Component-level sandboxing
US8180893B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 15, 2010 |
| Grant date | May 15, 2012 |
| Priority date | — |
| Expiry date | Sep 28, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/53
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Component-level sandboxing is implemented in the example context of an enterprise rights management system. A policy enforcement module monitors an application executing on a client to detect and evaluate data access requests in view of a rights policy. The policy enforcement module determines how to handle the request based on the whether the policy permits the request. If the request is permitted, the policy enforcement module allows the requests and sandboxes it using virtualization. The sandbox virtualizes the thread making the request and/or a data access component involved in the request. Other aspects of the application that do not implicate the rights policy are not sandboxed. In this way, sandboxing is used to enforce the rights policy in a manner that is transparent to the user and consumes relatively few resources of the client.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.