Component Object Model (COM) is a specification developed by Microsoft Corporation for building software components that can be assembled into programs or that add functionality to existing programs running on various software platforms. The COM specification defines a binary standard for component interoperability. That is, the COM specification does not require or depend on any particular programming language. COM also defines a component object as a piece of compiled code that provides some services to the rest of an operating system or application. By way of example, a component object may be a drag-and-drop component object that first provides a drag function responsive to an end user's selection of one or more icons moving across a display and a drop function responsive to identifying a destination on the display to handle the dragged icon(s).
Also, component objects may interact with other component objects in such a relationship as a server and a client. For example, a COM client refers to computer software that uses the services of other component objects. Consequently, a server component object refers to a component object that provides services to a COM client. In addition, there are known types of execution environments for server component objects, such as in-process, out-of-process or remote. For example, from a server component object's point of view, a server component object may execute either in-process or out-of-process in relation to a client application. An in-process component object requires the operating system to provide a pointer to communicate with the component object. For example, the operating system is required to provide resources, such as memory spaces, or the like, to execute the in-process component object. By way of example and not limitation, a server component object with dynamic-link library (DLL) capability may be considered as an in-process type of component object. On the other hand, an out-of-process type is an executable code that executes in a separate process space from that of a client application and does not share the same resources (e.g., memory space) as the client application. For example, an .EXE file may be considered an out-of-process component object. In addition, a server component object may indicate its execution environment as: in-process or out-of-process with or without preference, in-process only, or out-of-process only.
By way of illustration, a client application may be an application such as an Internet browser application that displays contents of a web page. Also, there may be a server component object that provides a function to display a multimedia file within a web page. When an end user uses the client application to visit a web page with a multimedia file, the client application requests the operating system to create a server component object to display the multimedia file in-process or out-of-process, according to the execution design and implementation of the server component object.
Unfortunately, some server component objects cannot be trusted or are unreliable. For example, non-trusted component objects (e.g., a malicious or a unreliable object) may include computer-executable instructions aimed at disrupting or interfering with the execution of the client application or operating system. Malicious computer-executable instructions or other non-trusted or unreliable component objects may require excess memory space or resources of the operating system, disable other services/functions of the operating system (e.g., spyware, adware, or the like), corrupt legitimate computer-executable instructions, or alter access privilege rights of users. The results of such interference may include causing the client application or an application to crash and/or suspending other operations of the operating system. In these situations, an end user is left with no recourse but to terminate the particular application or to reboot the computer.
In current COM implementations, the operating system generally allows the execution of a server component object in response to request from a client application. The operating system is unable to force a server component object to execute in an execution environment other than the execution environment in which the particular server component object has been designed to execute. This disadvantage exposes an operating system and client application to malicious computer-executable instructions or other non-trusted component objects. The operating system thus lacks the ability to prevent the malicious computer-executable instructions or non-trusted component objects from harming operation of an application or the operating system. That is, there is no mechanism to prevent malicious computer-executable instructions of a server component object from executing in-process relative to a client application.
Accordingly, improved out-of-process software components isolation for trustworthiness execution is desired to address at least one or more of these and other disadvantages by allowing the operating system and client application to decide whether a server component object should be executed in a requested execution environment.