ALLOWING FIRST MODULE OF COMPUTER CODE TO MAKE USE OF SERVICE PROVIDED BY SECOND MODULE WHILE ENSURING SECURITY OF SYSTEM

摘要

A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.