PatentPDF Available

System and method for preserving references in sandboxes



Disclosed herein are systems, methods, and non-transitory computer-readable storage media for preserving references in sandboxes. A system implementing the method receives a document for use in a sandbox environment and passes the document to a parser, via a coordinator. The parser finds references in the document to other resources and outputs a list of references. The system passes the list of references to a verifier that verifies each reference and outputs a list of verified references. The system passes the list of verified references to the sandboxed application which extends the sandbox to include the resources on the list of verified references. In one embodiment, the system preserves references in sandboxes without the use a coordinator.
... An official threat model for the App Sandbox is not provided by Apple. Here, we instead deduce our own informal model from available marketing materials [40], developer documentation [3,5], and sandbox-related patents [16,30,31,32,48]. ...
Conference Paper
Sandboxing is a way to deliberately restrict applications accessing resources that they do not need to function properly. Sandboxing is intended to limit the effect of potential exploits and to mitigate overreach to personal data. Since June 1, 2012, sandboxing is a mandatory requirement for apps distributed through the Mac App Store (MAS). In addition, Apple has made it easier for developers to specify sandbox entitlements - capabilities that allow the app to access certain resources. However, sandboxing is still optional for macOS apps distributed outside Apple's official app store. This paper provides two contributions. First, the sandbox mechanism of macOS is analyzed and a critical sandbox-bypass is identified. Second, the general adoption of the sandbox mechanism, as well as app-specific sandbox configurations are evaluated. For that purpose all 8366 free apps of the MAS, making 25 % of all apps available on the MAS, as well as 4672 apps retrieved from MacUpdate (MU), a third-party app store, were analyzed dynamically. The dataset is over eight times larger than the second biggest study of macOS apps. It is shown that more than 94 % of apps on the MAS are sandboxed. However, more than 89 % of apps distributed through MU do not make use of sandboxing, putting users' data at risk.
ResearchGate has not been able to resolve any references for this publication.