Security Context Lockdown
Abstract
A method and system for locking down a local machine zone associated with a network browser is provided. Placing the local machine zone in a lockdown mode provides stricter security settings that are applied to active content attempting to publish within a local page open in the network browser. The stricter setting are provided in a new set of registry keys that correspond to the lockdown mode of the local machine zone. The original security settings remain unchanged so that other systems and applications functionality that depends on the original security settings remains unaffected for the local machine zone. A user may also selectively allow active content to render despite the local machine zone being locked down.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented method to implement security for content rendering by an application, comprising:
identifying content to render in a security context with elevated privileges; determining whether or not the security context is locked down; when the security context is not locked down, rendering the content with the elevated privileges using default configuration settings for the security context; and when the security context is locked down, applying alternate lockdown configuration settings to implement a lockdown mode that prevents rendering of the content and locks out the elevated privileges.
2 . The computer-implemented method of claim 1 , further comprising:
when the security context is locked down, allowing the content to render in the security context with the elevated privileges in response to receiving an explicit selection by the user.
3 . The computer-implemented method of claim 1 , wherein determining whether or not the security context is locked down comprises examining a feature setting indicative of the lockdown mode for the security context.
4 . The computer-implemented method of claim 3 , wherein the feature setting comprises a value stored in a repository for configuration settings corresponding to the application.
5 . The computer-implemented method of claim 1 , wherein the security context is configured to define the elevated privileges for locally stored content.
6 . The computer-implemented method of claim 1 , wherein the security context comprises one of multiple security contexts established for the application to define respective policies that reflect different levels of trust for content associated with the multiple security contexts.
7 . The computer-implemented method of claim 6 , wherein content from a particular source is assigned to a particular security context of the multiple security contexts by associating a uniform resource locator (URL) of the particular source with the particular security context.
8 . The computer-implemented method of claim 1 , further comprising displaying a notice configured to indicate that the security context is locked down when rendering of the content is prevented.
9 . The computer-implemented method of claim 1 , wherein the default configuration settings for the security context assign policies to actions available via the application to control execution of actions by content when operating within the security context.
10 . One or more computer-readable storage media storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations comprising:
implementing a security context for rendering of content by an application with elevated privileges, the security context associated with default configuration settings defining the elevated privileges and alternate lockdown configuration settings to place increased restrictions on content when a lockdown mode is activated for the security context; and when the lockdown mode is activated, locking down the security context to implement the increased restrictions for the content by returning the alternate lockdown configuration settings instead of the default configuration settings for use by the application to render the content.
11 . The computer-readable storage media of claim 10 , wherein the operations further comprises:
when the lockdown mode is not activated, rendering the content with the elevated privileges.
12 . The computer-readable storage media of claim 10 , wherein the content is associated by the application with the security context based upon a source of the content.
13 . The computer-readable storage media of claim 10 , wherein the content comprises content having script or mark-up configured to cause actions that pose a security risk.
14 . The computer-readable storage media of claim 10 , wherein the operations further comprise examining a value of a feature setting stored with configuration settings for the application to determine whether or not the lockdown mode is activated for the security context.
15 . The computer-readable storage media of claim 10 , wherein the security context is configured to enable locally stored content of the computing device to operate with the elevated privileges.
16 . The computer-readable storage media of claim 10 , wherein the default configuration settings for the security context are not changed when the lockdown mode is activated and remain available for rendering of other content that is not restricted by the lockdown mode.
17 . A computing device comprising:
a processing unit; and a content rendering application executable via the processing unit to:
implement a local security context for rendering of content with elevated privileges, the security context associated with default configuration settings defining the elevated privileges and alternate lockdown configuration settings to place increased restrictions on content when a lockdown mode is activated for the security context; and
when the lockdown mode is activated for a content item, locking down the local security context to implement the increased restrictions for the content item by returning the alternate lockdown configuration settings instead of the default configuration settings for use by the application to render the content item.
18 . The computing device of claim 17 , wherein the local security context is included as one of a plurality of security contexts implemented by the content rendering application that reflect different levels of trust defined for content rendering, each individual security context designating security polices to control actions by content assigned to the individual security context.
19 . The computing device of claim 17 , wherein the local security context is configured to enable at least locally stored content of the computing device to operate with the elevated privileges.
20 . The computing device of claim 17 , wherein the content rendering application is further configured to detect content items associated with the local security context that do not include content restricted by the lockdown mode and, when the lockdown mode is activated, bypass the lockdown mode for the content items that do not include restricted content.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.