公开(公告)号：US20100199357A1

公开(公告)日：2010-08-05

申请号：US12363791

申请日：2009-02-02

申请人： Kristofer D. Hoffman ,  Michael Ammerlaan ,  Matthew M. Swann ,  Dale A. Rector ,  Hongzhou Ma ,  Roger F. Grambihler ,  Shaofeng Zhu ,  William James Griffin

发明人： Kristofer D. Hoffman ,  Michael Ammerlaan ,  Matthew M. Swann ,  Dale A. Rector ,  Hongzhou Ma ,  Roger F. Grambihler ,  Shaofeng Zhu ,  William James Griffin

IPC分类号： G06F21/22

CPC分类号： G06F21/57 ,  G06F21/54

摘要： Various technologies and techniques are disclosed for increasing security in execution environments. A system is described for handling DLL calls made from untrusted code. An execution environment instantiates a lower trust process when a high trust process determines a need to call untrusted code. When the untrusted code calls a method in an original DLL, the execution environment loads a shim DLL into the lower trust process. The shim DLL has a clone of the method from the original DLL. A method for increasing security when processing calls from untrusted code is described. A shim DLL is created from an original DLL, and is deployed so an execution environment will load the shim DLL instead of the original DLL. When an execution environment receives a call from a caller DLL to the original DLL, the call is routed through the shim DLL. A pluggable validation system is also described.

摘要翻译： 为了提高执行环境的安全性，公开了各种技术和技术。 描述了一种用于处理由不受信任代码构成的DLL调用的系统。 当高信任过程确定需要调用不受信任的代码时，执行环境会实例化较低的信任过程。 当不可信代码调用原始DLL中的方法时，执行环境将一个垫片DLL加载到较低的信任过程中。 垫片DLL具有来自原始DLL的方法的克隆。 描述了在处理来自不可信代码的呼叫时增加安全性的方法。 一个垫片DLL是从一个原始的DLL创建的，并被部署，所以执行环境将加载垫片DLL，而不是原始的DLL。 当执行环境接收到从调用者DLL到原始DLL的调用时，调用将通过shim DLL进行路由。 还描述了可插拔验证系统。