Parte del contenido de esta aplicación no está disponible en este momento.
Si esta situación persiste, contáctenos aComentarios y contacto
1. (WO2019068019) SYSTEMS AND METHODS FOR INTRINSIC RUNTIME SECURITY
Nota: Texto obtenido mediante procedimiento automático de reconocimiento óptico de caracteres.
Solo tiene valor jurídico la versión en formato PDF

CLAIMS

We Claim:

1. A system for intrinsic runtime security in a computing system comprises:

an application code repository that stores application code written in a prototypal language and intended for execution; wherein the application code comprises trusted application code and untrusted application code;

a security code repository that stores a security policy;

a trusted execution context, having a first level of access to the computing system, that executes the trusted application code;

a first sandboxed execution context, having a second level of access to the computing system more restricted than the first level of access, that executes the untrusted application code; wherein the first sandboxed execution context modifies an object present in the trusted application code; and

a policy enforcement module, operating based on the security policy, that enables the first sandboxed execution context to modify the object without enabling unrestricted access of the first sandboxed execution context to an original prototype of the object.

2. The system of claim l, wherein a first level of access is required to modify code of the application code repository; wherein a second and distinct level of access is required to modify code of the security code repository.

3. The system of claim 1, wherein the security policy includes whitelist policies that specify, for an object type, methods and fields for which the object type should be provided access.

4. The system of claim 1, wherein the application code is designated as trusted or untrusted automatically by the policy enforcement module based on analysis of the application code.

5. The system of claim 1, wherein the policy enforcement module enables the first sandboxed execution context to modify the object without enabling unrestricted access of the first sandboxed execution context to the original prototype by:

detecting that the object is to be moved from the trusted execution context to the first sandboxed execution context;

generating an object copy having a modified object prototype distinct from the original prototype; and

passing the object copy to the first sandboxed execution context instead of the object.

6. The system of claim 5, wherein the policy enforcement module provides access to the object after modification by the first sandboxed execution context by modifying a value of the object, without modifying the original prototype, in response to modifications made by the first sandboxed execution context to the object copy.

7. The system of claim 5, wherein the policy enforcement module generates the object copy with a prototype chain, including the modified object prototype, entirely unique to the first sandboxed execution context.

8. The system of claim 5, wherein the first sandboxed execution context attempts to modify a second object present in the trusted application code; wherein after detecting that the second object is to be moved from the trusted execution context to the first sandboxed execution context and that the second object contains a second prototype as a value, the policy enforcement module prevents direct access to the second object.

9. The system of claim 8, wherein the policy enforcement module prevents direct access to the second object by:

generating a second object copy having a second modified object prototype distinct from an original prototype of the second object; and

passing the second object copy to the first sandboxed execution context instead of the second object.

10. The system of claim 8, wherein the policy enforcement module prevents direct access to the second object by preventing modification of the second object and indicating an error.

11. The system of claim 8, wherein the policy enforcement module prevents direct access to the second object by terminating the first sandboxed execution context.

12. The system of claim 1, wherein the object has a first prototype chain including a second prototype pointed to by the original prototype; wherein the policy enforcement module enables the first sandboxed execution context to modify the object without enabling unrestricted access of the first sandboxed execution context to the original prototype by: detecting that the object is to be moved from the trusted execution context to the first sandboxed execution context;

generating an object copy having a modified object prototype distinct from the original prototype; wherein the modified object prototype provides restricted access to the first prototype chain; and

passing the object copy to the first sandboxed execution context instead of the object.

13. The system of claim 12, wherein the modified object prototype points to the original prototype; wherein a strict subset of modifications possible in the modified object prototype may affect the original prototype.

14. The system of claim 12, wherein the modified object prototype points to the second prototype; wherein a strict subset of modifications possible in the modified object prototype may affect the second prototype.

15. The system of claim 14, wherein a prototype chain of the object copy is flattened relative to the prototype chain of the object.

16. The system of claim 12, wherein the modified object prototype points to the second prototype; wherein a strict subset of modifications possible in the modified object prototype may affect the second prototype.

17. The system of claim 12, wherein the policy enforcement module also generates a second modified object prototype; wherein the second modified object prototype is a copy of the second prototype that provides restricted access and points to the second prototype; wherein the modified object prototype points to the second modified object prototype; wherein a strict subset of modifications possible in the second modified object prototype may affect the second prototype.

18. The system of claim 1, wherein the policy enforcement module enables the first sandboxed execution context to modify the object without enabling unrestricted access of the first sandboxed execution context to the original prototype by:

detecting that the object is to be moved from the trusted execution context to the first sandboxed execution context;

generating a placeholder object, mapped to the object, that provides restricted access to the object; and

passing the placeholder object to the first sandboxed execution context instead of the object.

19. The system of claim 18, wherein the placeholder object is mapped to the object by a private WeakMap.

20. The system of claim 18, wherein the policy enforcement module generates the placeholder object only after detecting that the object is of a magic type.

21. The system of claim 1, wherein the object has a first prototype chain including a second prototype pointed to by the original prototype; wherein the policy enforcement module enables the first sandboxed execution context to modify the object without enabling unrestricted access of the first sandboxed execution context to the original prototype by: detecting that the object is to be moved from the trusted execution context to the first sandboxed execution context;

generating an object copy having a modified prototype chain; wherein the modified prototype chain is an immutable copy of the first prototype chain; and

passing the object copy to the first sandboxed execution context instead of the object.