06275938 is referenced by 291 patents and cites 14 patents.

Untrusted executable code programs (applets or controls) are written in native, directly executable code. The executable code is loaded into a pre-allocated memory range (sandbox) from which references to outside memory are severely restricted by checks (sniff code) added to the executable code. Conventional application-program interface (API) calls in the untrusted code are replaced with translation-code modules (thunks) that allow the executable code to access the host operating system, while preventing breaches of the host system's security. Static links in the code are replaced by calls to thunk modules. When an API call is made during execution, control transfers to the thunk, which determines whether the API call is one which should be allowed to execute on the operating system.

Title
Security enhancement for untrusted executable code
Application Number
8/919844
Publication Number
6275938 (B1)
Application Date
August 28, 1997
Publication Date
August 14, 2001
Inventor
Sudeep Bharati
Bellevue
WA, US
Barry Bond
Renton
WA, US
Agent
Schwegman Lundberg Woessner & Kluth P A
US
Assignee
Microsoft Corporation
WA, US
IPC
H01D 13/00
View Original Source