Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

Abstract: Described is a technology in which one application running in a browser can host another application (e.g., an advertisement) in an isolated manner that prevents the hosted application from accessing browser data, or data of any other hosted application (including the host). The host and/or hosted application may be a browser plug-in (e.g., Microsoft® Silverlight™) application. The host application privately instantiates a hidden plug-in, with that hidden plug-in's access to browser data disabled, and loads the hosted application in the hidden plug-in. A XAML tag element may be used to identify the hosted application, along with a rendering area for the hosted application. Content from the hosted application is composited with content from the host application when rendering. The host application may provide keywords to the hosted application, such as for selecting relevant advertisements, and/or may allow the hosted application to open a browser window to display associated website content.

Abstract: In a computing environment, one may wish to have interoperability between trusted and untrusted controls/plug-ins allowing for richer expression of content and control within a platform. This can be accomplished by allowing an untrusted plug-in to communicate with a trusted plug-in, while having the trusted plug-in exercise control over the platform. This allows for the creation of a layered secure approach of communication with a platform, thus allowing for increased application richness in untrusted third party applications.

Abstract: Extensions or additional software programs that are requested by a computer application running on an application platform are handled in an efficient manner by, among other things, regulating and tracking extensions that are downloaded. This allows the size of the application platform upon which the application is running to remain relatively small so as to mitigate strain on resources when the platform is initially deployed over a network (e.g., the Internet), thus making it easier and more likely for a user to install the application platform (and/or updates thereto). Requested extensions are subsequently added to and/or removed from the (already deployed) application platform based on, among other things, download metrics.

Abstract: Various embodiments are disclosed relating to performing a trusted copy and paste operations between a source application and a target application. For example, a trust system may receive a paste request for pasting copied source content, and may compare a source trust level associated with the source content to a target trust level associated with a target application. In this way, for example, harmful or disruptive code may be prevented from being pasted into the target application.

Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.