MIME handling security enforcement

摘要

A model restricts un-trusted data/objects from running on a user's machine without permission. The data is received by a protocol layer that reports a MIME type associated with the DATA, and caches the data and related cache file name (CFN). A MIME sniffer is arranged to identify a sniffed MIME type based on the cached data, the CFN, and the reported MIME type. Reconciliation logic evaluates the sniffed MIME type and the CFN to determine a reconciled MIME type, and to update the CFN. A class ID sniffer evaluates the updated CFN, the cached data, and the reconciled MIME type to determine an appropriate class ID. Security logic evaluates the updated CFN, the reported class ID, and other related system parameters to build a security matrix. Parameters from the security matrix are used to intercept data/objects before an un-trusted data/object can create a security breach on the machine.

主权项

1. A method comprising:
determining that a reported multipurpose internet mail exchange (MIME) type for a downloaded file is inconsistent with a sniffed MIME type for the file; replacing a file extension associated with the file with an updated file extension to reconcile the reported MIME type, the file extension being replaced based on the reported MIME type being inconsistent with the sniffed MIME type; reporting a reconciled MIME type to a class ID sniffer that is configured to determine a class ID for the file based on content of the file, the updated file extension, and the reconciled MIME type; and causing the file to be executed in an executable shell determined from a security matrix that includes the class ID and the updated file extension, the security matrix being configured to map a set of user interface definitions to a security level assessment based on the updated file extension, the class ID, and one or more associated registered types.