-
公开(公告)号:US20090106628A1
公开(公告)日:2009-04-23
申请号:US11875219
申请日:2007-10-19
申请人: Onur Aciicmez , Xinwen Zhang
发明人: Onur Aciicmez , Xinwen Zhang
IPC分类号: G11C29/00
CPC分类号: G06F11/08 , G06F21/554 , G06F21/64 , G06F21/80
摘要: Techniques for execution of commands securely within a storage device are disclosed. Integrity of a command interpreter is verified before allowing it to execute commands within the storage device. The integrity of the commands can also be checked to safeguard against various threats including, for example, malicious attacks, unintentional errors and defects that can adversely affect stored content and execution. Error recovery techniques can be used to reconstruct the command interpreter and/or commands that are found to be defective. In addition, secure techniques can be used to obtain trusted versions of the command interpreter and/or commands from an authenticated external source.
摘要翻译: 公开了用于在存储设备内安全地执行命令的技术。 验证命令解释器的完整性,然后允许其在存储设备中执行命令。 还可以检查命令的完整性以防止各种威胁,例如恶意攻击,无意错误和可能对存储的内容和执行产生不利影响的缺陷。 错误恢复技术可用于重建发现有缺陷的命令解释器和/或命令。 此外,可以使用安全技术从认证的外部源获取命令解释器和/或命令的可信版本。
-
公开(公告)号:US08375296B2
公开(公告)日:2013-02-12
申请号:US12827538
申请日:2010-06-30
申请人: Swaroop S. Kalasapur , Doreen Cheng , Henry Song , Onur Aciicmez
发明人: Swaroop S. Kalasapur , Doreen Cheng , Henry Song , Onur Aciicmez
IPC分类号: G06F17/27
CPC分类号: G06F17/30899
摘要: In a first embodiment of the present invention, a method is provided comprising: parsing a document, wherein the document contains at least one reference to a style sheet; for each referenced style sheet: determining if a ruleset corresponding to the referenced style sheet is contained in a first local cache; if the ruleset corresponding to the style sheet is contained in the first local cache; if the referenced style sheet is not contained in the first local cache, parsing the referenced style sheet to derive a ruleset; and applying the ruleset(s) to the document to derive a layout for displaying the document.
摘要翻译: 在本发明的第一实施例中,提供了一种方法,包括:解析文档,其中所述文档包含至少一个对样式表的引用; 对于每个引用的样式表:确定与所引用的样式表相对应的规则集是否包含在第一本地高速缓存中; 如果与样式表相对应的规则集包含在第一本地高速缓存中; 如果引用的样式表不包含在第一本地缓存中,则解析引用的样式表以导出规则集; 并将规则集应用于文档以导出用于显示文档的布局。
-
公开(公告)号:US08595284B2
公开(公告)日:2013-11-26
申请号:US12637316
申请日:2009-12-14
CPC分类号: H04L67/10 , G06F8/51 , G06F9/5027 , G06F9/547 , G06F2209/509 , Y02D10/22
摘要: In a first embodiment of the present invention, a method is provided comprising: determining if a portion of a script of web application code within a web application is migratable to a remote infrastructure, wherein the portion of the script contains one or more functions; and modifying the portion of the script if the portion of the script is migratable, such that execution of the portion of the script results in the one or more functions being executed on the remote infrastructure, wherein the remote infrastructure is not restricted to the device on which the web application was designed or distributed.
摘要翻译: 在本发明的第一实施例中,提供了一种方法,包括:确定web应用程序内的web应用代码的脚本的一部分是否可迁移到远程基础设施,其中该脚本的该部分包含一个或多个功能; 以及如果所述脚本的所述部分是可移动的,则修改所述脚本的所述部分,使得所述脚本的所述部分的执行导致所述远程基础设施上执行的所述一个或多个功能,其中所述远程基础设施不限于所述设备上 Web应用程序的设计或分发。
-
公开(公告)号:US08458765B2
公开(公告)日:2013-06-04
申请号:US12643878
申请日:2009-12-21
申请人: Onur Aciicmez , Swaroop S. Kalasapur , Yu Song , Doreen Cheng
发明人: Onur Aciicmez , Swaroop S. Kalasapur , Yu Song , Doreen Cheng
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/6272 , G06F2221/2113 , G06F2221/2141 , H04L63/102 , H04L67/02
摘要: A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be appreciated that the security module can apply mandatory access control security policies to such web browser access attempts.
摘要翻译: 计算系统可操作以在操作系统内容纳安全模块。 该安全模块然后可以用于监视Web浏览器的访问请求,并对这些请求应用强制访问控制安全策略。 应当理解,安全模块可以对这种web浏览器访问尝试应用强制访问控制安全策略。
-
公开(公告)号:US09064111B2
公开(公告)日:2015-06-23
申请号:US13412496
申请日:2012-03-05
申请人: Onur Aciicmez , Andrew C. Blaich
发明人: Onur Aciicmez , Andrew C. Blaich
CPC分类号: G06F21/53 , G06F21/6218 , G06F21/6281 , G06F21/629 , G06F2221/2113 , G06F2221/2119 , G06F2221/2137 , G06F2221/2141
摘要: In a first embodiment of the present invention, a method of providing security enforcements of widgets in a computer system having a processor and a memory is provided, comprising: extracting access control information from a widget process requesting a service, generating access control rules customized for the widget process, and providing the access control rules to a trusted portion of the computer system outside of the user code space of a Web Runtime (WRT) system; and for any static access control rule, delegating security checking of the widget process from the WRT system to the trusted portion of the computer system.
摘要翻译: 在本发明的第一实施例中,提供了一种在具有处理器和存储器的计算机系统中提供小部件的安全执行的方法,包括:从请求服务的小窗口进程提取访问控制信息,生成为 窗口小部件处理,以及将访问控制规则提供给在Web运行时(WRT)系统的用户代码空间之外的计算机系统的受信任部分; 并且对于任何静态访问控制规则,将该widget进程的安全性检查从WRT系统委托给该计算机系统的受信任部分。
-
公开(公告)号:US08893225B2
公开(公告)日:2014-11-18
申请号:US13274061
申请日:2011-10-14
申请人: Onur Aciicmez , Andrew C. Blaich
发明人: Onur Aciicmez , Andrew C. Blaich
摘要: The security of web widgets is improved by transferring a set of access control decisions conventionally handled by the Web Runtime system (WRT) to a more secure portion of the computing system, such as a kernel in the operating system. Access control rules are extracted and provided to the more secure portion. This may be performed during widget installation or at invocation of a widget. During runtime, the more secure portion performs security checking functions for the widget instead of the WRT.
摘要翻译: 通过将通常由Web运行时系统(WRT)处理的一组访问控制决定转移到诸如操作系统中的内核的计算系统的更安全的部分来改进web小部件的安全性。 访问控制规则被提取并提供给更安全的部分。 这可以在小部件安装期间或在调用小部件时执行。 在运行时,更安全的部分执行小部件而不是WRT的安全检查功能。
-
47.发明授权公开(公告)号:US09058489B2
公开(公告)日:2015-06-16
申请号:US12693168
申请日:2010-01-25
申请人: Onur Aciicmez , Shuo Tang
发明人: Onur Aciicmez , Shuo Tang
CPC分类号: G06F21/563 , G06F2221/2119
摘要: Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.
摘要翻译: 公开了用可执行文本处理文件的技术。 除了别的以外,这些技术可以有效地解决浏览网站时对Internet用户的XSS攻击。 被认为不被信任或完全信任(“不信任”)的内容可被标记在可包含可执行文本的文档中。 可以采取补救措施,包括不允许执行标有“不信任”的可执行文本。 此外,当处理文档时,可以有效地监视被认为不被信任或完全信任(“不信任”)的内容,以便识别可能由“不受信任”的内容有效地产生的可执行文本和/或以某种方式可能具有 受到“不信任”内容的影响。
-
公开(公告)号:US08997217B2
公开(公告)日:2015-03-31
申请号:US12693152
申请日:2010-01-25
申请人: Onur Aciicmez , Shuo Tang
发明人: Onur Aciicmez , Shuo Tang
CPC分类号: H04L63/1441 , G06F21/53 , G06F21/55 , G06F21/57 , G06F2221/2101 , G06F2221/2119 , G06F2221/2149
摘要: Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.
摘要翻译: 公开了用可执行文本处理文件的技术。 除了别的以外,这些技术可以有效地解决浏览网站时对Internet用户的XSS攻击。 被认为不被信任或完全信任(“不信任”)的内容可被标记在可包含可执行文本的文档中。 可以采取补救措施,包括不允许执行标有“不信任”的可执行文本。 此外,当处理文档时,可以有效地监视被认为不被信任或完全信任(“不信任”)的内容,以便识别可能由“不受信任”的内容有效地产生的可执行文本和/或以某种方式可能具有 受到“不信任”内容的影响。
-
49.发明授权公开(公告)号:US08813210B2
公开(公告)日:2014-08-19
申请号:US13306697
申请日:2011-11-29
申请人: Andrew C. Blaich , Onur Aciicmez
发明人: Andrew C. Blaich , Onur Aciicmez
CPC分类号: H04L63/0236 , G06F21/629 , G06F2221/2101 , G06F2221/2141 , H04L63/10
摘要: A Mandatory Access Control (MAC) aware firewall includes an extended rule set for MAC attributes, such as a security label or path. Application labels may be used to identify processes and perform firewall rule-checking. The firewall rule set may including conventional firewall rules, such as address checking, in addition to an extension for MAC attributes.
摘要翻译: 强制访问控制(MAC)感知防火墙包括用于MAC属性的扩展规则集,例如安全标签或路径。 应用标签可用于识别进程并执行防火墙规则检查。 除了用于MAC属性的扩展之外,防火墙规则集可以包括常规防火墙规则,例如地址检查。
-
公开(公告)号:US08667270B2
公开(公告)日:2014-03-04
申请号:US13371195
申请日:2012-02-10
申请人: Tasneem Brutch , Onur Aciicmez
发明人: Tasneem Brutch , Onur Aciicmez
CPC分类号: H04L63/0823 , G06F8/65 , H04L9/083 , H04L9/321 , H04L9/3247 , H04L9/3263 , H04L29/06775 , H04L29/06816
摘要: A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.
摘要翻译: 提供一种用于安全地改变平台组件的方法,包括:为所述设备分配用于公共加密的证书和签名验证密钥; 为升级服务器分配公共加密证书和签名验证密钥; 相互验证包含平台组件和升级服务器的设备; 使设备和升级服务器交换会话密钥; 并且使用会话密钥向平台组件提供从升级服务器到设备的改变。
-
-
-
-
-
-
-
-
-
搜索结果
50 条记录 (耗时 0.025 秒)
