Aaron R Goldfeder

US Patent:

7359976, Apr 15, 2008

Filed:

Nov 23, 2002

Appl. No.:

10/303113

Inventors:

David A. Ross - Redmond WA, US
Cem Paya - Seattle WA, US
Aaron Goldfeder - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 15/16

US Classification:

709229, 709203, 709225

Abstract:

A system and method that prevents certain cookies, as specified by an Internet server, from being accessed through client-side script, thereby mitigating the amount of damage that cross-site scripting attacks can accomplish. The server marks selected cookies with an attribute that flags such cookies as being protected, and a security mechanism in the client prevents protected cookies from being accessed via script. A protected (flagged) cookie can still be accessed by the server, (e. g. , via HTTP), while non-flagged cookies can be accessed by the server or script. An API or similar layer implements the security mechanism that checks for the attribute, and fails requests for any cookies having that attribute set. The present invention can also be adapted to prevent a malicious script from overwriting existing HTTP-only cookies on a client machine.

US Patent:

7516477, Apr 7, 2009

Filed:

Oct 21, 2004

Appl. No.:

10/971499

Inventors:

Karen E. Corby - Seattle WA, US
Aaron Goldfeder - Seattle WA, US
John M. Hawkins - Duvall WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00

US Classification:

726 1, 726 26

Abstract:

Described is a system and method by which an application program is evaluated for trustworthiness based on the permissions and/or privileges it requests relative to a program category. The program describes the permissions needed to operate, and identifies itself as belonging to a particular category. Security components compare the requested permission set against the permissions that programs of that category actually need in order to operate properly. Programs requesting more permissions than needed are deemed untrustworthy. For example, screen saver application programs need only a limited permission set to operate properly, including full screen access and the ability to read files, but do not need network access permissions or write access to files. Any screensaver application that requests only the needed permission set is deemed trustworthy, while others that request permissions beyond what is actually needed are not deemed trustworthy, and a user or automated policy process may then intervene.

US Patent:

7614002, Nov 3, 2009

Filed:

Jul 1, 2005

Appl. No.:

11/174259

Inventors:

Aaron R. Goldfeder - Seattle WA, US
Cem Paya - Seattle WA, US
Frank M. Schwieterman - Seattle WA, US
Darren Mitchell - Woodinville WA, US
Rajeev Dujari - Kirkland WA, US
Stephen J. Purpura - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 3/00
G06F 21/00
H04L 29/06

US Classification:

715745, 715740, 715742, 709224, 709226, 713183, 713172, 713159

Abstract:

A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e. g. , store, retrieve or delete) directed to cookies on a user's computer. Various properties of each cookie and the context in which it is being used are evaluated against a user's privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site's response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.

US Patent:

7669238, Feb 23, 2010

Filed:

Nov 10, 2003

Appl. No.:

10/705756

Inventors:

Gregory D. Fee - Seattle WA, US
Aaron Goldfeder - Seattle WA, US
John M. Hawkins - Duvall WA, US
Jamie L. Cool - Redmond WA, US
Sebastian Lange - Seattle WA, US
Sergey Khorun - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00

US Classification:

726 22, 726 27, 726 30, 726 1, 726 4, 380 29, 713190, 713156, 713167, 713170, 713187

Abstract:

Evidence-based application security may be implemented at the application and/or application group levels. A manifest may be provided defining at least one trust condition for the application or application group. A policy manager evaluates application evidence (e. g. , an XrML license) for an application or group of applications relative to the manifest. The application is only granted permissions on the computer system if the application evidence indicates that the application is trusted. Similarly, a group of applications are only granted permissions on the computer system if the evidence indicates that the group of applications is trusted. If the application evidence satisfies the at least one trust condition defined by the manifest, the policy manager generates a permission grant set for each code assembly that is a member of the at least one application. Evidence may be further evaluated for code assemblies that are members of the trusted application or application group.

US Patent:

7743423, Jun 22, 2010

Filed:

Feb 3, 2004

Appl. No.:

10/772207

Inventors:

Sebastian Lange - Seattle WA, US
Gregory D. Fee - Seattle WA, US
Aaron Goldfeder - Seattle WA, US
Ivan Medvedev - Bellevue WA, US
Michael Gashler - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04N 7/16
G06F 17/00
G06F 11/30
G06F 9/44

US Classification:

726 26, 726 1, 726 30, 717126, 717131, 717135, 717100, 717101, 717124, 717125, 717127, 717128, 717129, 713193

Abstract:

All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.

US Patent:

7926105, Apr 12, 2011

Filed:

Feb 28, 2006

Appl. No.:

11/364359

Inventors:

Karen Elizabeth Corby - Seattle WA, US
Mark Alcazar - Seattle WA, US
Viresh Ramdatmisier - Seattle WA, US
Ariel Jorge Kirsman - Bellevue WA, US
Andre A. Needham - Redmond WA, US
Akhilesh Kaza - Sammamish WA, US
Raja Krishnaswamy - Redmond WA, US
Jeff Cooperstein - Bellevue WA, US
Charles W Kaufman - Sammamish WA, US
Chris Anderson - Redmond WA, US
Venkata Rama Prasad Tammana - Kirkland WA, US
Aaron R Goldfeder - Tampa FL, US
John Hawkins - Duvall WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 11/00
G06F 12/14
G06F 12/16
G08B 23/00

US Classification:

726 22, 713152, 709229

Abstract:

Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

US Patent:

8156558, Apr 10, 2012

Filed:

May 17, 2003

Appl. No.:

10/440518

Inventors:

Aaron R. Goldfeder - Seattle WA, US
John M. Hawkins - Duvall WA, US
Sergey A. Khorun - Redmond WA, US
Viresh N. Ramdatmisier - Seattle WA, US
Joseph Thomas Farro - Bothell WA, US
Gregory Darrell Fee - Seattle WA, US
Jeremiah S. Epling - Redmond WA, US
Andrew G. Bybee - Duvall WA, US
Jingyang Xu - Redmond WA, US
Tony Edward Schreiner - Redmond WA, US
Jamie L. Cool - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 11/30
G06F 12/14

US Classification:

726 25, 713189, 713188, 726 24

Abstract:

Described is a mechanism for collectively evaluating security risks associated with loading an application. A hosting environment associated with loading the application invokes a trust manager to evaluate the security risks. The trust manager invokes a plurality of trust evaluators, where each trust evaluator is responsible for analyzing and assessing a different security risk. Upon completion of each security risk evaluation, results of those individual security risk evaluations are returned to the trust manager. The trust manager aggregates the variety of security risk evaluation results and makes a security determination based on the aggregated evaluation results. That determination may be to move forward with loading the application, to block the load of the application, or perhaps to prompt the user for a decision about whether to move forward with the load.

US Patent:

8166406, Apr 24, 2012

Filed:

Jun 28, 2002

Appl. No.:

10/187389

Inventors:

Aaron Goldfeder - Seattle WA, US
Cem Paya - Seattle WA, US
Joseph J. Gallagher - Seattle WA, US
Roberto A. Franco - Seattle WA, US
Stephen J. Purpura - Kirkland WA, US
Darren Mitchell - Woodinville WA, US
Frank M. Schwieterman - Seattle WA, US
Viresh Ramdatmisier - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 3/00

US Classification:

715745, 715741, 715744, 715747, 709224

Abstract:

A method and system that provide an intuitive user interface and related components for making Internet users aware of Internet cookie-related privacy issues, and enabling users to control Internet privacy through automatic cookie handling. Default privacy settings for handling cookies are provided, and through the user interface, the privacy settings may be customized to a user's liking. Further, through the user interface, for each individual site that forms a page of content, the site's privacy policy may be reviewed and/or the privacy controlled by specifying how cookies from that site are to be handled. To make users aware, the user interface provides an active alert on a first instance of a retrieved web site's content that fails to include satisfactory privacy information, and thereafter, provides a distinctive passive alert to allow the user selective access to privacy information, per-site cookie handling and cookie handling settings.