US20170180379A1 - Enforcement of document element immutability - Google Patents

Enforcement of document element immutability Download PDF

Info

Publication number
US20170180379A1
US20170180379A1 US15449699 US201715449699A US2017180379A1 US 20170180379 A1 US20170180379 A1 US 20170180379A1 US 15449699 US15449699 US 15449699 US 201715449699 A US201715449699 A US 201715449699A US 2017180379 A1 US2017180379 A1 US 2017180379A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
link
document
determining
computing device
whether
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
US15449699
Inventor
Aaron T. Emigh
James A. Roskind
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30861Retrieval from the Internet, e.g. browsers
    • G06F17/30876Retrieval from the Internet, e.g. browsers by using information identifiers, e.g. encoding URL in specific indicia, browsing history
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

In some embodiments, techniques for computer security comprise parsing an electronic document; determining that a first element of the electronic document specifies immutability of a second element of the electronic document; setting an immutability indicator associated with the second element of the electronic document; receiving a request to modify the second element of the electronic document; determining that the immutability indicator associated with the second element of the electronic document is set; and responsive to determining that the immutability indicator associated with the second element of the electronic document is set, preventing the second element of the electronic document from being modified.

Description

    CROSS REFERENCE TO OTHER APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 13/856,036, filed on Apr. 3, 2013, which is a continuation of U.S. patent application Ser. No. 11/016,150, filed on Dec. 17, 2004, now U.S. Pat. No. 8,423,471, which claims priority to U.S. Patent Application No. 60/542,211 filed on Feb.4, 2004 and U.S. Patent Application No. 60/566,671, filed on Apr. 29, 2004 and U.S. Patent Application No. 60/612,132, filed on Sep. 22, 2004. All of the afore-mentioned patent applications are hereby incorporated by reference in their entireties.
  • FIELD OF THE INVENTION
  • The present invention relates generally to the area of computer security. More specifically, techniques for protecting elements of a document are disclosed.
  • BACKGROUND OF THE INVENTION
  • Electronic documents such as web sites and email are used for a wide variety of purposes. The integrity of electronic documents is not assured, and document elements may be modified in a deceptive or malicious manner. Modified document elements have been used to illicitly run scripts and defraud users. Current email and web browser technology does not provide adequate defenses against the manipulation of document elements.
  • Accordingly, there is a need to protect users from electronic fraud.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Various embodiments of the invention are disclosed in the following detailed description and the accompanying drawings.
  • FIG. 1 is a diagram of a system for protecting a document element, according to some embodiments.
  • FIG. 2 is a flow diagram of a method for updating a modification indicator associated with a modified element of a document, according to some embodiments.
  • FIG. 3 is a flow diagram of a method for prejudicial treatment of a document element that has been modified, according to some embodiments.
  • FIG. 4 is a flow diagram of a method for creating an immutable document element, according to some embodiments.
  • FIG. 5 is a flow diagram of a method for preventing an immutable document element from being modified, according to some embodiments.
  • FIG. 6 is a flow diagram of a method for determining link validation information, according to some embodiments.
  • FIG. 7 is a flow diagram of a method for validating a link, according to some embodiments.
  • DETAILED DESCRIPTION
  • The invention can be implemented in numerous ways, including as a process, an apparatus, a system, a composition of matter, a computer readable medium such as a computer readable storage medium or a computer network wherein program instructions are sent over optical or electronic communication links. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention.
  • A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.
  • FIG. 1 is a diagram of a system for protecting a document element, according to some embodiments. In this example, a sender of a message 101 is connected to a network 102. A sender may be any device capable of sending a message, including a personal computer, PDA, or a cell phone. A sender 101 may also be a server such as a mail server receiving a message from a sender device. A message refers herein to any electronic communication that may be addressed to a user, or that may be automatically delivered to a user as a result of a subscription. Examples of a message include email, an instant message, an SMS text message, an RSS message, an Atom message, a message including streaming video, and a Bluetooth message. A sender 101 may send a message through the network 102 to a recipient 103.
  • The network 102 may be any type of network, for example a public network such as the internet or a cellular phone network. In another example, the network 102 may be an enterprise or home network, a virtual private network, or a wireless network such as an 802.11 or Bluetooth network. In some embodiments, the network 102 may include more than one network. An example of a network 102 including more than one network is a local area network connected to a public network such as the internet. A recipient 103 of a message may be connected to the network 102. A recipient may be any device capable of receiving a message, including a personal computer, PDA, or cell phone.
  • A document server 104 may be connected to the network 102. The document server 104 may be any entity capable of providing a document, such as a web server that provides a document through a protocol such as HTTP. A document refers herein to any discretely addressable unit of data, including a message, a file on a computer filesystem, a web page, and dynamically generated data provided by a server such as an HTTP server.
  • A message server 105, such as a Mail Transfer Agent (MTA) or POP or IMAP server, may be connected to the network 102. The message server 105 may provide a message to the recipient 103. In some embodiments, a message server 105 and recipient 103 may be within an enterprise network such as a LAN or virtual private network.
  • Software at recipient 103 may protect a document, or a portion of a document. Examples of a document include a message received from the sender 101, a document server 104, or a message server 105. In some embodiments, a document may contain elements that may be modified, for example by a script such as a Javascript contained within the document, or externally addressing the document. In some embodiments, a portion of a document may be protected by a document reader on a document recipient 103. A document reader refers herein to an application that displays a document and enables interaction with a document element within the document. Examples of document readers include a web browser and a messaging client, such as an email client, instant messaging client, and RSS client. Examples of protecting a portion of a document are discussed in conjunction with the remaining figures, and include preventing an unauthorized element to the document element and processing an action associated with a modified document element prejudicially.
  • FIG. 2 is a flow diagram of a method for updating a modification indicator associated with a modified element of a document, according to some embodiments. An element of a document refers herein to any accessible part of a document, for example an element of a Document Object Model (DOM) as specified by the W3C Document Object Model Level 1 Specification and its predecessors and successors, specifications of which are currently available over the internet from the World Wide Web Consortium. In some embodiments, the method of FIG. 2 may be performed by a document reader.
  • In this example, a document element, such as a DOM element, is modified (201). Modification may, for example, be performed by an action specified in a script, such as a Javascript script. In some embodiments, modification may include creation of a new document element after the initial creation of a document object model for a document has been performed, for example when a DOM element is created by a script such as a Javascript script. Optionally, an evaluation may be made to determine whether a modification was innocuous (202). For example, it may be considered innocuous to add a username and/or password to a URL that has not been otherwise changed. A URL refers herein to any address under any scheme that permits a user to access a document via an address. One example of a URL is a Universal Record Locator as defined in IETF RFC 1738 and/or 2396 and any successors and predecessors. IETF RFC 1738 and 2396 are currently available over the internet from the Internet Engineering Task Force, and are herein incorporated by reference for all purposes.
  • If the change is determined to be innocuous (202), then a modification indicator associated with the document element is not modified in this example (203). A modification indicator refers herein to any indication that a document element has been modified since an initial state such as creation of the element, creation of an associated document model, or initial rendering of the element or of the document. One example of a modification indicator is a “dirty bit” variable associated with a document element. In some embodiments, a dirty bit may be created and initialized, for example by setting to zero, at an initial state. Another example of a modification indicator is a flag associated with a document element that is present only if the element has been modified since an initial state. Another example of a modification indicator is a timestamp associated with the document element, which may for example contain the time a modification occurred, for example the time the last modification occurred. In some embodiments, a timestamp associated with a document element may be initialized to the current time when a document element is created. One example of a current time is an absolute time, for example the time of the current day. Another example of a current time is an initial time, for example an initial value (such as zero) when a timer is started. In some embodiments, a timestamp associated with a portion of a document containing the document element, such as an entire document or a dominating document element, may be initialized at the time a document model is constructed, or at the time the document is opened. Another example of a modification indicator is a modification sequence number, which may for example be initialized to an initial value such as zero, and incremented each time another element is created and/or modified. Another example of a modification indicator is a codebase source, which refers herein to an indication of an entity, such as an HTML document, rendering engine component or script, that last modified an associated element.
  • If the change is not determined to be innocuous (202), then one or more associated modification indicators are set in this example (204). One example of setting a modification indicator is setting it to a value indicating a change has occurred, such as 1. Another example of setting a modification indicator is to create a modification indicator and associate it with a changed element. In some embodiments, if a modification indicator is already associated with a document element, no additional processing is performed to set the indicator.
  • In some embodiments, a single modification indicator associated with a document element may be set. In some embodiments, multiple modification indicators may be set as the result of a modification. In one example of setting multiple document indicators, in a hierarchical document model such as a DOM, when a document element is modified (201) that is not innocuous (202), modification indicators associated with the modified document element and document elements it dominates are set in this example (204). Domination refers herein to being an ancestor of a node in a hierarchy. As an example of determining domination, the elements that a node dominates may be determined by performing a traversal, for example a depth-first or breadth-first traversal, of a subtree of a document rooted at the modified element. Performing a traversal is readily understood by those skilled in the art, and is described, for example, in Aho, Hoperoft and Ullman, Data Structures and Algorithms (ISBN 0-201-00023-7), p. 78ff. In another example of setting multiple document indicators, when an element within an enclosing element such as a form is modified, other elements within the enclosing element may also be set. For example, when contents of a form are changed, a modification indicator may be set associated with the entire form, or an element within the form, such as en element relating to submitting the form.
  • FIG. 3 is a flow diagram of a method for prejudicial treatment of a document element that has been modified, according to some embodiments. In some embodiments, the method of FIG. 3 may be performed by a document reader. In this example, a link traversal is attempted (301), for example because a user has clicked on a link in a web page, or attempted to submit a form. A link refers herein to an element of a document with an associated URL, for example an element of an HTML document associated with a URL using an ‘<A HREF=”. . . ”>’, ‘<INPUT TYPE=”submit”>’ or ‘<IMG SRC=”. . . ”>’ tag. Traversing a link refers herein to retrieving a document referred to by a URL associated with the link. An associated modification indicator is retrieved in this example, if present (302). This modification indicator may, for example, be created and/or modified as discussed in conjunction with FIG. 2.
  • It may be determined whether an associated modification indicator indicates that the document element has been modified since an initial state (303). One example of determining whether the document element has been modified is to determine whether a modification indicator is associated with the element. Another example of determining whether the document element has been modified is to check a value of a modification indicator associated with the element and determine whether it is set. For example, a modification indicator may be considered set if it has the value 1. Another example of determining whether the document element has been modified is to compare a modification timestamp associated with the document element with a creation time. A creation time may, for example, be associated with the document element, or with a portion of the document containing the document element, such as the entire document, or a dominating document element. In some embodiments, a modification may be considered to have been made if more than a predetermined period of time, such as five seconds, elapsed between creation of the document or document element and a modification of the document element. In some embodiments, a modification may be considered to have been made if another element, such as a link within an enclosing element such as a table that also contains the document element, has been modified more recently than the document element. One example of detecting whether one document element has been modified more recently than another is to compare timestamps associated with the document elements. Another example of detecting whether one document element has been modified more recently than another is to compare modification sequence numbers associated with the document elements. Another example of determining whether the document element has been modified, in a hierarchical document model such as a DOM, is to check one or more values of modification indicators associated with one or more dominating elements.
  • If it is determined that the document element has been modified (303), then the link traversal is treated prejudicially in this example (304). Examples of prejudicial treatment for a modified document element include disallowing a link traversal, and presenting a user interface element, permitting the user to traverse the link or not, prior to possibly traversing the link. If the modification indicator is not set, for example if it has the value 0 or does not exist, then the link traversal is treated non-prejudicially in this example (305), for example as specified in security settings for the application being used.
  • FIG. 4 is a flow diagram of a method for creating an immutable document element, according to some embodiments. In some embodiments, the method of FIG. 4 may be performed by a document reader. In this example, a document element such as a DOM element is created (401). An example of a circumstance under which a document element may be created is when a document specification such as an HTML specification is parsed and a document model is constructed. It may be determined whether an attribute specifying that the document element is immutable is specified (402). An example of an attribute specifying that the document element is immutable is an attribute contained in an HTML tag that indicates that the element associated with the attribute should be immutable. For example, a link of the form <A HREF=”xxx” IMMUTABLE> could specify that the element formed by the <A> tag should be immutable. Another example of determining whether an attribute specifies that the document element is immutable is to determine whether a dominating element is immutable.
  • If it is determined that there is an attribute specifying that the document element is immutable (403), then it is indicated that the document element is immutable in this example (404). An example of indicating that a document element is immutable is to create an immutability indicator and associate it with the document element. Another example of indicating that a document element is immutable is to set an associated immutability indicator, for example by setting its associated value to 1. If it is determined that there is no attribute specifying that the document element is immutable (403), then it is not indicated that the document element is immutable in this example (405). An example of not indicating that a document element is immutable is to leave the document element with no associated immutability indicator. Another example of not indicating that a document element is immutable is to clear an associated immutability indicator, for example by setting its associated value to 0. In some embodiments, an immutability indicator may be automatically set after an external event. One example of an external event is the passage of a predetermined amount of time since the element was created, such as 5 seconds. Another example of an external event is issuance of a predetermined number of additional modification sequence numbers, such as 100. Another example of an external event is the creation of another element of a related element type, for example a link.
  • FIG. 5 is a flow diagram of a method for preventing an immutable document element from being modified, according to some embodiments. In some embodiments, the method of FIG. 5 may be performed by a document reader. In this example, an attempt is made to modify a document element such as a DOM element (501). An example of an attempt to modify a document element is a modification requested by a script such as a Javascript script in an HTML document. It may be determined whether the document element is immutable (502). In some embodiments, a document element may have been marked as immutable or not immutable as discussed in conjunction with FIG. 4. An example of determining whether a document element is immutable is to determine whether an immutability indicator is associated with the document element. Another example of determining whether a document element is immutable is to determine whether an associated immutability indicator is set, for example whether it has the value 1. Another example of determining whether a document element is immutable is to determine if an external event implying immutability, such as those discussed in conjunction with FIG. 4, have taken place. Another example of determining whether a document element is immutable is to determine whether a codebase source associated with the document element is compatible with an entity attempting to modify the element. For example, after the creation or first modification of a document element, the document element may be considered immutable when an entity attempting to modify the document element does not match a codebase source associated with the document element.
  • If it is determined that the document element is immutable (503), then the document element is not modified in this example (504). If it is determined that the document element is not immutable (503), then the document element is modified in this example (505).
  • FIG. 6 is a flow diagram of a method for determining link validation information, according to some embodiments. In some embodiments, the method of FIG. 6 may be performed by a document reader. In this example, a document is to be processed (601). An example of a reason a document may be processed is that it is being parsed, for example to create a document model. Link validation information may be determined (602). An example of determining link validation information is to determine one or more specifications of allowed links. An example of a specification of allowed links is a specification of a form such as the following, contained within an HTML document, for example within the head of the HTML document:
  • <LINK> *.ebay.com/* </LINK>
    <LINK> www.squaretrade.com </LINK>
  • In this example, a specification of allowable links contains one or more individual link specifications. An individual link specification, between the delimiters <LINK> and </LINK>, contains either a specification of an individual link address that may be allowed, such as www.squaretrade.com, or a specification that may match multiple links. In this example, the individual link specification “*.ebay.com/*” may match any link address matching the regular expression “*.ebay.com/*,” which may for example be interpreted as any string of alphanumeric characters, followed by “.ebay.com/,” followed by any string of alphanumeric characters.
  • In some embodiments, link specifications may be permitted only in a predetermined portion of a document, such as the head of an HTML document. In some embodiments, a tag may inhibit processing of additional link specifications. For example, there may be an attribute included in a link specification, such as <LINK FINAL>. In that example, any link specifications pair after that “FINAL” link specification pair may be ignored. An example of ignoring a link specification pair is to not retain the link validation information associated with the pair. In some embodiments, a key may be specified and only additional link specifications containing that key will be retained. For example, a key attribute of a link specification pair may my provided as <LINK KEY=ab549ff90> and </LINK>. In that example, any link specification pairs that fail to provide a designated key may be ignored.
  • Another example of link validation information is a key that may be used to verify cryptographic information associated with one or more links in the document.
  • If link validation information is determined to be present (602), then the link validation may be retained in this example (603). An example of retaining the link validation information is to associate it in memory with the document.
  • FIG. 7 is a flow diagram of a method for validating a link, according to some embodiments. In some embodiments, the method of FIG. 7 may be performed by a document reader. In this example, a link is selected (701). An example of a way a link may be selected is that a user may have clicked on the link. Link validation information may be checked (702). An example of checking link validation information is to determine a URL associated with the link and compare the URL against link validation information retained as discussed in conjunction with 603 of FIG. 6. One example of comparing a URL against link validation information is to determine whether the URL is contained in, or matches a pattern specified in, the link validation information. Another example of comparing a URL against link validation information is to determine whether the URL, or associated link, is validly signed using a key associated with the link validation information. For example, a link in an HTML document may be of a form such as <A HREF=”xxx” SIGNATURE=”yyy”>, wherein xxx refers to a URL and yyy refers to a cryptographic signature that may be verified using a key specified in the link validation information. An example of verifying a cryptographic signature on a link using a key is to perform a hash on a combination of the link and the key and determine whether the result matches the signature information. In some embodiments, the entire link may be validated. In some embodiments, a component of the link, such as a URL associated with the link, may be validated. Another example of comparing a URL against link validation information is to determine that no link validation information is present. In some embodiments, lack of link validation information associated with a document may indicate that a link in the document is valid.
  • If it is determined that the link is valid (703), then the link is traversed in this example (707). An example of traversing a link is to retrieve a document referred to by a URL associated with the link. If it is determined that the link is not valid (703), then an optional user interface element such as a dialog box is presented in this example (704). In some embodiments, the user interface element may offer options to approve or deny a specified link traversal. If the user opts to approve the link traversal (705), then the link is traversed in this example (707). If the user opts not to approve the link traversal (705), or if no user interface element is presented, then the link is not traversed in this example (706).
  • An illustrative example of the techniques in the foregoing figures is provided with reference to a script, such as a Javascript script, contained within externally provided document content, such as an eBay listing, that modifies a link within the document, such as an eBay link, to point to a fraudulent site that asks the user for confidential information such as his or her eBay login information. In some embodiments, the technique of FIG. 2, for example operating within a document reader such as a web browser, may detect the modification and indicate that the element has been modified, enabling the technique of FIG. 3 to prevent a traversal, or provide a warning that the traversal is unsafe. In some embodiments, the technique of FIG. 4 may enable a web site provider such as eBay to mark the link immutable, which may be enforced, for example within a document reader such as a web browser, by the technique of FIG. 5. In some embodiments, authorized links may be specified by a web site provider using a technique of FIG. 6, and a technique of FIG. 7, for example within a document reader, may prevent an unauthorized link from being created.
  • Although the foregoing embodiments have been described in some detail for purposes of clarity of understanding, the invention is not limited to the details provided. There are many alternative ways of implementing the invention. The disclosed embodiments are illustrative and not restrictive.

Claims (20)

    What is claimed is:
  1. 1. A method for computer security, comprising:
    displaying, by a programmable computing device executing instructions, an electronic document;
    detecting, by the computing device, a request to traverse a link, wherein the link is associated with an element of the document;
    determining, by the computing device, whether the link is an allowable link based on link validation information, wherein the link validation information is contained within the document; and
    determining, by the computing device, whether to traverse the link based on the determination.
  2. 2. The method of claim 1, wherein the document is an HTML document.
  3. 3. The method of claim 1, wherein the element of the document is associated with a document object model.
  4. 4. The method of claim 1, wherein determining, by the computing device, whether the link is an allowable link based on link validation information comprises:
    determining, by the computing device, whether a URL associated the link is contained in or matches a pattern specified in the validation information.
  5. 5. The method of claim 1, wherein determining, by the computing device, whether the link is an allowable link based on link validation information comprises:
    determining, by the computing device, whether a URL associated the link is validly signed using a key associated with the validation information.
  6. 6. The method of claim 1, wherein determining, by the computing device, whether to traverse the link based on the determination comprises:
    determining, by the computing device, the link is an allowable link, and traversing the link; or
    determining, by the computing device, the link is not an allowable link, presenting a user interface to receive an input, determining, by the computing device, whether to traverse the link based on the input.
  7. 7. The method of claim 4, wherein the document is an HTML document and the validation information is contained in a head section associated with the document.
  8. 8. The method of claim 1, wherein the link is associated with submitting a form.
  9. 9. The method of claim 1, wherein the link validation information is specified by website provider.
  10. 10. The method of claim 1, performed by a web browser.
  11. 11. A system for computer security, comprising:
    a processor configured to:
    displaying an electronic document;
    detecting a request to traverse a link, wherein the link is associated with an element of the document;
    determining whether the link is an allowable link based on link validation information, wherein the link validation information is contained within the document; and
    determining whether to traverse the link based on the determination; and
    a memory coupled with the processor, wherein the memory provides instructions to the processor.
  12. 12. The system of claim 11, wherein the document is an HTML document.
  13. 13. The system of claim 11, wherein the element of the document is associated with a document object model.
  14. 14. The system of claim 11, wherein determining, by the computing device, whether the link is an allowable link based on link validation information comprises:
    determining, by the computing device, whether a URL associated the link is contained in or matches a pattern specified in the validation information.
  15. 15. The system of claim 11, wherein determining, by the computing device, whether the link is an allowable link based on link validation information comprises:
    determining, by the computing device, whether a URL associated the link is validly signed using a key associated with the validation information.
  16. 16. The system of claim 11, wherein determining, by the computing device, whether to traverse the link based on the determination comprises:
    determining, by the computing device, the link is an allowable link, and traversing the link; or
    determining, by the computing device, the link is not an allowable link, presenting a user interface used to receive an input, wherein the input is an options to approve or deny the link traversal; determining, by the computing device, whether to traverse the link based on the input.
  17. 17. The system of claim 14, wherein the document is an HTML document and the validation information is contained in a head section associated with the document.
  18. 18. The system of claim 11, wherein the link is associated with submitting a form.
  19. 19. The system of claim 11, wherein the link validation information is specified by website provider.
  20. 20. A non-transitory computer readable medium and comprising computer instructions for:
    displaying an electronic document;
    detecting a request to traverse a link, wherein the link is associated with an element of the document;
    determining whether the link is an allowable link based on link validation information, wherein the link validation information is contained within the document; and
    determining whether to traverse the link based on the determination.
US15449699 2004-02-04 2017-03-03 Enforcement of document element immutability Pending US20170180379A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US54221104 true 2004-02-04 2004-02-04
US56667104 true 2004-04-29 2004-04-29
US61213204 true 2004-09-22 2004-09-22
US11016150 US8423471B1 (en) 2004-02-04 2004-12-17 Protected document elements
US13856036 US9740869B1 (en) 2004-02-04 2013-04-03 Enforcement of document element immutability
US15449699 US20170180379A1 (en) 2004-02-04 2017-03-03 Enforcement of document element immutability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15449699 US20170180379A1 (en) 2004-02-04 2017-03-03 Enforcement of document element immutability

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13856036 Continuation US9740869B1 (en) 2004-02-04 2013-04-03 Enforcement of document element immutability

Publications (1)

Publication Number Publication Date
US20170180379A1 true true US20170180379A1 (en) 2017-06-22

Family

ID=48049254

Family Applications (3)

Application Number Title Priority Date Filing Date
US11016150 Active 2032-04-09 US8423471B1 (en) 2004-02-04 2004-12-17 Protected document elements
US13856036 Active 2028-02-23 US9740869B1 (en) 2004-02-04 2013-04-03 Enforcement of document element immutability
US15449699 Pending US20170180379A1 (en) 2004-02-04 2017-03-03 Enforcement of document element immutability

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11016150 Active 2032-04-09 US8423471B1 (en) 2004-02-04 2004-12-17 Protected document elements
US13856036 Active 2028-02-23 US9740869B1 (en) 2004-02-04 2013-04-03 Enforcement of document element immutability

Country Status (1)

Country Link
US (3) US8423471B1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9384348B2 (en) * 2004-04-29 2016-07-05 James A. Roskind Identity theft countermeasures
US8412837B1 (en) 2004-07-08 2013-04-02 James A. Roskind Data privacy
US8006178B2 (en) * 2005-06-14 2011-08-23 Microsoft Corporation Markup language stylization
US20080060062A1 (en) * 2006-08-31 2008-03-06 Robert B Lord Methods and systems for preventing information theft
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8214497B2 (en) * 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US9325731B2 (en) 2008-03-05 2016-04-26 Facebook, Inc. Identification of and countermeasures against forged websites
US20170019489A1 (en) * 2015-07-13 2017-01-19 SessionCam Limited Methods for recording user interactions with a website

Citations (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864676A (en) * 1996-11-14 1999-01-26 Triteal Corporation URL login
US6092197A (en) * 1997-12-31 2000-07-18 The Customer Logic Company, Llc System and method for the secure discovery, exploitation and publication of information
US6256620B1 (en) * 1998-01-16 2001-07-03 Aspect Communications Method and apparatus for monitoring information access
US20010016873A1 (en) * 2000-02-15 2001-08-23 International Business Machines Corporation Method for acquiring content information, and software product, collaboration system and collaboration server for acquiring content information
US20020087630A1 (en) * 2000-10-20 2002-07-04 Jonathan Wu Enhanced information and presence service
US20020104076A1 (en) * 1998-06-30 2002-08-01 Nik Shaylor Code generation for a bytecode compiler
US20020112049A1 (en) * 2000-12-14 2002-08-15 International Business Machines Corporation Measuring response time for a computer accessing information from a network
US20020156806A1 (en) * 2000-04-27 2002-10-24 Cox Kenneth Charles Method and apparatus for data visualization
US20030033193A1 (en) * 2001-08-09 2003-02-13 International Business Machines Corporation Method apparatus and computer program product for interactive surveying
US20030037181A1 (en) * 2000-07-07 2003-02-20 Freed Erik J. Method and apparatus for providing process-container platforms
US20030115299A1 (en) * 2001-05-15 2003-06-19 Froyd Stanley G. Configuration management utilizing generalized markup language
US20030131348A1 (en) * 2002-01-08 2003-07-10 International Business Machines Corporation Method, apparatus, and program to determine the mutability of an object at loading time
US20030149799A1 (en) * 2001-05-03 2003-08-07 Scott Shattuck System supporting unified event handling in ECMAScript
US20030163603A1 (en) * 2002-02-22 2003-08-28 Chris Fry System and method for XML data binding
US20030167355A1 (en) * 2001-07-10 2003-09-04 Smith Adam W. Application program interface for network software platform
US20030187703A1 (en) * 2001-12-31 2003-10-02 Bonissone Piero Patrone System for determining a confidence factor for insurance underwriting suitable for use by an automated system
US20030187699A1 (en) * 2001-12-31 2003-10-02 Bonissone Piero Patrone System for rule-based insurance underwriting suitable for use by an automated system
US6633878B1 (en) * 1999-07-30 2003-10-14 Accenture Llp Initializing an ecommerce database framework
US20030208500A1 (en) * 2002-02-15 2003-11-06 Daynes Laurent P. Multi-level undo of main-memory and volatile resources
US20030229718A1 (en) * 2002-06-06 2003-12-11 Neoteris, Inc. Method and system for providing secure access to private networks
US20040003043A1 (en) * 2002-06-20 2004-01-01 International Business Machines Corporation Remote control of document objects in a collaborative environment
US6675375B1 (en) * 2000-04-28 2004-01-06 Sun Microsystems, Inc. Method and apparatus for optimized multiprocessing in a safe language
US20040034853A1 (en) * 2002-03-22 2004-02-19 Bill Gibbons Mobile download system
US20040034833A1 (en) * 1999-11-12 2004-02-19 Panagiotis Kougiouris Dynamic interaction manager for markup language graphical user interface
US20040034540A1 (en) * 2002-08-15 2004-02-19 Commerce One Operations, Inc. Dynamic interface between BPSS conversation management and local business management
US20040039993A1 (en) * 1999-10-12 2004-02-26 Panagiotis Kougiouris Automatic formatting and validating of text for a markup language graphical user interface
US20040078422A1 (en) * 2002-10-17 2004-04-22 Toomey Christopher Newell Detecting and blocking spoofed Web login pages
US20040075677A1 (en) * 2000-11-03 2004-04-22 Loyall A. Bryan Interactive character system
US20040150637A1 (en) * 2002-12-12 2004-08-05 Samsung Electronics Co., Ltd. Method and apparatus for displaying markup document linked to applet
US20040239679A1 (en) * 2001-10-11 2004-12-02 Masahiro Ito Web 3d image display system
US20050004884A1 (en) * 2003-07-02 2005-01-06 International Business Machines Corporation System and method for reducing memory leaks in virtual machine programs
US20050022115A1 (en) * 2001-05-31 2005-01-27 Roberts Baumgartner Visual and interactive wrapper generation, automated information extraction from web pages, and translation into xml
US20050049938A1 (en) * 2003-09-02 2005-03-03 Vaidhyanathan Venkiteswaran Method and system using intelligent agents for dynamic integration of buy-side procurement systems with non-resident, web-enabled, distributed, remote, multi-format catalog sources
US20050081059A1 (en) * 1997-07-24 2005-04-14 Bandini Jean-Christophe Denis Method and system for e-mail filtering
US20050086344A1 (en) * 2003-10-15 2005-04-21 Eaxis, Inc. Method and system for unrestricted, symmetric remote scripting
US20050108624A1 (en) * 2003-11-13 2005-05-19 International Business Machines Corporation Lightweight form pattern validation
US6901588B1 (en) * 2000-04-17 2005-05-31 Codemesh, Inc. Sharing components between programming languages by use of polymorphic proxy
US20050120212A1 (en) * 2002-03-14 2005-06-02 Rajesh Kanungo Systems and method for the transparent management of document rights
US20050120007A1 (en) * 2003-11-17 2005-06-02 International Business Machines Corporation Integrating browser-incompatible information into web content and displaying the information on a computing device of a browser environment
US6907546B1 (en) * 2000-03-27 2005-06-14 Accenture Llp Language-driven interface for an automated testing framework
US20050144277A1 (en) * 2003-12-12 2005-06-30 International Business Machines Corporation Enhanced port type agnostic proxy support for web services intermediaries
US20050240774A1 (en) * 2004-04-23 2005-10-27 Angus Ian G Authentication of untrusted gateway without disclosure of private information
US20050257058A1 (en) * 2003-04-01 2005-11-17 Junji Yoshida Communication apparatus and authentication apparatus
US20050267798A1 (en) * 2002-07-22 2005-12-01 Tiziano Panara Auxiliary content delivery system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6167520A (en) * 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US6065021A (en) * 1998-04-07 2000-05-16 Adobe Systems Incorporated Apparatus and method for alignment of graphical elements in electronic document
US6792536B1 (en) * 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
US6697950B1 (en) * 1999-12-22 2004-02-24 Networks Associates Technology, Inc. Method and apparatus for detecting a macro computer virus using static analysis
US7117246B2 (en) * 2000-02-22 2006-10-03 Sendmail, Inc. Electronic mail system with methodology providing distributed message store
US7114147B2 (en) * 2000-03-09 2006-09-26 Electronic Data Systems Corporation Method and system for reporting XML data based on precomputed context and a document object model
US6910077B2 (en) * 2002-01-04 2005-06-21 Hewlett-Packard Development Company, L.P. System and method for identifying cloaked web servers
US7100049B2 (en) * 2002-05-10 2006-08-29 Rsa Security Inc. Method and apparatus for authentication of users and web sites
US7953820B2 (en) * 2002-09-11 2011-05-31 Hughes Network Systems, Llc Method and system for providing enhanced performance of web browsing
US7356616B2 (en) * 2002-11-06 2008-04-08 Microsoft Corporation Maintaining structured time data for electronic messages
CA2414378A1 (en) * 2002-12-09 2004-06-09 Corel Corporation System and method for controlling user interface features of a web application
US7451487B2 (en) * 2003-09-08 2008-11-11 Sonicwall, Inc. Fraudulent message detection
US20050154601A1 (en) * 2004-01-09 2005-07-14 Halpern Joshua I. Information security threat identification, analysis, and management

Patent Citations (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864676A (en) * 1996-11-14 1999-01-26 Triteal Corporation URL login
US20050081059A1 (en) * 1997-07-24 2005-04-14 Bandini Jean-Christophe Denis Method and system for e-mail filtering
US6092197A (en) * 1997-12-31 2000-07-18 The Customer Logic Company, Llc System and method for the secure discovery, exploitation and publication of information
US6256620B1 (en) * 1998-01-16 2001-07-03 Aspect Communications Method and apparatus for monitoring information access
US20020104076A1 (en) * 1998-06-30 2002-08-01 Nik Shaylor Code generation for a bytecode compiler
US6633878B1 (en) * 1999-07-30 2003-10-14 Accenture Llp Initializing an ecommerce database framework
US20040039993A1 (en) * 1999-10-12 2004-02-26 Panagiotis Kougiouris Automatic formatting and validating of text for a markup language graphical user interface
US20040034833A1 (en) * 1999-11-12 2004-02-19 Panagiotis Kougiouris Dynamic interaction manager for markup language graphical user interface
US20010016873A1 (en) * 2000-02-15 2001-08-23 International Business Machines Corporation Method for acquiring content information, and software product, collaboration system and collaboration server for acquiring content information
US6907546B1 (en) * 2000-03-27 2005-06-14 Accenture Llp Language-driven interface for an automated testing framework
US6901588B1 (en) * 2000-04-17 2005-05-31 Codemesh, Inc. Sharing components between programming languages by use of polymorphic proxy
US20020156806A1 (en) * 2000-04-27 2002-10-24 Cox Kenneth Charles Method and apparatus for data visualization
US6675375B1 (en) * 2000-04-28 2004-01-06 Sun Microsystems, Inc. Method and apparatus for optimized multiprocessing in a safe language
US20030037181A1 (en) * 2000-07-07 2003-02-20 Freed Erik J. Method and apparatus for providing process-container platforms
US20020087630A1 (en) * 2000-10-20 2002-07-04 Jonathan Wu Enhanced information and presence service
US20040075677A1 (en) * 2000-11-03 2004-04-22 Loyall A. Bryan Interactive character system
US20020112049A1 (en) * 2000-12-14 2002-08-15 International Business Machines Corporation Measuring response time for a computer accessing information from a network
US20030149799A1 (en) * 2001-05-03 2003-08-07 Scott Shattuck System supporting unified event handling in ECMAScript
US20030115299A1 (en) * 2001-05-15 2003-06-19 Froyd Stanley G. Configuration management utilizing generalized markup language
US20050022115A1 (en) * 2001-05-31 2005-01-27 Roberts Baumgartner Visual and interactive wrapper generation, automated information extraction from web pages, and translation into xml
US20030167355A1 (en) * 2001-07-10 2003-09-04 Smith Adam W. Application program interface for network software platform
US20030033193A1 (en) * 2001-08-09 2003-02-13 International Business Machines Corporation Method apparatus and computer program product for interactive surveying
US20040239679A1 (en) * 2001-10-11 2004-12-02 Masahiro Ito Web 3d image display system
US20030187699A1 (en) * 2001-12-31 2003-10-02 Bonissone Piero Patrone System for rule-based insurance underwriting suitable for use by an automated system
US20030187703A1 (en) * 2001-12-31 2003-10-02 Bonissone Piero Patrone System for determining a confidence factor for insurance underwriting suitable for use by an automated system
US20030131348A1 (en) * 2002-01-08 2003-07-10 International Business Machines Corporation Method, apparatus, and program to determine the mutability of an object at loading time
US20030208500A1 (en) * 2002-02-15 2003-11-06 Daynes Laurent P. Multi-level undo of main-memory and volatile resources
US20030163603A1 (en) * 2002-02-22 2003-08-28 Chris Fry System and method for XML data binding
US20050120212A1 (en) * 2002-03-14 2005-06-02 Rajesh Kanungo Systems and method for the transparent management of document rights
US20040034853A1 (en) * 2002-03-22 2004-02-19 Bill Gibbons Mobile download system
US20030229718A1 (en) * 2002-06-06 2003-12-11 Neoteris, Inc. Method and system for providing secure access to private networks
US20040003043A1 (en) * 2002-06-20 2004-01-01 International Business Machines Corporation Remote control of document objects in a collaborative environment
US20050267798A1 (en) * 2002-07-22 2005-12-01 Tiziano Panara Auxiliary content delivery system
US20040034540A1 (en) * 2002-08-15 2004-02-19 Commerce One Operations, Inc. Dynamic interface between BPSS conversation management and local business management
US20040078422A1 (en) * 2002-10-17 2004-04-22 Toomey Christopher Newell Detecting and blocking spoofed Web login pages
US20040150637A1 (en) * 2002-12-12 2004-08-05 Samsung Electronics Co., Ltd. Method and apparatus for displaying markup document linked to applet
US20050257058A1 (en) * 2003-04-01 2005-11-17 Junji Yoshida Communication apparatus and authentication apparatus
US20050004884A1 (en) * 2003-07-02 2005-01-06 International Business Machines Corporation System and method for reducing memory leaks in virtual machine programs
US20050049938A1 (en) * 2003-09-02 2005-03-03 Vaidhyanathan Venkiteswaran Method and system using intelligent agents for dynamic integration of buy-side procurement systems with non-resident, web-enabled, distributed, remote, multi-format catalog sources
US20050086344A1 (en) * 2003-10-15 2005-04-21 Eaxis, Inc. Method and system for unrestricted, symmetric remote scripting
US20050108624A1 (en) * 2003-11-13 2005-05-19 International Business Machines Corporation Lightweight form pattern validation
US20050120007A1 (en) * 2003-11-17 2005-06-02 International Business Machines Corporation Integrating browser-incompatible information into web content and displaying the information on a computing device of a browser environment
US20050144277A1 (en) * 2003-12-12 2005-06-30 International Business Machines Corporation Enhanced port type agnostic proxy support for web services intermediaries
US20050240774A1 (en) * 2004-04-23 2005-10-27 Angus Ian G Authentication of untrusted gateway without disclosure of private information

Also Published As

Publication number Publication date Type
US8423471B1 (en) 2013-04-16 grant
US9740869B1 (en) 2017-08-22 grant

Similar Documents

Publication Publication Date Title
Barth et al. Robust defenses for cross-site request forgery
Wang et al. Protection and communication abstractions for web browsers in MashupOS
Van Gundy et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks.
US7343626B1 (en) Automated detection of cross site scripting vulnerabilities
Stuttard et al. The web application hacker's handbook: Finding and exploiting security flaws
US20120047577A1 (en) Safe url shortening
US20100077445A1 (en) Graduated Enforcement of Restrictions According to an Application&#39;s Reputation
US20090300768A1 (en) Method and apparatus for identifying phishing websites in network traffic using generated regular expressions
US8533824B2 (en) Resisting the spread of unwanted code and data
US7958555B1 (en) Protecting computer users from online frauds
Somorovsky et al. All your clouds are belong to us: security analysis of cloud management interfaces
US7769820B1 (en) Universal resource locator verification services using web site attributes
US6772214B1 (en) System and method for filtering of web-based content stored on a proxy cache server
US20070005984A1 (en) Attack resistant phishing detection
US7096493B1 (en) Internet file safety information center
US8347392B2 (en) Apparatus and method for analyzing and supplementing a program to provide security
US20050198692A1 (en) System and method of protecting a computing system from harmful active content in documents
US8561127B1 (en) Classification of security sensitive information and application of customizable security policies
US20080092242A1 (en) Method and system for determining a probability of entry of a counterfeit domain in a browser
US20060174119A1 (en) Authenticating destinations of sensitive data in web browsing
Jovanovic et al. Preventing cross site request forgery attacks
US20100037046A1 (en) Credential Management System and Method
US20080201401A1 (en) Secure server authentication and browsing
US7500099B1 (en) Method for mitigating web-based “one-click” attacks
Álvarez et al. A new taxonomy of web attacks suitable for efficient encoding