公开(公告)号：US09137261B2

公开(公告)日：2015-09-15

申请号：US13624836

申请日：2012-09-21

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: G06F21/51 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

Abstract translation: 提供了作为设备的操作系统的一部分的新颖的安全框架。 该框架包括一个安全评估员，该执行者对于在设备上执行的应用程序需要执行的不同操作执行安全策略评估。 这种操作的示例包括安装应用程序，执行应用程序以及应用程序打开内容文件（例如打开文档）。

公开(公告)号：US20160142441A1

公开(公告)日：2016-05-19

申请号：US14827166

申请日：2015-08-14

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

公开(公告)号：US20130205363A1

公开(公告)日：2013-08-08

申请号：US13624832

申请日：2012-09-21

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: G06F21/00

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

公开(公告)号：US20200034527A1

公开(公告)日：2020-01-30

申请号：US16409654

申请日：2019-05-10

Applicant: Apple Inc.

Inventor： Jacques A. Vidrine ,  Nicholas C. Allegra ,  Simon P. Cooper ,  Gregory D. Hughes

IPC: G06F21/52 ,  G06F12/02

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US10122759B2

公开(公告)日：2018-11-06

申请号：US14827166

申请日：2015-08-14

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: H04L29/06 ,  G06F21/51

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

公开(公告)号：US20130205364A1

公开(公告)日：2013-08-08

申请号：US13624836

申请日：2012-09-21

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: G06F21/00

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

公开(公告)号：US11188638B2

公开(公告)日：2021-11-30

申请号：US16409654

申请日：2019-05-10

Applicant: Apple Inc.

Inventor： Jacques A. Vidrine ,  Nicholas C. Allegra ,  Simon P. Cooper ,  Gregory D. Hughes

IPC: G06F21/52 ,  G06F12/02

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US10311227B2

公开(公告)日：2019-06-04

申请号：US14503195

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Simon P. Cooper ,  Jacques A. Vidrine ,  Nicholas C. Allegra

IPC: G06F21/52 ,  G06F21/53 ,  G06F12/14

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US20160092674A1

公开(公告)日：2016-03-31

申请号：US14503195

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Simon P. Cooper ,  Jacques A. Vidrine ,  Nicholas C. Allegra

IPC: G06F21/52 ,  G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53 ,  G06F2221/033

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

Abstract translation: 数据处理系统可以使用细粒度的地址空间布局随机化方法来减轻系统的漏洞，从而导致面向对象的编程安全漏洞。 随机化可以通过随机分组虚拟内存页面在子分段级别进行。 随机虚拟内存可以呈现给在系统上执行的进程。 可以使用几种混淆技术来模糊存储空间之间的映射，以防止混洗的虚拟内存映射的反向工程。

公开(公告)号：US08978094B2

公开(公告)日：2015-03-10

申请号：US13624828

申请日：2012-09-21

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.