-
公开(公告)号:US20090164929A1
公开(公告)日:2009-06-25
申请号:US12137508
申请日:2008-06-11
申请人: Shuo Chen , Emre M. Kiciman , Yi-Min Wang
发明人: Shuo Chen , Emre M. Kiciman , Yi-Min Wang
CPC分类号: G06F16/9535
摘要: A system customizes search results. In one implementation, an exemplary system personalizes search results based on recommendations from members of online social networks to which the user belongs, who have made similar search queries in the past. The system also enables the user to arrange, insert, and delete search result entries into a customized search results queue from across multiple search engines. The user's own customizations of the search results may be shared, in turn, as recommendations for other users who submit similar search queries and who are associated with the user through online social networks. The system may automatically provide personally relevant search results for a subjective query. In one implementation, the system also posts search results that contain explicit recommendations made by peers, posts the reputation of the peers, and appends links to channels for directly communicating with those peers who submitted the recommendations or with peers who are currently performing a similar search.
摘要翻译: 系统自定义搜索结果。 在一个实现中,示例性系统基于来自用户所属的在线社交网络的成员的推荐来个性化搜索结果,过去谁进行了类似的搜索查询。 该系统还使得用户能够将搜索结果条目排列,插入和删除到来自多个搜索引擎的自定义搜索结果队列中。 用户自己的搜索结果的自定义可以反过来被分享给提交类似的搜索查询并且通过在线社交网络与用户相关联的其他用户的建议。 该系统可以自动提供用于主观查询的个人相关搜索结果。 在一个实现中,系统还发布包含同行提出的明确建议的搜索结果,发布对等体的声誉,并且附加链接到与提交建议的对等体直接通信的渠道,或者与正在执行类似搜索的对等体 。
-
公开(公告)号:US08539585B2
公开(公告)日:2013-09-17
申请号:US11768134
申请日:2007-06-25
申请人: Shuo Chen , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
发明人: Shuo Chen , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
IPC分类号: G06F21/00
CPC分类号: G06F11/3608 , G06F21/577 , G06F21/83
摘要: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译: 为了实现端到端的安全性,如果图形用户界面(GUI)的完整性受到损害,则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括:(1)将视觉不变量映射到程序不变; (2)对程序逻辑,用户动作和执行上下文进行正式建模,并系统地探索违反程序不变的可能性; (3)根据探索找到真正的欺骗攻击。
-
公开(公告)号:US20080134338A1
公开(公告)日:2008-06-05
申请号:US11565426
申请日:2006-11-30
申请人: Shuo Chen , Jose Meseguer , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
发明人: Shuo Chen , Jose Meseguer , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
IPC分类号: G08B23/00
CPC分类号: G06F11/3608 , G06F21/577 , G06F21/83
摘要: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
-
公开(公告)号:US20080133976A1
公开(公告)日:2008-06-05
申请号:US11768134
申请日:2007-06-25
申请人: Shuo Chen , Yi-Min Wang , Ralf Sasse , Jiahe Helen Wang
发明人: Shuo Chen , Yi-Min Wang , Ralf Sasse , Jiahe Helen Wang
IPC分类号: G06F11/36
CPC分类号: G06F11/3608 , G06F21/577 , G06F21/83
摘要: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译: 为了实现端到端的安全性,如果图形用户界面(GUI)的完整性受到损害,则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括:(1)将视觉不变量映射到程序不变; (2)对程序逻辑,用户动作和执行上下文进行正式建模,并系统地探索违反程序不变的可能性; (3)根据探索找到真正的欺骗攻击。
-
5.发明授权公开(公告)号:US07784101B2
公开(公告)日:2010-08-24
申请号:US11214123
申请日:2005-08-29
申请人: Chad E Verbowski , John D. Dungan , Shuo Chen , Yi-Min Wang
发明人: Chad E Verbowski , John D. Dungan , Shuo Chen , Yi-Min Wang
CPC分类号: G06F21/6218 , G06F2221/2101
摘要: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.
摘要翻译: 用于在给定的安全上下文中识别应用的依赖性的技术包括监视应用产生的安全检查。 识别需要提升权限的安全检查,并且可能会记录与识别的安全检查对应的应用程序的执行状态。 可以通过监视访问检查,监视特权检查,针对与提升的权限相关联的已知标识符的列表等来检查用户/组标识符来识别需要提高权限的安全检查。
-
公开(公告)号:US20080127341A1
公开(公告)日:2008-05-29
申请号:US11772085
申请日:2007-06-29
申请人: Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
发明人: Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
CPC分类号: G06F11/3608 , G06F21/577 , G06F21/83
摘要: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译: 为了实现端到端的安全性,如果图形用户界面(GUI)的完整性受到损害,则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括:(1)将视觉不变量映射到程序不变; (2)对程序逻辑,用户动作和执行上下文进行正式建模,并系统地探索违反程序不变的可能性; (3)根据探索找到真正的欺骗攻击。
-
公开(公告)号:US08125669B2
公开(公告)日:2012-02-28
申请号:US11772085
申请日:2007-06-29
申请人: Shuo Chen , Yi-Min Wang , Jiahe Helen Wang
发明人: Shuo Chen , Yi-Min Wang , Jiahe Helen Wang
CPC分类号: G06F11/3608 , G06F21/577 , G06F21/83
摘要: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译: 为了实现端到端的安全性,如果图形用户界面(GUI)的完整性受到损害,则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括:(1)将视觉不变量映射到程序不变; (2)对程序逻辑,用户动作和执行上下文进行正式建模,并系统地探索违反程序不变的可能性; (3)根据探索找到真正的欺骗攻击。
-
公开(公告)号:US07779480B2
公开(公告)日:2010-08-17
申请号:US11214125
申请日:2005-08-29
申请人: Chad E Verbowski , John D. Dunagan , Shuo Chen , Yi-Min Wang
发明人: Chad E Verbowski , John D. Dunagan , Shuo Chen , Yi-Min Wang
CPC分类号: G06F21/6218 , G06F2221/2101
摘要: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.
-
公开(公告)号:US20090187918A1
公开(公告)日:2009-07-23
申请号:US12016654
申请日:2008-01-18
申请人: Shuo Chen , David A. Ross , Yi-Min Wang
发明人: Shuo Chen , David A. Ross , Yi-Min Wang
CPC分类号: H04L63/0435 , G06F21/52
摘要: A method includes placing an accent in a frame, and only letting frames with the same accent communicate with each other. This accenting is removed using an accent key immediately prior to a compilation operation. The accenting can be performed by performing an XOR operation on a data stream using a key. In one exemplary non-limiting embodiment a computing system is provided. The computing system includes a memory, and a processor coupled to the memory, the processor configured to introduce domain specificity to at least one of a script and an HTML object name. In another exemplary non-limiting embodiment, means are provided for introducing domain specificity to at least one of a script and an HTML object name and means are provided for removing the introduced domain specificity prior to a compiling operation.
摘要翻译: 一种方法包括将重音放在帧中,并且只允许具有相同重音的帧相互通信。 在编译操作之前,使用重音键删除该重音。 可以通过使用密钥对数据流执行XOR操作来执行重音。 在一个示例性的非限制性实施例中,提供了一种计算系统。 计算系统包括存储器和耦合到存储器的处理器,该处理器被配置为将域特异性引入到脚本和HTML对象名称中的至少一个。 在另一示例性非限制性实施例中,提供了用于将域特异性引入到脚本和HTML对象名称中的至少一个的装置,并且提供了用于在编译操作之前去除引入的域特异性的装置。
-
公开(公告)号:US08621495B2
公开(公告)日:2013-12-31
申请号:US12016654
申请日:2008-01-18
申请人: Shuo Chen , David A. Ross , Yi-Min Wang
发明人: Shuo Chen , David A. Ross , Yi-Min Wang
CPC分类号: H04L63/0435 , G06F21/52
摘要: A method includes placing an accent in a frame, and only letting frames with the same accent communicate with each other. This accenting is removed using an accent key immediately prior to a compilation operation. The accenting can be performed by performing an XOR operation on a data stream using a key. In one exemplary non-limiting embodiment a computing system is provided. The computing system includes a memory, and a processor coupled to the memory, the processor configured to introduce domain specificity to at least one of a script and an HTML object name. In another exemplary non-limiting embodiment, means are provided for introducing domain specificity to at least one of a script and an HTML object name and means are provided for removing the introduced domain specificity prior to a compiling operation.
摘要翻译: 一种方法包括将重音放在帧中,并且只允许具有相同重音的帧相互通信。 在编译操作之前,使用重音键删除该重音。 可以通过使用密钥对数据流执行XOR操作来执行重音。 在一个示例性的非限制性实施例中,提供了一种计算系统。 计算系统包括存储器和耦合到存储器的处理器,该处理器被配置为将域特异性引入到脚本和HTML对象名称中的至少一个。 在另一示例性非限制性实施例中,提供了用于将域特异性引入到脚本和HTML对象名称中的至少一个的装置,并且提供了用于在编译操作之前去除引入的域特异性的装置。
-
-
-
-
-
-
-
-
-
搜索结果
114 条记录 (耗时 0.032 秒)
