IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8429741 B1

PDFFull Text
Date of Patent:
Apr. 23, 2013

Filed:

Aug. 29, 2008

Altered token sandboxing

Applicants:

Carlos E. Pizano, Mountain View, CA (US);

Nicolas Sylvain, Santa Clara, CA (US);

Jose Ricardo Vargas Puentes, San Jose, CA (US);

Finnur Breki Thorarinsson, Mountain View, CA (US);

Mark Alan Larson, San Carlos, CA (US);

Inventors:

Carlos E. Pizano, Mountain View, CA (US);

Nicolas Sylvain, Santa Clara, CA (US);

Jose Ricardo Vargas Puentes, San Jose, CA (US);

Finnur Breki Thorarinsson, Mountain View, CA (US);

Mark Alan Larson, San Carlos, CA (US);

Assignee:

Google, Inc., Mountain View, CA (US);

Attorney:

Sterne, Kessler, Goldstein & Fox PLLC

Primary Examiner:

Eleni Shiferaw

Assistant Examiner:

Jing Sims

Int. Cl.
CPC ...
G06F 7/04 (2006.01); G06F 12/00 (2006.01); G06F 12/14 (2006.01); G06F 17/30 (2006.01); G06D 13/00 (2006.01); G11C 7/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

Embodiments of the present invention relate generally to application security. In an embodiment, a method for altered token sandboxing includes creating a process based on a naked token and suspending the process. The method further includes obtaining an impersonation token and resuming the process with the impersonation token. The method further includes acquiring resources needed for the process with the impersonation token. The method also includes replacing the impersonation token with the naked token. In a further embodiment, the method further includes executing the suspended process with the naked token and the acquired resources. In another embodiment, a system for user-mode, altered token sandboxing includes a security module, an acquisition module and a replacement module. In a further embodiment, the system may include an execution module. In another embodiment, the system may include a request module.

Find Patent Forward Citations

Loading…