-11-09 2006-05-23 Microsoft Corporation Methods and systems for screening input strings intended for use by web servers
US6724406B1 (en) 1999-11-10 2004-04-20 International Business Machines Corporation Method of controlling web applications from redirecting a client to another web address
US6792113B1 (en) 1999-12-20 2004-09-14 Microsoft Corporation Adaptable security mechanism for preventing unauthorized access of digital data
JP2001184344A (ja) 1999-12-21 2001-07-06 Internatl Business Mach Corp <Ibm> 情報処理システム、プロキシサーバ、ウェブページ表示制御方法、記憶媒体、及びプログラム伝送装置
US6629081B1 (en) 1999-12-22 2003-09-30 Accenture Llp Account settlement and financing in an e-commerce environment
KR100319256B1 (ko) 1999-12-30 2002-01-05 서평원 통신 프로토콜 운용 방법
US20010043237A1 (en) 1999-12-30 2001-11-22 Schmieder Robert William Method and system for distributing simulated physical objects and systems in a networked environment
US6748425B1 (en) 2000-01-04 2004-06-08 International Business Machines Corporation System and method for browser creation and maintenance of forms
US6772393B1 (en) 2000-01-04 2004-08-03 International Business Machines Corporation System and method for room decoration and inheritance
US6728762B1 (en) 2000-01-04 2004-04-27 International Business Machines Corporation System and method for browser definition of workflow documents
US6594664B1 (en) 2000-01-04 2003-07-15 International Business Machines Corporation System and method for online/offline uninterrupted updating of rooms in collaboration space
US6636889B1 (en) 2000-01-04 2003-10-21 International Business Machines Corporation System and method for client replication of collaboration space
US6934757B1 (en) 2000-01-06 2005-08-23 International Business Machines Corporation Method and system for cross-domain service invocation using a single data handle associated with the stored common data and invocation-specific data
US7143439B2 (en) 2000-01-07 2006-11-28 Security, Inc. Efficient evaluation of rules
US6779120B1 (en) 2000-01-07 2004-08-17 Securify, Inc. Declarative language for specifying a security policy
US6584186B1 (en) 2000-01-12 2003-06-24 Lucent Technologies Inc. Protecting communications network integrity
US7085995B2 (en) 2000-01-26 2006-08-01 Sony Corporation Information processing apparatus and processing method and program storage medium
US6711675B1 (en) 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
US7188363B1 (en) 2000-02-14 2007-03-06 Cisco Technology, Inc. Method and apparatus for adding and updating protocol inspection knowledge to firewall processing during runtime
WO2001065330A2 (en) 2000-03-03 2001-09-07 Sanctum Ltd. System for determining web application vulnerabilities
JP2001282603A (ja) 2000-03-29 2001-10-12 Toshihiro Wakayama 情報コンテンツの連携管理システム
US6591265B1 (en) 2000-04-03 2003-07-08 International Business Machines Corporation Dynamic behavior-based access control system and method
US6671802B1 (en) 2000-04-13 2003-12-30 Hewlett-Packard Development Company, L.P. Performance optimization of computer system by dynamically and immediately updating a configuration setting based on detected change in preferred use
US7376835B2 (en) 2000-04-25 2008-05-20 Secure Data In Motion, Inc. Implementing nonrepudiation and audit using authentication assertions and key servers
US6799208B1 (en) 2000-05-02 2004-09-28 Microsoft Corporation Resource manager architecture
US7003734B1 (en) 2000-05-05 2006-02-21 Point Roll, Inc. Method and system for creating and displaying images including pop-up images on a visual display
US7577834B1 (en) 2000-05-09 2009-08-18 Sun Microsystems, Inc. Message authentication using message gates in a distributed computing environment
US20020129239A1 (en) 2000-05-09 2002-09-12 Clark Paul C. System for secure communication between domains
US6898618B1 (en) 2000-05-09 2005-05-24 Sun Microsystems, Inc. Client-specified display services in a distributed computing environment
US6516308B1 (en) 2000-05-10 2003-02-04 At&T Corp. Method and apparatus for extracting data from data sources on a network
JP2001325249A (ja) 2000-05-12 2001-11-22 Fuji Xerox Co Ltd 文書提供装置及びシステム
US20050154885A1 (en) 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US7032023B1 (en) 2000-05-16 2006-04-18 America Online, Inc. Throttling electronic communications from one or more senders
US7475404B2 (en) 2000-05-18 2009-01-06 Maquis Techtrix Llc System and method for implementing click-through for browser executed software including ad proxy and proxy cookie caching
US20040034794A1 (en) 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US9213836B2 (en) 2000-05-28 2015-12-15 Barhon Mayer, Batya System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
US7478434B1 (en) 2000-05-31 2009-01-13 International Business Machines Corporation Authentication and authorization protocol for secure web-based access to a protected resource
US20010049671A1 (en) 2000-06-05 2001-12-06 Joerg Werner B. e-Stract: a process for knowledge-based retrieval of electronic information
US7051366B1 (en) 2000-06-21 2006-05-23 Microsoft Corporation Evidence-based security policy manager
AU7182701A (en) 2000-07-06 2002-01-21 David Paul Felsher Information record infrastructure, system and method
US7194764B2 (en) 2000-07-10 2007-03-20 Oracle International Corporation User authentication
FR2811782B1 (fr) 2000-07-12 2003-09-26 Jaxo Europ Systeme de conversion de documents a structure arborescente par parcours selectif de ladite structure
US7350204B2 (en) * 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
US6686932B2 (en) 2001-03-28 2004-02-03 International Business Machines Corporation System and method for sharing data across frames using environment variables
US6772167B1 (en) 2000-09-07 2004-08-03 International Business Machines Corporation System and method for providing a role table GUI via company group
US6801224B1 (en) 2000-09-14 2004-10-05 International Business Machines Corporation Method, system, and program for generating a graphical user interface window for an application program
US7000107B2 (en) 2000-09-30 2006-02-14 Microsoft Corporation System and method for using dynamic web components to remotely control the security state of web pages
SE518491C2 (sv) 2000-10-12 2002-10-15 Abb Ab Datorbaserat system och metod för behörighetskontroll av objekt
US7093193B1 (en) 2000-10-30 2006-08-15 Microsoft Corporation String template pages for generating HTML document
GB0027280D0 (en) 2000-11-08 2000-12-27 Malcolm Peter An information management system
WO2002039281A1 (en) 2000-11-10 2002-05-16 Sri International Cross-domain access control
US20040047347A1 (en) 2000-11-13 2004-03-11 Michael Worry Method, system and apparatus for reprogramming a digital electronic device via a computer network
US7191252B2 (en) 2000-11-13 2007-03-13 Digital Doors, Inc. Data security system and method adjunct to e-mail, browser or telecom program
US6941562B2 (en) 2000-12-01 2005-09-06 Appeon Corporation Method of <script> based remote JavaScript function call of web page
WO2002046893A1 (en) 2000-12-04 2002-06-13 Kent Ridge Digital Labs A method and apparatus for providing xml document encryption
US20020073197A1 (en) 2000-12-11 2002-06-13 Ibm Corporation Method and apparatus for customizing performance of a browser for a given network connection
EP1225513A1 (en) 2001-01-19 2002-07-24 Eyal Dotan Method for protecting computer programs and data from hostile code
US20020178375A1 (en) 2001-01-31 2002-11-28 Harris Corporation Method and system for protecting against malicious mobile code
US20020107889A1 (en) 2001-02-08 2002-08-08 Tilion Corporation Markup language routing and administration
EP1233333A1 (en) 2001-02-19 2002-08-21 Hewlett-Packard Company Process for executing a downloadable service receiving restrictive access rights to al least one profile file
JP2002259150A (ja) 2001-03-05 2002-09-13 Fujitsu Prime Software Technologies Ltd ワクチンソフト提供方法及びプログラム
CN1304967C (zh) 2001-03-22 2007-03-14 郑明真 一种管理和分类通过电脑网络接收电子邮件的方法
US20030037261A1 (en) 2001-03-26 2003-02-20 Ilumin Corporation Secured content delivery system and method
US6959336B2 (en) 2001-04-07 2005-10-25 Secure Data In Motion, Inc. Method and system of federated authentication service for interacting between agent and client and communicating with other components of the system to choose an appropriate mechanism for the subject from among the plurality of authentication mechanisms wherein the subject is selected from humans, client applications and applets
WO2002084484A2 (en) 2001-04-18 2002-10-24 Domosys Corporation Method of remotely upgrading firmware in field-deployed devices
IL142815A (en) 2001-04-25 2010-06-16 Gal Trifon A method for dynamically changing one web page to another web page
US7096367B2 (en) 2001-05-04 2006-08-22 Microsoft Corporation System and methods for caching in connection with authorization in a computer system
US20030051142A1 (en) 2001-05-16 2003-03-13 Hidalgo Lluis Mora Firewalls for providing security in HTTP networks and applications
US20020184520A1 (en) * 2001-05-30 2002-12-05 Bush William R. Method and apparatus for a secure virtual machine
US6898705B2 (en) 2001-05-31 2005-05-24 International Business Machines Corporation Automatic appliance server re-provision/re-purposing method
US7640434B2 (en) 2001-05-31 2009-12-29 Trend Micro, Inc. Identification of undesirable content in responses sent in reply to a user request for content
EP1394762B1 (en) 2001-06-06 2011-10-26 Sony Corporation Advertisement insert apparatus and advertisement insert method and storage medium
US7392546B2 (en) 2001-06-11 2008-06-24 Bea Systems, Inc. System and method for server security and entitlement processing
US7290266B2 (en) 2001-06-14 2007-10-30 Cisco Technology, Inc. Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy
US7200599B2 (en) 2001-06-21 2007-04-03 Microsoft Corporation Automated generator of input-validation filters
US20060020538A1 (en) 2001-06-28 2006-01-26 Pranil Ram Tabs based drag and drop graphical trading interface
US7085286B2 (en) 2001-06-29 2006-08-01 International Business Machines Corporation Stateful business-to-business protocol exchange
US7546629B2 (en) 2002-03-06 2009-06-09 Check Point Software Technologies, Inc. System and methodology for security policy arbitration
US7188143B2 (en) 2001-07-06 2007-03-06 Yahoo! Inc. Messenger-controlled applications in an instant messaging environment
WO2003007186A2 (en) 2001-07-09 2003-01-23 Ad4Ever Inc. Method and system for allowing cross-communication between first and second areas of a primary web page
US20030014659A1 (en) 2001-07-16 2003-01-16 Koninklijke Philips Electronics N.V. Personalized filter for Web browsing
GB0117429D0 (en) 2001-07-17 2001-09-12 Trustis Ltd Trust management
GB2378010A (en) 2001-07-27 2003-01-29 Hewlett Packard Co Mulit-Domain authorisation and authentication
US6789170B1 (en) 2001-08-04 2004-09-07 Oracle International Corporation System and method for customizing cached data
US7200590B2 (en) 2001-08-15 2007-04-03 Yahoo! Inc. Data sharing
US20030061482A1 (en) 2001-08-23 2003-03-27 Efunds Corporation Software security control system and method
JP2003067208A (ja) 2001-08-23 2003-03-07 Sony Corp 情報処理装置および方法、記録媒体、並びにプログラム
US7263561B1 (en) 2001-08-24 2007-08-28 Mcafee, Inc. Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
US7254526B2 (en) 2001-08-24 2007-08-07 International Business Machines Corporation Apparatus and method for determining compatibility of web sites with designated requirements based on functional characteristics of the web sites
US6826716B2 (en) 2001-09-26 2004-11-30 International Business Machines Corporation Test programs for enterprise web applications
US7530099B2 (en) 2001-09-27 2009-05-05 International Business Machines Corporation Method and system for a single-sign-on mechanism within application service provider (ASP) aggregation
WO2003027878A1 (en) 2001-09-28 2003-04-03 Fiberlink Communications Corporation Client-side network access polices and management applications
US7281132B2 (en) 2001-10-19 2007-10-09 Sun Microsystems, Inc. Using token-based signing to install unsigned binaries
US20030088807A1 (en) 2001-11-07 2003-05-08 Mathiske Bernd J.W. Method and apparatus for facilitating checkpointing of an application through an interceptor library
US6823433B1 (en) 2001-11-13 2004-11-23 Advanced Micro Devices, Inc. Memory management system and method for providing physical address based memory access security
JP3886362B2 (ja) 2001-11-13 2007-02-28 富士通株式会社 コンテンツフィルタリング方法、コンテンツフィルタリング装置およびコンテンツフィルタリングプログラム
US7069294B2 (en) 2001-11-14 2006-06-27 Hewlett-Packard Development Company, L.P. Browser based multiple file upload
US20030097591A1 (en) 2001-11-20 2003-05-22 Khai Pham System and method for protecting computer users from web sites hosting computer viruses
CA2363795A1 (en) 2001-11-26 2003-05-26 Cloakware Corporation Computer system protection by communication diversity
US6854039B1 (en) 2001-12-05 2005-02-08 Advanced Micro Devices, Inc. Memory management system and method providing increased memory access security
US7143362B2 (en) 2001-12-28 2006-11-28 International Business Machines Corporation System and method for visualizing and navigating content in a graphical user interface
US7318238B2 (en) 2002-01-14 2008-01-08 Microsoft Corporation Security settings for markup language elements
US7392545B1 (en) 2002-01-18 2008-06-24 Cigital, Inc. Systems and methods for detecting software security vulnerabilities
US6772345B1 (en) 2002-02-08 2004-08-03 Networks Associates Technology, Inc. Protocol-level malware scanner
CA2372034A1 (en) 2002-02-14 2003-08-14 Cloakware Corporation Foiling buffer-overflow and alien-code attacks by encoding
US20030163448A1 (en) 2002-02-26 2003-08-28 Sun Microsystems, Inc. Scripting service for translating browser requests into command line interface (CLI) commands
US7222170B2 (en) 2002-03-14 2007-05-22 Hewlett-Packard Development Company, L.P. Tracking hits for network files using transmitted counter instructions
US7191467B1 (en) 2002-03-15 2007-03-13 Microsoft Corporation Method and system of integrating third party authentication into internet browser code
US20030177390A1 (en) 2002-03-15 2003-09-18 Rakesh Radhakrishnan Securing applications based on application infrastructure security techniques
US7213051B2 (en) 2002-03-28 2007-05-01 Webex Communications, Inc. On-line conference recording system
US20040030788A1 (en) 2002-05-15 2004-02-12 Gaetano Cimo Computer message validation system
US6785790B1 (en) 2002-05-29 2004-08-31 Advanced Micro Devices, Inc. Method and apparatus for storing and retrieving security attributes
US20030229501A1 (en) 2002-06-03 2003-12-11 Copeland Bruce Wayne Systems and methods for efficient policy distribution
EP1525522A2 (en) * 2002-06-06 2005-04-27 Green Border Technologies Method and system for implementing a secure application execution environment using derived user accounts for internet content
US7596804B2 (en) 2002-07-02 2009-09-29 Aol Llc Seamless cross-site user authentication status detection and automatic login
US7113960B2 (en) 2002-08-22 2006-09-26 International Business Machines Corporation Search on and search for functions in applications with varying data types
US20040054791A1 (en) 2002-09-17 2004-03-18 Krishnendu Chakraborty System and method for enforcing user policies on a web server
US20040073811A1 (en) 2002-10-15 2004-04-15 Aleksey Sanin Web service security filter
US6850943B2 (en) 2002-10-18 2005-02-01 Check Point Software Technologies, Inc. Security system and methodology for providing indirect access control
US7343626B1 (en) 2002-11-12 2008-03-11 Microsoft Corporation Automated detection of cross site scripting vulnerabilities
US7359976B2 (en) 2002-11-23 2008-04-15 Microsoft Corporation Method and system for improved internet security via HTTP-only cookies
US7353282B2 (en) 2002-11-25 2008-04-01 Microsoft Corporation Methods and systems for sharing a network resource with a user without current access
US7308648B1 (en) 2002-11-27 2007-12-11 Microsoft Corporation Method, system, and computer-readable medium for filtering harmful HTML in an electronic document
US7986625B2 (en) 2002-12-10 2011-07-26 International Business Machines Corporation Resource-aware system, method and program product for managing request traffic based on a management policy
WO2004055632A2 (en) 2002-12-13 2004-07-01 Wholesecurity, Inc. Method, system, and computer program product for security within a global computer network
US7194744B2 (en) 2002-12-17 2007-03-20 International Business Machines Corporation System and method for dynamic exception handling using an external exception handler
US20040210536A1 (en) 2002-12-18 2004-10-21 Tino Gudelj Cross-domain transactions through simulated pop-ups
US7082572B2 (en) 2002-12-30 2006-07-25 The Board Of Trustees Of The Leland Stanford Junior University Methods and apparatus for interactive map-based analysis of digital video content
US7480907B1 (en) 2003-01-09 2009-01-20 Hewlett-Packard Development Company, L.P. Mobile services network for update of firmware/software in mobile handsets
US7779247B2 (en) 2003-01-09 2010-08-17 Jericho Systems Corporation Method and system for dynamically implementing an enterprise resource policy
CN1203403C (zh) 2003-01-17 2005-05-25 天图信息技术(上海)有限公司 网视网络广告投放系统中的后台智能下载方法
US7406502B1 (en) 2003-02-20 2008-07-29 Sonicwall, Inc. Method and system for classifying a message based on canonical equivalent of acceptable items included in the message
US7249162B2 (en) 2003-02-25 2007-07-24 Microsoft Corporation Adaptive junk message filtering system
US9003295B2 (en) 2003-03-17 2015-04-07 Leo Martin Baschy User interface driven access control system and method
JP4405248B2 (ja) * 2003-03-31 2010-01-27 株式会社東芝 通信中継装置、通信中継方法及びプログラム
US8136155B2 (en) 2003-04-01 2012-03-13 Check Point Software Technologies, Inc. Security system with methodology for interprocess communication control
US8396745B2 (en) 2003-04-28 2013-03-12 The Pen Expanding computer display advertising method and system
US20040230825A1 (en) 2003-05-16 2004-11-18 Shepherd Eric Robert Secure browser
US7119716B2 (en) 2003-05-28 2006-10-10 Legalview Assets, Limited Response systems and methods for notification systems for modifying future notifications
US20050108518A1 (en) 2003-06-10 2005-05-19 Pandya Ashish A. Runtime adaptable security processor
US7082527B2 (en) 2003-06-11 2006-07-25 Intel Corporation Method and system for rapid repurposing of machines in a clustered, scale-out environment
US7729992B2 (en) 2003-06-13 2010-06-01 Brilliant Digital Entertainment, Inc. Monitoring of computer-related resources and associated methods and systems for disbursing compensation
US8145710B2 (en) 2003-06-18 2012-03-27 Symantec Corporation System and method for filtering spam messages utilizing URL filtering module
US20040260754A1 (en) 2003-06-20 2004-12-23 Erik Olson Systems and methods for mitigating cross-site scripting
US20040268139A1 (en) 2003-06-25 2004-12-30 Microsoft Corporation Systems and methods for declarative client input security screening
US20050015752A1 (en) 2003-07-15 2005-01-20 International Business Machines Corporation Static analysis based error reduction for software applications
US7757268B2 (en) 2003-07-25 2010-07-13 Oracle International Corporation Policy based service management
US7735114B2 (en) 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7519689B2 (en) 2003-09-10 2009-04-14 Mohan Prabhuram Method and system to provide message communication between different browser based applications running on a desktop
US20050066290A1 (en) 2003-09-16 2005-03-24 Chebolu Anil Kumar Pop-up capture
US20050066311A1 (en) 2003-09-22 2005-03-24 International Business Machines Corporation Autonomic execution tracking and correction of functions
US7162626B2 (en) 2003-09-25 2007-01-09 Intel Corporation Use of common language infrastructure for sharing drivers and executable content across execution environments
US7275152B2 (en) 2003-09-26 2007-09-25 Intel Corporation Firmware interfacing with network protocol offload engines to provide fast network booting, system repurposing, system provisioning, system manageability, and disaster recovery
WO2005043360A1 (en) * 2003-10-21 2005-05-12 Green Border Technologies Systems and methods for secure client applications
US7444678B2 (en) 2003-10-28 2008-10-28 Aol Llc Securing resources from untrusted scripts behind firewalls
CN100478919C (zh) 2003-12-16 2009-04-15 深圳市朗科科技股份有限公司 改变移动存储设备功能或状态的方法
US20050177635A1 (en) 2003-12-18 2005-08-11 Roland Schmidt System and method for allocating server resources
US8266218B2 (en) 2004-02-12 2012-09-11 International Business Machines Corporation Automated electronic message filing system
US20050182928A1 (en) 2004-02-12 2005-08-18 Chandar Kamalanathan System and method for secure HTML links
US7111246B2 (en) 2004-02-17 2006-09-19 Microsoft Corporation User interface accorded to tiered object-related trust decisions
US20050193329A1 (en) 2004-02-27 2005-09-01 Micron Technology, Inc. Systems and methods for creating page based applications using database metadata
US7636941B2 (en) 2004-03-10 2009-12-22 Microsoft Corporation Cross-domain authentication
CN1299478C (zh) 2004-03-26 2007-02-07 清华大学 无线自组织网络中基于节点的度的路由搜寻和维护方法
US7467399B2 (en) 2004-03-31 2008-12-16 International Business Machines Corporation Context-sensitive confidentiality within federated environments
US8620742B2 (en) 2004-03-31 2013-12-31 Google Inc. Advertisement approval
US8528063B2 (en) 2004-03-31 2013-09-03 International Business Machines Corporation Cross domain security information conversion
CA2608382A1 (en) 2004-05-14 2005-12-01 Mobilaps, Llc Method of providing a web page with inserted content
US9026578B2 (en) 2004-05-14 2015-05-05 Microsoft Corporation Systems and methods for persisting data between web pages
CA2467945A1 (en) 2004-05-20 2005-11-20 Fernando Cuervo Open service discovery and routing mechanism for configuring cross-domain telecommunication services
CA2467939A1 (en) 2004-05-20 2005-11-20 Fernando Cuervo Architecture for configuration and management of cross-domain network services
US20070180490A1 (en) 2004-05-20 2007-08-02 Renzi Silvio J System and method for policy management
CA2468122A1 (en) 2004-05-20 2005-11-20 Fernando Cuervo Provisioning of cross domain telecommunication services through dynamic label differentiation
US20050268214A1 (en) 2004-05-31 2005-12-01 De-Jen Lu Simple input method for a web browser
US20050283828A1 (en) 2004-06-16 2005-12-22 Perley Tim E Multipurpose media access data processing system
US20060031347A1 (en) 2004-06-17 2006-02-09 Pekka Sahi Corporate email system
JP2006004136A (ja) 2004-06-17 2006-01-05 Fujitsu Ltd Htmlファイル処理方法及びプログラム
US8280819B2 (en) 2004-07-09 2012-10-02 Ebay Inc. Method and apparatus for securely displaying and communicating trusted and untrusted internet content
US8244910B2 (en) 2004-07-14 2012-08-14 Ebay Inc. Method and system to modify function calls from within content published by a trusted web site
US7730138B2 (en) 2004-07-14 2010-06-01 Microsoft Corporation Policy processing model
US7533265B2 (en) 2004-07-14 2009-05-12 Microsoft Corporation Establishment of security context
US7698375B2 (en) 2004-07-21 2010-04-13 International Business Machines Corporation Method and system for pluggability of federation protocol runtimes for federated user lifecycle management
US7669226B2 (en) 2004-07-30 2010-02-23 International Business Machines Corporation Generic declarative authorization scheme for Java
US20060041834A1 (en) 2004-08-19 2006-02-23 International Business Machines Corporation User-controlled web browser table sorting
US20060047959A1 (en) 2004-08-25 2006-03-02 Microsoft Corporation System and method for secure computing
US20060053048A1 (en) 2004-09-03 2006-03-09 Whenu.Com Techniques for remotely delivering shaped display presentations such as advertisements to computing platforms over information communications networks
US7979807B2 (en) 2004-09-07 2011-07-12 Routeone Llc Method and system for communicating and exchanging data between browser frames
US20060053411A1 (en) 2004-09-09 2006-03-09 Ibm Corporation Systems, methods, and computer readable media for consistently rendering user interface components
JP2006085227A (ja) 2004-09-14 2006-03-30 Fujitsu Ltd 通信端末装置
US20060069613A1 (en) 2004-09-29 2006-03-30 Microsoft Corporation System for partial automation of content review of network advertisements
US7831995B2 (en) 2004-10-29 2010-11-09 CORE, SDI, Inc. Establishing and enforcing security and privacy policies in web-based applications
WO2006101549A2 (en) 2004-12-03 2006-09-28 Whitecell Software, Inc. Secure system for allowing the execution of authorized computer program code
US7636856B2 (en) 2004-12-06 2009-12-22 Microsoft Corporation Proactive computer malware protection through dynamic translation
US7562382B2 (en) 2004-12-16 2009-07-14 International Business Machines Corporation Specializing support for a federation relationship
JP4208081B2 (ja) 2004-12-27 2009-01-14 インターナショナル・ビジネス・マシーンズ・コーポレーション 複数のウェブサイトにパーソナライズされた価値を追加するためのシステム、ウェブサーバ、方法およびプログラム
US20060167811A1 (en) 2005-01-24 2006-07-27 Microsoft Corporation Product locker for multi-merchant purchasing environment for downloadable products
US20070050446A1 (en) 2005-02-01 2007-03-01 Moore James F Managing network-accessible resources
DE102005021854B4 (de) 2005-05-11 2007-02-15 Siemens Ag Eigenschaften-basierte Zuweisung von Ressourcen zu Sicherheitsdomänen
US20060271425A1 (en) 2005-05-27 2006-11-30 Microsoft Corporation Advertising in application programs
ATE446629T1 (de) 2005-06-01 2009-11-15 Research In Motion Ltd System und verfahren zur bestimmung einer auf abgehende nachrichten anzuwendenden sicherheitscodierung
US8078740B2 (en) 2005-06-03 2011-12-13 Microsoft Corporation Running internet applications with low rights
US8074272B2 (en) 2005-07-07 2011-12-06 Microsoft Corporation Browser security notification
US20070011744A1 (en) 2005-07-11 2007-01-11 Cox Communications Methods and systems for providing security from malicious software
US8239939B2 (en) 2005-07-15 2012-08-07 Microsoft Corporation Browser protection module
US8146013B2 (en) 2005-07-26 2012-03-27 International Business Machines Corporation Allowing authorized pop-ups on a website
US8056114B2 (en) * 2005-08-23 2011-11-08 The Boeing Company Implementing access control policies across dissimilar access control platforms
US8245270B2 (en) 2005-09-01 2012-08-14 Microsoft Corporation Resource based dynamic security authorization
US20070073800A1 (en) 2005-09-29 2007-03-29 Intel Corporation Provisioning, configuring, and managing a platform in a network
US7725737B2 (en) 2005-10-14 2010-05-25 Check Point Software Technologies, Inc. System and methodology providing secure workspace environment
US7506248B2 (en) 2005-10-14 2009-03-17 Ebay Inc. Asynchronously loading dynamically generated content across multiple internet domains
WO2007048013A2 (en) 2005-10-20 2007-04-26 Starent Networks Corporation System and method for a policy enforcement point interface
US20070260495A1 (en) 2005-10-21 2007-11-08 Scott Mace Software Architecture and Database for Integrated Travel Itinerary and Related Reservation System Components
US20070100915A1 (en) 2005-10-31 2007-05-03 Rose Daniel E Methods for displaying dynamic suggestions in a user interface
US20070107057A1 (en) 2005-11-10 2007-05-10 Docomo Communications Laboratories Usa, Inc. Method and apparatus for detecting and preventing unsafe behavior of javascript programs
US7895604B2 (en) 2005-11-17 2011-02-22 Opera Software Asa Method and device for event communication between documents
US20070113282A1 (en) 2005-11-17 2007-05-17 Ross Robert F Systems and methods for detecting and disabling malicious script code
US8001215B2 (en) 2005-11-29 2011-08-16 Microsoft Corporation Unlimited history store for navigational web applications
US20070146812A1 (en) 2005-12-02 2007-06-28 Lawton Scott S Reader editable advertising
US7836303B2 (en) 2005-12-09 2010-11-16 University Of Washington Web browser operating system
US7757289B2 (en) 2005-12-12 2010-07-13 Finjan, Inc. System and method for inspecting dynamically generated executable code
US7725574B2 (en) 2006-01-23 2010-05-25 International Business Machines Corporation Web browser-based programming language error determination and reporting
US7818798B2 (en) 2006-02-03 2010-10-19 Microsoft Corporation Software system with controlled access to objects
US7818788B2 (en) 2006-02-14 2010-10-19 Microsoft Corporation Web application security frame
US7774459B2 (en) 2006-03-01 2010-08-10 Microsoft Corporation Honey monkey network exploration
US8024804B2 (en) 2006-03-08 2011-09-20 Imperva, Inc. Correlation engine for detecting network attacks and detection method
KR20070102859A (ko) 2006-04-17 2007-10-22 주식회사 케이블웨이 커뮤니케이션즈 인터넷 공지프레임 삽입 시스템
US7681175B2 (en) 2006-05-02 2010-03-16 Oracle International Corporation Methods and systems for displaying multiple unique dynamic messages on a user interface
US20070271342A1 (en) 2006-05-19 2007-11-22 Sbc Knowledge Ventures, L.P. Methods and systems to deliver electronic mail using payments
US20070294332A1 (en) 2006-06-19 2007-12-20 Microsoft Corporation Processing device for end customer operation
US8185737B2 (en) 2006-06-23 2012-05-22 Microsoft Corporation Communication across domains
US8250082B2 (en) 2006-06-23 2012-08-21 Microsoft Corporation Cross domain communication
US20080005282A1 (en) 2006-07-03 2008-01-03 Dewey Gaedcke Method for displaying user generated content in a web browser
US8775930B2 (en) 2006-07-07 2014-07-08 International Business Machines Corporation Generic frequency weighted visualization component
US20080046518A1 (en) 2006-08-16 2008-02-21 James I Tonnison Enhanced E-Mail System
US8898072B2 (en) 2007-04-20 2014-11-25 Hubpages, Inc. Optimizing electronic display of advertising content
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US7979791B2 (en) 2007-07-30 2011-07-12 Google Inc. Cross-domain communication
KR20090014846A (ko) 2007-08-07 2009-02-11 삼성전자주식회사 맞춤형 정보 표시 방법 및 브라우저 에이전트
US8543683B2 (en) 2007-09-26 2013-09-24 Microsoft Corporation Remote monitoring of local behavior of network applications
US20090132713A1 (en) 2007-11-20 2009-05-21 Microsoft Corporation Single-roundtrip exchange for cross-domain data access
US20090183227A1 (en) 2008-01-11 2009-07-16 Microsoft Corporation Secure Runtime Execution of Web Script Content on a Client
US8621495B2 (en) 2008-01-18 2013-12-31 Microsoft Corporation Methods and apparatus for securing frames from other frames
US20090254898A1 (en) 2008-04-08 2009-10-08 Microsoft Corporation Converting a device from one system to another
US9524344B2 (en) 2008-06-03 2016-12-20 Microsoft Corporation User interface for online ads
US20090299862A1 (en) 2008-06-03 2009-12-03 Microsoft Corporation Online ad serving
US20090327869A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Online ad serving
US20090327896A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Dynamic media augmentation for presentations
US8522200B2 (en) 2008-08-28 2013-08-27 Microsoft Corporation Detouring in scripting systems

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101751287B (zh) * 2008-12-03 2013-01-09 北京天融信科技有限公司 在Windows下不受用户权限限制执行操作的方法
CN106126350A (zh) * 2009-11-27 2016-11-16 谷歌公司 客户端‑服务器输入法编辑器体系结构
CN106126350B (zh) * 2009-11-27 2020-01-24 谷歌有限责任公司 客户端-服务器输入法编辑器体系结构
CN102073598A (zh) * 2010-12-28 2011-05-25 北京深思洛克软件技术股份有限公司 一种实现磁盘数据安全保护的方法及装置

Also Published As

Publication number Publication date
US8161563B2 (en) 2012-04-17
US20060277311A1 (en) 2006-12-07
US8078740B2 (en) 2011-12-13
WO2006132765A2 (en) 2006-12-14
KR20080014824A (ko) 2008-02-14
KR101242312B1 (ko) 2013-03-12
US20110106948A1 (en) 2011-05-05
CN101208928B (zh) 2011-06-29
US20060277218A1 (en) 2006-12-07
WO2006132765A3 (en) 2007-11-22
US7792964B2 (en) 2010-09-07
HK1119321A1 (en) 2009-02-27

Similar Documents

Publication Publication Date Title
CN101208928B (zh) 运行具有低权限的因特网应用程序
US10404708B2 (en) System for secure file access
US7516477B2 (en) Method and system for ensuring that computer programs are trustworthy
RU2501082C2 (ru) Управление доступом к документам с использованием блокировок файла
JP4705489B2 (ja) デバイスドライバプログラムを記録したコンピュータ読取可能なポータブル記録媒体、記憶装置アクセス方法および記憶装置アクセスシステム
KR100305486B1 (ko) 컴퓨터관련보안제공방법,컴퓨터시스템및컴퓨터장치
KR101970744B1 (ko) 신뢰 레벨 활성화 기법
KR101308859B1 (ko) 임시 관리자 권한 부여 기능을 가진 단말기 및 이를 이용한 임시 관리자 권한 부여 방법
KR101231266B1 (ko) 라이센싱용 프로그래밍 인터페이스
US8271995B1 (en) System services for native code modules
US10417179B2 (en) Method for managing files and apparatus using the same
JP2007316637A (ja) 個別アプリケーション・プログラム用のスクリーンセーバ
KR20080021694A (ko) 도움말 시스템에서 보안을 제공하는 컴퓨터 구현 방법,시스템, 및 컴퓨터 판독가능 매체
WO2006134023A1 (en) Virtualized file system
US7647629B2 (en) Hosted code runtime protection
JP7228751B2 (ja) 権限管理のための方法および装置、コンピュータ機器ならびに記憶媒体
US7076557B1 (en) Applying a permission grant set to a call stack during runtime
US8307456B2 (en) Systems and methods for a secure guest account
JP4516598B2 (ja) 文書のコピーを制御する方法
JP2006107505A (ja) アクセス認可のapi
US8230116B2 (en) Resumption of execution of a requested function command
JP2008152519A (ja) コンピュータ及びその基本ソフトウェア
US20050182965A1 (en) Proxy permissions controlling access to computer resources
US8627068B1 (en) Selecting access authorities
KR101391508B1 (ko) 저장된 파일을 보호하는 단말기 및 방법

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1119321

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1119321

Country of ref document: HK

ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150519

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150519

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.