Extending browser functionality with dynamic on-the-fly downloading of untrusted browser components

摘要

Subject innovations enable a client device to dynamically download Digital Rights Management components, and/or other plug-ins, to extend a browser functionality, where the downloading places the downloaded component(s) within a super sandbox that, inter alia, disables selected operating system calls by the downloaded component, performs one or more heuristic analysis on code execution of the component to detect possible malicious code, and restricts output through the super sandbox to those responses that are in response to a request to the component, rather than output that the component might have initiated ‘on its own.’ In some embodiments, a webpage is configured to include instructions to automatically download and install the component, thereby minimizing user actions to directly request and/or install the component.

主权项

1. A client device, comprising:
a network interface card to receive content over a network; and one or more processors that perform actions, including:
receiving with a request for content, an instruction to download a Digital Rights Management (DRM) component onto the client device;automatically downloading the DRM component into a super sandbox within the client device that securely isolates communications with the DRM component;performing at least one security analysis on the DRM component by the super sandbox;when the security analysis indicates that the DRM component appears safe, registering the isolated DRM component with a registry of a browser application to extend a functionality of the browser application and to operate on behalf of requests from the browser application;analyzing communications with the registered DRM component and at least one application within the client device; andwhen an analyzed communication with the registered DRM component is determined to be unsafe, performing a security action on the registered DRM component.