The security improvement regarding the feasibility cord/code which you cannot rely on

摘要

(57) Abstract The feasibility cord/code program (applet or control) which is not relied on, the native, is written with the direct feasibility cord/code. It is loaded inside the memory range (sand box) where as for the feasibility cord/code, reference to outside memory is restricted and is allotted beforehand, the reference for the memory outside, is restricted strictly by the check (sunihukodo) which is added to the feasibility cord/code. As for the common application program interface (API) call in the cord/code which is not relied on, while preventing the infringement of security of host system, in the conversion cord/code module (thunk) which the execution cord/code can access the host operating system it is substituted. The static link in the cord/code is substituted to thunk module by call. While executing when API call is made, it transports control to thunk, it judges whether API call being executed with the operating system should allow.