Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

Abstract: Techniques for handling security of an application and its extension are described. In one embodiment, an application manager of an operating system running within a data processing system launches an application in a first sandboxed environment based on a first security profile associated with the application. In response to receiving a request from the application for accessing a function of an application extension that is associated with the application, the application manager launches the application extension in a second sandboxed environment based on a second security profile associated with the application extension. The application manager is to individually enforce security and manage resources of the application and the application extension in the first and second sandboxed environments based on the first and second security profiles, respectively. The second security profile specifies resources fewer than the first security profile.

Abstract: Methods, systems, and machine-readable storage medium are described wherein identifiers are used to allow access to files or folders in a restricted operating environment. One embodiment provides a process comprising receiving a selection of a resource managed by a restricted operating environment; requesting from a resource manager of the restricted operating environment, in response to the selection, a location identifier associated with the resource; receiving, in response to the request, a bookmark and a digest, wherein the digest is a cryptographically derived version of the bookmark and the bookmark is to enable retrieval of the resource on a storage device; and storing the bookmark and the digest in the restricted operating environment to indicate trust of the resource.

Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.

Abstract: Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for preserving references in sandboxes. A system implementing the method receives a document for use in a sandbox environment and passes the document to a parser, via a coordinator. The parser finds references in the document to other resources and outputs a list of references. The system passes the list of references to a verifier that verifies each reference and outputs a list of verified references. The system passes the list of verified references to the sandboxed application which extends the sandbox to include the resources on the list of verified references. In one embodiment, the system preserves references in sandboxes without the use a coordinator.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for booting a computing device having an encrypted storage medium using full disk encryption, referred to as tamper-resistant boot. The system retrieves a kernel cache and a kernel cache digest from an unencrypted storage medium and verifies the authenticity of the kernel cache based on the credentials and the kernel cache digest. Initiation and execution of the operating system is performed if the kernel cache is authentic. In one embodiment, the system verifies the authenticity of a request to disable tamper-resistant booting by utilizing a password verifier and a password proof.

Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.

Abstract: According to one aspect, a graphics management system receives a first message from a first process for granting one or more rights to a second process for accessing a GUI element owned by the first process. In response, the graphics management system transmits a second message to the second process, the second message offering the one or more rights to the second process. The graphics management system receives a third message from the second process indicating an acceptance of the offer. Thereafter, the graphics management system restricts access of the GUI element by the second process based on the one or more rights accepted by the second process.