Out-of-band framework libraries within applications

Assignee

• Microsoft Corporation · US

Inventors

• Eric St. John · Kirkland, US
• Mohammad Rahim Bhojani · Bothell, US
• Alok Shriram · Redmond, US
• David Kean · Redmond, US
• Divya Swarnkar · Redmond, US
• Kumar Gaurav Khanna · Woodinville, US
• Gaye Oncul Kok · Bellevue, US
• Jan Kotas · Redmond, US
• Michael Rayhelson · Seattle, US
• Michael Rousos · Massillon, US
• Weitao Su · Sammamish, US
• Matthew Charles Cohn · Seattle, US
• Zhanliang Chen · 安丰镇, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F9/44536
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An enhanced binder provides flexibility and certainty when selecting a version of a software library to load, and an enhanced loader prevents a library version vulnerable to a security flaw from being loaded. The binder can perform unification, implicit override, and/or redirection. Implicit override searches assembly-specific locations for an implicit_version, and override the previously chosen unification or other version with the implicit_version when the implicit_version is greater. The implicit_version gets updated with the individual assembly, whereas the unification_version gets updated with the framework. Redirection may override the implicit_version. Unlike redirection, an implicit_version does not recite an explicit range and is found outside application configuration files. The implicit_version is specified implicitly by the assembly without an XML declaration. Vulnerable libraries are not loaded, based on out-of-band metadata placed in response to a list of known out-of-band assemblies, an out-of-band-servicing attribute, or a custom servicing library.