公开(公告)号：US07555757B2

公开(公告)日：2009-06-30

申请号：US11159853

申请日：2005-06-23

申请人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  George D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders, II ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

发明人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  George D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders, II ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

IPC分类号： G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00

CPC分类号： G06F3/00 ,  G06F9/46 ,  G06F9/465 ,  G06F9/541 ,  G06F2209/463

摘要： An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

摘要翻译： 应用程序接口（API）提供了一组功能，包括一组基本所有应用程序中使用的基类和类型，用于在Microsoft Corporation的.NET（TM）平台上构建Web应用程序的应用程序开发人员。

公开(公告)号：US07013469B2

公开(公告)日：2006-03-14

申请号：US11159851

申请日：2005-06-23

申请人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

发明人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

IPC分类号： G06F9/46

CPC分类号： G06F3/00 ,  G06F9/46 ,  G06F9/465 ,  G06F9/541 ,  G06F2209/463

摘要： An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

公开(公告)号：US07017162B2

公开(公告)日：2006-03-21

申请号：US09902811

申请日：2001-07-10

申请人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

发明人： Adam W. Smith ,  Anthony J. Moore ,  Brian A. LaMacchia ,  Anders Hejlsberg ,  Brian M. Grunkemeyer ,  Caleb L. Doise ,  Christopher W. Brumme ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Takacs ,  David S. Ebbo ,  David O. Driver ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Henry L. Sanders ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Krzysztof J. Cwalina ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Michael M. Magruder ,  Manish S. Prabhu ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Shawn P. Burke ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Tarun Anand ,  Travis J. Muhlestein ,  Yann E. Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

IPC分类号： G06F9/46

CPC分类号： G06F3/00 ,  G06F9/46 ,  G06F9/465 ,  G06F9/541 ,  G06F2209/463

摘要： An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

公开(公告)号：US07581231B2

公开(公告)日：2009-08-25

申请号：US10087027

申请日：2002-02-28

申请人： Adam W. Smith ,  Anthony J. Moore ,  Anders Hejlsberg ,  Brian A. LaMacchia ,  Blaine J. Dockter ,  Brian M. Grunkemeyer ,  Brian K. Pepin ,  Caleb L. Doise ,  Christopher W. Brumme ,  Chad W. Royal ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Dedu-Constantin ,  Daniel Takacs ,  David S. Ebbo ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Giovanni M. Della-Libera ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Jun Fang ,  Krzysztof J. Cwalina ,  Keith W. Ballinger ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Luca Bolognese ,  Manu Vasandani ,  Mark T. Anders ,  Mark P. Ashton ,  Mark A. Boulter ,  Mark W. Fussell ,  Michael M. Magruder ,  Manish S. Prabhu ,  Neetu Rajpal ,  Nikhil Kothari ,  Nithyalakshmi Sampathkumar ,  Nicholas M. Kramer ,  Omri Gazitt ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Robert M. Howard ,  Ramasamy Krishnaswamy ,  Shawn P. Burke ,  Scott D. Guthrie ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Subhag P. Oak ,  Sreeram Nivarthi ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Susan M. Warren ,  Tarun Anand ,  Travis J. Muhlestein ,  William A. Adams ,  Yan Leshinsky ,  Yann E. Christensen ,  Yung-shin Lin ,  Stephen J. Millet ,  Joseph Roxe ,  Alan Boshier ,  Henry L. Sanders ,  David Bau

发明人： Adam W. Smith ,  Anthony J. Moore ,  Anders Hejlsberg ,  Brian A. LaMacchia ,  Blaine J. Dockter ,  Brian M. Grunkemeyer ,  Brian K. Pepin ,  Caleb L. Doise ,  Christopher W. Brumme ,  Chad W. Royal ,  Christopher L. Anderson ,  Corina E. Feuerstein ,  Craig T. Sinclair ,  Daniel Dedu-Constantin ,  Daniel Takacs ,  David S. Ebbo ,  David S. Mortenson ,  Erik B. Christensen ,  Erik B. Olson ,  Fabio A. Yeon ,  Giovanni M. Della-Libera ,  Gopala Krishna R. Kakivaya ,  Gregory D. Fee ,  Hany E. Ramadan ,  Jayanth V. Rajan ,  Jeffrey M. Cooperstein ,  Jonathan C. Hawkins ,  James H. Hogg ,  Joe D. Long ,  John I. McConnell ,  Jesus Ruiz-Scougall ,  James S. Miller ,  Julie D. Bennett ,  Jun Fang ,  Krzysztof J. Cwalina ,  Keith W. Ballinger ,  Lance E. Olson ,  Loren M. Kohnfelder ,  Luca Bolognese ,  Manu Vasandani ,  Mark T. Anders ,  Mark P. Ashton ,  Mark A. Boulter ,  Mark W. Fussell ,  Michael M. Magruder ,  Manish S. Prabhu ,  Neetu Rajpal ,  Nikhil Kothari ,  Nithyalakshmi Sampathkumar ,  Nicholas M. Kramer ,  Omri Gazitt ,  Radu Rares Palanca ,  Raja Krishnaswamy ,  Robert M. Howard ,  Ramasamy Krishnaswamy ,  Shawn P. Burke ,  Scott D. Guthrie ,  Sean E. Trowbridge ,  Seth M. Demsey ,  Shajan Dasan ,  Subhag P. Oak ,  Sreeram Nivarthi ,  Stefan H. Pharies ,  Suzanne M. Cook ,  Susan M. Warren ,  Tarun Anand ,  Travis J. Muhlestein ,  William A. Adams ,  Yan Leshinsky ,  Yann E. Christensen ,  Yung-shin Lin ,  Stephen J. Millet ,  Joseph Roxe ,  Alan Boshier ,  Henry L. Sanders ,  David Bau

IPC分类号： G06F13/00 ,  G06F15/16 ,  G06F17/00 ,  G06F3/00

CPC分类号： G06F9/44

摘要： An application program interface (API) provides a set of functions for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

摘要翻译： 应用程序接口（API）为在Microsoft Corporation的.NET（TM）平台上构建Web应用程序的应用程序开发人员提供了一组功能。

公开(公告)号：US07251834B2

公开(公告)日：2007-07-31

申请号：US11254839

申请日：2005-10-20

申请人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory D. Fee ,  Michael J. Toutonghi

发明人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory D. Fee ,  Michael J. Toutonghi

IPC分类号： G06F7/04 ,  G06F17/30 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/52

摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

摘要翻译： 安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。 策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 还可以与代码组合相关联地接收许可请求集合。 许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。 许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。 此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。 权限请求用于过滤权限集以生成权限授予集。

公开(公告)号：US07076557B1

公开(公告)日：2006-07-11

申请号：US09613032

申请日：2000-07-10

申请人： Brian A. LaMacchia ,  Gregory Darrell Fee ,  Loren M. Kohnfelder ,  Ashok Cholpady Kamath

发明人： Brian A. LaMacchia ,  Gregory Darrell Fee ,  Loren M. Kohnfelder ,  Ashok Cholpady Kamath

IPC分类号： G06F15/16

CPC分类号： G06F21/52

摘要： A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation. If the calling code frame and the preceding call frames can satisfy the requested permission, the called code frame can perform the protected operation (absent stack overrides). Otherwise, a security exception is thrown and the called code frame is inhibited from performing the protected operation (absent stack overrides). Stack overrides may be employed to dynamically modify the stack walk operation. To increase performance, a stack walk may be avoided by caching an intersection of the permission grants of all code assemblies in the application.

摘要翻译： 一种系统和方法确定被叫代码帧是否具有可用的请求权限，以便能够执行受保护的操作。 代码帧包含在从远程或本地资源位置接收的代码集合中。 策略管理器生成包含与代码集合相关联的许可授权对象的许可权授予集。 许可授予集和代码集合都被加载到运行时调用堆栈中，以便运行时执行一个或多个代码帧。 对其他代码帧的调用可能涉及将额外的代码组合和许可授权集合加载到运行时调用堆栈中。 为了使被叫代码帧执行受保护的操作，代码帧需要其调用代码帧和运行时调用堆栈之前的调用代码帧之前的所有代码帧的请求许可，作为堆栈步骤操作的一部分。 如果呼叫代码帧和前面的呼叫帧可以满足请求的权限，则被叫代码帧可以执行受保护的操作（不存在堆栈覆盖）。 否则，将抛出安全异常，并禁止调用的代码帧执行受保护的操作（不存在堆栈覆盖）。 可以采用堆叠覆盖来动态地修改堆栈行进操作。 为了提高性能，可以通过缓存应用程序中所有代码程序集的许可授权的交集来避免堆栈移动。

公开(公告)号：US07131143B1

公开(公告)日：2006-10-31

申请号：US09598814

申请日：2000-06-21

申请人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory Darrell Fee

发明人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory Darrell Fee

IPC分类号： G06F7/04

CPC分类号： G06F21/51 ,  G06F21/53

摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies. The policy manager may comprise execution modules for parsing a security policy specification, generating one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.

摘要翻译： 基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。 策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 代码集合和证据可以经由网络（例如，因特网）从本地来源或远程资源位置接收。 可以组合评估具有不同级别的信任的证据，使得许可授权集合仅与可信代码组件相关联。 策略管理器可以包括用于解析安全策略规范的执行模块，生成一个或多个代码层次，评估在一个或多个代码组中接收到的代码组合的成员资格，以及基于该成员资格评估生成许可授权集合。

公开(公告)号：US06981281B1

公开(公告)日：2005-12-27

申请号：US09599015

申请日：2000-06-21

申请人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory Darrell Fee ,  Michael J. Toutonghi

发明人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory Darrell Fee ,  Michael J. Toutonghi

IPC分类号： G06F21/22 ,  G06F1/00 ,  G06F21/00 ,  H04L9/00 ,  G06F11/30 ,  G06F12/14 ,  H04L9/32

CPC分类号： G06F21/52

摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

摘要翻译： 安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。 策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 还可以与代码组合相关联地接收许可请求集合。 许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。 许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。 此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。 权限请求用于过滤权限集以生成权限授予集。

公开(公告)号：US07310822B2

公开(公告)日：2007-12-18

申请号：US11272639

申请日：2005-11-14

申请人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory D. Fee ,  Michael J. Toutonghi

发明人： Brian A. LaMacchia ,  Loren M. Kohnfelder ,  Gregory D. Fee ,  Michael J. Toutonghi

IPC分类号： G06F7/04 ,  G06F17/30 ,  G06K9/00 ,  H03M1/58 ,  H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/52

摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

公开(公告)号：US08024770B2

公开(公告)日：2011-09-20

申请号：US11471905

申请日：2006-06-21

申请人： Gregory D. Fee ,  Brian A. LaMacchia ,  Blair Dillaway

发明人： Gregory D. Fee ,  Brian A. LaMacchia ,  Blair Dillaway

IPC分类号： H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC分类号： G06F21/52

摘要： Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.

摘要翻译： 可以描述用于管理安全上下文的技术。 装置可以包括处理器和安全管理模块。 安全管理模块可以为多个并发线程形成合并的安全上下文，其中一个线程取决于来自其他线程的多个以前的操作。 描述和要求保护其他实施例。