PatentPDF Available

System and method for preserving references in sandboxes

  • December 2013
  • Patent: US8601579B2
Authors:
Ivan Krstić
Ivan Krstić
Ivan Krstić
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Pierre-Olivier J. Martel
Pierre-Olivier J. Martel
Pierre-Olivier J. Martel
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for preserving references in sandboxes. A system implementing the method receives a document for use in a sandbox environment and passes the document to a parser, via a coordinator. The parser finds references in the document to other resources and outputs a list of references. The system passes the list of references to a verifier that verifies each reference and outputs a list of verified references. The system passes the list of verified references to the sandboxed application which extends the sandbox to include the resources on the list of verified references. In one embodiment, the system preserves references in sandboxes without the use a coordinator.
Available via license: USPTO TOS
Content may be subject to copyright.
... An official threat model for the App Sandbox is not provided by Apple. Here, we instead deduce our own informal model from available marketing materials [40], developer documentation [3,5], and sandbox-related patents [16,30,31,32,48]. ...
State of the Sandbox: Investigating macOS Application Security
Conference Paper
  • Nov 2019
Sandboxing is a way to deliberately restrict applications accessing resources that they do not need to function properly. Sandboxing is intended to limit the effect of potential exploits and to mitigate overreach to personal data. Since June 1, 2012, sandboxing is a mandatory requirement for apps distributed through the Mac App Store (MAS). In addition, Apple has made it easier for developers to specify sandbox entitlements - capabilities that allow the app to access certain resources. However, sandboxing is still optional for macOS apps distributed outside Apple's official app store. This paper provides two contributions. First, the sandbox mechanism of macOS is analyzed and a critical sandbox-bypass is identified. Second, the general adoption of the sandbox mechanism, as well as app-specific sandbox configurations are evaluated. For that purpose all 8366 free apps of the MAS, making 25 % of all apps available on the MAS, as well as 4672 apps retrieved from MacUpdate (MU), a third-party app store, were analyzed dynamically. The dataset is over eight times larger than the second biggest study of macOS apps. It is shown that more than 94 % of apps on the MAS are sandboxed. However, more than 89 % of apps distributed through MU do not make use of sandboxing, putting users' data at risk.
ResearchGate has not been able to resolve any references for this publication.