-
公开(公告)号:US08892878B2
公开(公告)日:2014-11-18
申请号:US10769415
申请日:2004-01-30
申请人: Andrew G. Tucker , Casper H. Dik
发明人: Andrew G. Tucker , Casper H. Dik
CPC分类号: G06F21/6281 , G06F9/468 , G06F21/604 , G06F21/6218
摘要: In one embodiment, the present invention provides techniques for managing activities of processes using a fine grained privilege model in an operating system environment partitioned into a global zone and one or more non-global zones for isolating processes from processes executing in association with other non-global zones under control of a single operating kernel instance.
摘要翻译: 在一个实施例中,本发明提供了用于管理在划分为全局区域的操作系统环境中使用细粒度特权模型的过程的活动的技术,以及用于将流程与其他非全局区域相关联地执行的进程隔离的非全局区域, 全局区域由单个操作内核实例控制。
-
公开(公告)号:US08856938B2
公开(公告)日:2014-10-07
申请号:US12182790
申请日:2008-07-30
摘要: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.
摘要翻译: 用于安全地访问可执行文件对象的方法包括步骤,其中来自目标进程的访问可执行文件对象的请求被操作系统组件接收,并且在允许访问之前检查对象的有效性。 对于无法验证的对象,如果权限上限允许执行该对象,该进程将以权限上限的权限运行。
-
公开(公告)号:US20100070775A1
公开(公告)日:2010-03-18
申请号:US12233331
申请日:2008-09-18
CPC分类号: G06F21/645
摘要: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.
摘要翻译: 一种验证程序执行的方法。 该方法包括从第二计算机系统识别程序,由第一计算机系统从第二计算机系统获得用于文件文件的页面的第一副本,计算第一副本的哈希值,存储第一副本 在第一计算机系统的本地存储器中复制,存储用于第一副本的散列值,以及在第一计算机系统上执行程序,其中在执行程序期间将第一副本从本地存储器中移除。 该方法还包括从第二计算机系统获得页面的第二副本,计算第二副本的散列,确定第一副本的哈希值是否等于第二副本的哈希值,以及执行适当的动作 以此作出回应。
-
公开(公告)号:US20100031355A1
公开(公告)日:2010-02-04
申请号:US12182790
申请日:2008-07-30
IPC分类号: G06F12/14
摘要: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.
摘要翻译: 用于安全地访问可执行文件对象的方法包括步骤,其中来自目标进程的访问可执行文件对象的请求被操作系统组件接收,并且在允许访问之前检查对象的有效性。 对于无法验证的对象,如果权限上限允许执行该对象,该进程将以权限上限的权限运行。
-
5.发明授权Method and apparatus for implementing a pluggable password obscuring mechanism 有权用于实现可插拔密码模糊机制的方法和装置公开(公告)号:US07249260B2
公开(公告)日:2007-07-24
申请号:US10461749
申请日:2003-06-12
申请人: Darren J. Moffat , Casper H. Dik , Alec Muffett
发明人: Darren J. Moffat , Casper H. Dik , Alec Muffett
IPC分类号: H04L9/00
CPC分类号: G06F21/46
摘要: One embodiment of the present invention provides a system that implements a pluggable password obscuring mechanism. During operation, the system receives a request to obscure a password to produce an obscured version of the password. If the request specifies a customized technique for obscuring the password, the system loads a dynamic library that performs the customized technique, and then uses the dynamic library to obscure the password. If the request does not specify a customized technique, the system uses a default technique to obscure the password. In this way, the customized technique for obscuring the password can be used without having to modify source code.
摘要翻译: 本发明的一个实施例提供一种实现可插拔密码模糊机制的系统。 在操作期间,系统收到一个隐藏密码以产生隐蔽版本密码的请求。 如果请求指定了用于掩盖密码的定制技术,系统将加载执行自定义技术的动态库,然后使用动态库来掩盖密码。 如果请求没有指定自定义的技术,系统将使用默认技术来掩盖密码。 以这种方式,可以使用用于遮蔽密码的定制技术,而无需修改源代码。
-
公开(公告)号:US08108686B2
公开(公告)日:2012-01-31
申请号:US12233331
申请日:2008-09-18
IPC分类号: G06F21/00
CPC分类号: G06F21/645
摘要: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.
摘要翻译: 一种验证程序执行的方法。 该方法包括从第二计算机系统识别程序,由第一计算机系统从第二计算机系统获得用于文件文件的页面的第一副本,计算第一副本的哈希值,存储第一副本 在第一计算机系统的本地存储器中复制,存储用于第一副本的散列值,以及在第一计算机系统上执行程序,其中在执行程序期间将第一副本从本地存储器中移除。 该方法还包括从第二计算机系统获得页面的第二副本,计算第二副本的散列,确定第一副本的哈希值是否等于第二副本的哈希值,以及执行适当的动作 以此作出回应。
-
公开(公告)号:US07853780B2
公开(公告)日:2010-12-14
申请号:US12183859
申请日:2008-07-31
申请人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
发明人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
IPC分类号: G06F9/445
CPC分类号: G06F21/00 , G06F21/575
摘要: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.
摘要翻译: 启动顺序所必需的文件在执行时被验证。 由于核心引导文件由计算机加载和执行,文件的散列将被创建并扩展到配置寄存器中。 核心操作系统文件由引导加载程序使用数字签名进行验证,用于验证数字签名的公钥被记录在配置寄存器中。 由引导加载程序验证的核心操作系统文件包括哈希值列表,由操作系统用于在执行其他文件时验证其他文件。 通过将配置寄存器的状态与反映寄存器预期状态的先前存储值进行比较来实现系统正确启动的用户保证。 在配置寄存器的状态匹配期望的情况下,由用户先前选择的数据被用户检索和识别。
-
公开(公告)号:US20100031012A1
公开(公告)日:2010-02-04
申请号:US12183859
申请日:2008-07-31
申请人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
发明人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
IPC分类号: G06F12/14 , G06F15/177
CPC分类号: G06F21/00 , G06F21/575
摘要: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.
摘要翻译: 启动顺序所必需的文件在执行时被验证。 由于核心引导文件由计算机加载和执行,文件的散列将被创建并扩展到配置寄存器中。 核心操作系统文件由引导加载程序使用数字签名进行验证,用于验证数字签名的公钥被记录在配置寄存器中。 由引导加载程序验证的核心操作系统文件包括哈希值列表,由操作系统用于在执行其他文件时验证其他文件。 通过将配置寄存器的状态与反映寄存器预期状态的先前存储值进行比较来实现系统正确启动的用户保证。 在配置寄存器的状态匹配期望的情况下,由用户先前选择的数据被用户检索和识别。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.012 秒)
