Web malware blocking through parallel resource rendering
Inventors
Assignees
United States Department of the Air Force
Publication Number
US-9349007-B2
Publication Date
2016-05-24
Expiration Date
2034-05-29
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Apparatus and method for transforming Web resources into safe versions such that malicious code on the resources cannot attack the client viewing the resources. The invention separates the processing of insecure code from the processing of benign code. For Web pages, the benign code is displayed immediately to the client while insecure code is processed on a separate machine. Once insecure code is processed, benign outputs of that code are passed to the client for display. The invention safeguards the client against known and zero day exploits without requiring a catalog of malware/virus signatures, heavyweight code checkers, complete page re-writing or highly restrictive access policies. The invention provides the client with complete malware blocking while retaining most of the original functionality of the Web resource.
Core Innovation
The invention provides an apparatus and method for transforming Web resources into safe versions such that malicious code on the resources cannot attack the client. It separates the processing of insecure code from the processing of benign code by displaying benign code to the client immediately while processing insecure code on a separate machine. Once processed, benign outputs of insecure code are passed to the client for display, safeguarding the client against known and zero day exploits without relying on malware signature catalogs, heavyweight code checkers, total page rewriting, or highly restrictive access policies.
The problem solved by the invention is the challenge posed by malicious code embedded in Web resources, which infect clients upon download. Existing protections based on signature analysis, blacklisting, or disabling executable code have significant shortcomings, including inability to detect unknown or morphing malware, infeasibility with the volume and dynamic nature of malicious Web content, and loss of Web page functionality. This invention addresses these limitations, ensuring user safety without sacrificing webpage functionality or imposing access restrictions.
The core method uses parallel rendering of Web resources—one browser executes potentially dangerous code on a rendering processor isolated from the client, and another client browser renders only known benign code. Changes caused by executable code on the rendering processor are reflected as Document Object Model (DOM) updates to the client browser. This design prevents the client from running any insecure code directly while preserving most Web functionality by transmitting only benign outcomes from the separate rendering machine.
Claims Coverage
The patent discloses two independent apparatus claims covering configurations and operations for safely rendering internet resources by distributing processing among client, proxy, and rendering processors.
Apparatus for parallel rendering and secure resource delivery
An apparatus comprising a rendering computer processor, proxy computer processor, client computer processor, and internet resource provider processor, with software to retrieve resources via proxy upon request and provide both rendering and client processors the resource. For web pages, the rendering browser fully renders the page with original code on a separate machine, opens communication with client browser, sends DOM updates and page changes to client, listens and implements client actions, and the client browser simultaneously renders the page with only benign code, listens for DOM updates from rendering browser, implements these changes, and sends client actions back.
Apparatus handling non-web page resources with secure viewing
An apparatus implemented with physical or virtual processors where for non-web page internet resources, software determines if the resource can be converted to a secure format acceptable to the client. If convertible, the resource is converted and sent to the client. Otherwise, the resource is sent to the rendering browser, and simultaneously a framework for remote viewing is sent to the client browser, enabling secure communication between rendering and client browsers to allow the rendering browser to provide a remote view to the client, with client actions passed back to the rendering browser to update the view accordingly.
The claims cover an apparatus and method for parallel rendering and secure delivery of internet resources by splitting processing between client, proxy, and rendering processors, ensuring client safety while preserving functionality. The inventive features include parallel processing of code for web pages with DOM updates synchronization and secure remote viewing or conversion mechanisms for non-web page resources.
Stated Advantages
Protects internet users from malicious code including unknown and morphing malware.
Avoids dependence on malware signature catalogs or heavyweight code checkers.
Preserves most of the original functionality of Web resources despite blocking malicious code.
Reduces delays associated with serial code analysis before client display.
Overcomes limitations of blacklisting and disabling executable code in browsers.
Documented Applications
Safe browsing of Web pages using parallel rendering to isolate and process executable code.
Secure viewing of non-web page resources such as PDF or MS Word documents by conversion or remote viewing.
Use in architectures that leverage proxies, rendering processors (physical or virtual), and clients to secure internet resource consumption.
Interested in licensing this patent?