-
1.发明授权Method and apparatus for automatically determining optimum placement of privileged code locations in existing code 失效用于自动确定现有代码中特权代码位置的最佳布局的方法和装置公开(公告)号:US07237236B2
公开(公告)日:2007-06-26
申请号:US10226871
申请日:2002-08-22
IPC分类号: G06F9/45
摘要: A method and apparatus for automatically determining optimum placement of privileged code enablement locations in existing code are provided. A method invocation graph of existing code is generated and a static analysis of the method invocation graph is performed. The static analysis is used to analyze the permission propagation through chains of method invocations in the method invocation graph. When a method invocation in the method invocation graph satisfies one or more user definable criteria, the location in the method invocation graph is saved to a file that identifies recommended insertion points for a call to the authorization enablement code. This file may then be used to manually review the code to determine if a call to privileged mode enablement should actually be made at the identified locations. Alternatively, the call to privileged mode enablement may be automatically inserted at the indicated locations using refactoring.
摘要翻译: 提供了一种用于自动确定现有代码中特权代码启用位置的最佳布局的方法和装置。 生成现有代码的方法调用图,并执行方法调用图的静态分析。 静态分析用于通过方法调用图中的方法调用链来分析权限传播。 当方法调用图中的方法调用满足一个或多个用户可定义的标准时,方法调用图中的位置将保存到一个文件中,该文件标识了对授权启用代码的调用的推荐插入点。 然后可以使用该文件手动查看代码,以确定是否应在所识别的位置实际执行对特权模式启用的调用。 或者,可以使用重构在所指示的位置自动地插入对特权模式启用的呼叫。
-
公开(公告)号:US08387111B2
公开(公告)日:2013-02-26
申请号:US10002439
申请日:2001-11-01
申请人: Lawrence Koved , Anthony Joseph Nadalin , Nataraj Nagaratnam , Marco Pistoia , Bruce Arland Rich
发明人: Lawrence Koved , Anthony Joseph Nadalin , Nataraj Nagaratnam , Marco Pistoia , Bruce Arland Rich
IPC分类号: G06F12/14
CPC分类号: G06F21/53 , G06F2221/2145
摘要: A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.
摘要翻译: 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制,通过该机制,可以将大量的权限组分配给代码源,而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后,开发人员可以为已安装的类分配一个基本权限,从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式,安全提供程序不需要知道应用程序中定义的所有权限类型。 此外,安全提供商可以无缝地集成许多应用程序,而无需更改其访问控制和策略存储语义。 此外,应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改,也不需要更改应用程序代码。
-
公开(公告)号:US07810135B2
公开(公告)日:2010-10-05
申请号:US11968673
申请日:2008-01-03
IPC分类号: H04L9/00
CPC分类号: G06F21/53
摘要: A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译: 提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。 该方法和设备提供了一个AdoptPermission权限类型,允许一种方法传递Java 2授权测试,而不会明确授予该方法的特定所需权限,而不授予其授予AllPermission权限的方法。 使用设备和方法,定义了一个AdoptPermission权限类型,该类型用于允许ProtectionDomain“采用”所需的权限。 但是,只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时,才能执行所需的权限。 因此,AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制,并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。
-
公开(公告)号:US07496757B2
公开(公告)日:2009-02-24
申请号:US10050083
申请日:2002-01-14
IPC分类号: G06F21/00
CPC分类号: G06F21/51 , G06F21/53 , G06F2221/2141 , G06F2221/2149
摘要: A software security system is arranged to verify the authenticity of each element of a Java Virtual Machine installation. A digital signature is attached to each file of the JVM installation. A loader (20) verifies the digital signature of the JVM DLL (30). The JVM DLL 30 then verifies the digital signature of each other DLL and configuration file to be loaded (40, 50, 60, 70), and only loads those files which have successfully verified digital signatures. In this way the security of the JVM is enhanced, a user has greater confidence that the Java applications will function correctly, and the detection of incorrect or damaged JVM installations is improved.
摘要翻译: 安排软件安全系统来验证Java虚拟机安装的每个元素的真实性。 数字签名附加到JVM安装的每个文件。 加载器(20)验证JVM DLL的数字签名(30)。 然后,JVM DLL 30验证要加载的每个其他DLL和配置文件的数字签名(40,50,60,70),并且仅加载已成功验证数字签名的那些文件。 通过这种方式,JVM的安全性得到增强,用户对Java应用程序的正常运行有更大的信心,并且改进了错误或损坏的JVM安装的检测。
-
公开(公告)号:US07343620B2
公开(公告)日:2008-03-11
申请号:US10639862
申请日:2003-08-13
IPC分类号: H04L9/00
CPC分类号: G06F21/53
摘要: A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译: 提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。 该方法和设备提供了一个AdoptPermission权限类型,允许一种方法传递Java 2授权测试,而不会明确授予该方法的特定所需权限,而不授予其授予AllPermission权限的方法。 使用设备和方法,定义了一个AdoptPermission权限类型,该类型用于允许ProtectionDomain“采用”所需的权限。 但是,只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时,才能执行所需的权限。 因此,AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制,并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。
-
公开(公告)号:US07219341B2
公开(公告)日:2007-05-15
申请号:US10285007
申请日:2002-10-31
申请人: Ann Eleanor Dalton , David Granshaw , Matt Richard Hogstrom , Aaron Stephen Jay Kershenbaum , Lawrence Koved , Bert Laonipon , Simon Christopher Nash , Marco Pistola
发明人: Ann Eleanor Dalton , David Granshaw , Matt Richard Hogstrom , Aaron Stephen Jay Kershenbaum , Lawrence Koved , Bert Laonipon , Simon Christopher Nash , Marco Pistola
IPC分类号: G06F9/45
CPC分类号: G06F8/443
摘要: A method, system and apparatus for performing selective data processing based upon a static analysis of the code of a compiled object. A compiled object, for example an enterprise bean, can be analyzed to determine how individual methods in the enterprise bean access specific objects. Those specific objects can include, for instance, data members of a class, or class objects passed into one or more individual methods of the enterprise bean. Where the individual methods of the enterprise bean do not mutate or otherwise change the state of the specific objects, those objects can be accessed by reference only. Importantly, where the specific objects are data fields linked to a table in a database as managed by a container managed persistence (CMP) bean, an update to the table will not be required when the static analysis of the enterprise bean otherwise indicates that the data fields are merely accessed, but not updated.
摘要翻译: 一种用于基于编译对象的代码的静态分析来执行选择性数据处理的方法,系统和装置。 可以分析编译对象,例如企业bean,以确定企业bean中的各个方法如何访问特定对象。 这些特定对象可以包括例如类的数据成员或传递到企业bean的一个或多个单独方法的类对象。 如果企业bean的各个方法不会突变或以其他方式更改特定对象的状态,那么这些对象只能通过引用来访问。 重要的是,特定对象是数据字段链接到由容器管理持久性(CMP)bean管理的数据库中的表的数据字段,当企业bean的静态分析否则表示数据时,将不需要更新表 字段仅被访问,但不被更新。
-
7.发明授权System and method for supporting digital rights management in an enhanced Java™ 2 runtime environment 有权在增强的Java™2运行时环境中支持数字版权管理的系统和方法公开(公告)号:US07827613B2
公开(公告)日:2010-11-02
申请号:US11932473
申请日:2007-10-31
申请人: Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
发明人: Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
IPC分类号: H04N7/16
CPC分类号: G06F21/52 , G06F21/10 , G06F2221/0748
摘要: A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.
摘要翻译: 实现Java运行时环境(JRE)的Java客户端的数字版权管理(DRM)系统和方法。 JRE包括Java虚拟机(JVM)和Java运行时库组件,并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容(例如,Java应用程序,小程序,servlet,bean等) 并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层,用于接收从播放器查看或播放下载的受保护内容的请求,并且响应于每个请求,确定与受保护内容相关联的权限,并且使得能够观看或播放受保护的内容 内容通过玩家申请,如果允许,根据权利。 通过提供支持DRM的Java运行时,不影响非DRM相关程序的工作方式,DRM内容提供商将不需要安装定制播放器。 通过保护运行时间,每个Java™播放器自动和透明地成为支持DRM的播放器。
-
8.发明申请公开(公告)号:US20090094667A1
公开(公告)日:2009-04-09
申请号:US11867792
申请日:2007-10-05
申请人: Ted A. Habeck , Lawrence Koved , Jeff McAffer , Marco Pistoia
发明人: Ted A. Habeck , Lawrence Koved , Jeff McAffer , Marco Pistoia
IPC分类号: G06F17/00
CPC分类号: G06F21/6218
摘要: Systems and methods are presented for automatically determining the security requirements of program code during the creation or modification of that program code and for presenting the necessary security permissions to a developer of the program code at the time of the creation or modification of the program code. A cache is established containing program code segments including library calls and application program interfaces that require security permissions at runtime. The cache also includes the security permissions associated with the stored program code segments. Program code editing is monitored in real time during the editing, and instances of edits that add, modify or delete the stored program code segments from the program code being edited are identified. The security permissions associated with the program code segments that are modified by the edits are retrieved from the cache. The retrieved security permissions are immediately presented to the developer in an interactive format that provides the developer with the ability to accept or decline the necessary changes to the security permissions.
摘要翻译: 提出了系统和方法,用于在创建或修改程序代码期间自动确定程序代码的安全性要求,并在创建或修改程序代码时向程序代码的开发人员呈现必要的安全权限。 建立了包含程序代码段的缓存,包括在运行时需要安全权限的库调用和应用程序接口。 缓存还包括与存储的程序代码段相关联的安全许可。 在编辑期间实时监控程序代码编辑,并且识别从正在编辑的程序代码中添加,修改或删除存储的程序代码段的编辑实例。 从缓存中检索与编辑修改的程序代码段相关联的安全权限。 检索到的安全权限立即以交互式格式呈现给开发人员,交互式格式使开发人员能够接受或拒绝对安全权限的必要更改。
-
公开(公告)号:US20080104698A1
公开(公告)日:2008-05-01
申请号:US11968673
申请日:2008-01-03
申请人: Lawrence Koved , Anthony Nadalin , Marco Pistoia
发明人: Lawrence Koved , Anthony Nadalin , Marco Pistoia
IPC分类号: G06F21/00
CPC分类号: G06F21/53
摘要: A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译: 提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。 该方法和设备提供了一个AdoptPermission权限类型,允许一种方法传递Java 2授权测试,而不会明确授予该方法的特定所需权限,而不授予其授予AllPermission权限的方法。 使用设备和方法,定义了一个AdoptPermission权限类型,该类型用于允许ProtectionDomain“采用”所需的权限。 但是,只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时,才能执行所需的权限。 因此,AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制,并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。
-
10.发明授权System and method for supporting digital rights management in an enhanced Java™ 2 runtime environment 失效在增强的Java(TM)2运行时环境中支持数字版权管理的系统和方法公开(公告)号:US07308717B2
公开(公告)日:2007-12-11
申请号:US09792154
申请日:2001-02-23
申请人: Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
发明人: Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
IPC分类号: G06F7/04
CPC分类号: G06F21/52 , G06F21/10 , G06F2221/0748
摘要: A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a Ad DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.
摘要翻译: 实现Java运行时环境(JRE)的Java客户端的数字版权管理(DRM)系统和方法。 JRE包括Java虚拟机(JVM)和Java运行时库组件,并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容(例如,Java应用程序,小程序,servlet,bean等) 并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层,用于接收从播放器查看或播放下载的受保护内容的请求,并且响应于每个请求,确定与受保护内容相关联的权限,并且使得能够观看或播放受保护的内容 内容通过玩家申请,如果允许,根据权利。 通过提供支持广告DRM的Java运行时,不影响非DRM相关程序的工作方式,DRM内容提供商将不需要安装自定义播放器。 通过确保运行时间,每个Java(TM)播放器自动且透明地成为启用DRM的播放器。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.026 秒)
