-
公开(公告)号:US07770202B2
公开(公告)日:2010-08-03
申请号:US10771653
申请日:2004-02-03
申请人: Christopher W. Brumme , Vance Morrison , Sebastian Lange , Gregory D. Fee , Dario Russi , Simon Jeremy Hall , Mahesh Prakriya , Brian F. Sullivan
发明人: Christopher W. Brumme , Vance Morrison , Sebastian Lange , Gregory D. Fee , Dario Russi , Simon Jeremy Hall , Mahesh Prakriya , Brian F. Sullivan
CPC分类号: H04L63/102 , G06F9/468 , G06F21/52 , G06F21/62 , H04L63/101
摘要: A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.
摘要翻译: 主机拦截两个可执行文件之间的调用,并根据主机的可以识别的安全模型(例如基于用户身份的特定数据库用户上下文中将访问权限映射到数据库对象访问)来确定是否允许呼叫。 这种身份安全模型与公共语言运行时安全模型不同,托管代码使用代码访问安全性来防止托管程序集执行某些操作。 与主机注册的托管程序集是主机视角的主机对象,可以通过安全规则定义访问权限,例如为各个用户身份定义的对象。 主机可以基于主机的基于身份的访问规则来决定托管的可执行文件之间的访问,通过捕获任何交叉程序集调用,并根据相应的身份安全设置来确定这些呼叫是应该继续还是被阻止发生。
-
公开(公告)号:US07647629B2
公开(公告)日:2010-01-12
申请号:US10772205
申请日:2004-02-03
CPC分类号: G06F9/468
摘要: A host operating in a managed environment intercepts a call from a managed caller to a particular callee and determines whether the call is permissible according to the host's prior configuration of a plurality of callees. The particular callee, which provides access to a resource that the host can be protecting, can have been previously configured by the host to always allow the call to be made, to never allow the call to be made, or to allow the call to be made based upon the degree to which the host trusts the managed caller.
摘要翻译: 在受管环境中操作的主机拦截来自被管理的呼叫者到特定被叫方的呼叫,并根据主机先前配置多个被呼叫者确定该呼叫是否被允许。 提供对主机可以保护的资源的访问的特定被叫方可以先前由主机配置,以始终允许进行呼叫,从不允许进行呼叫,或允许呼叫成为 基于主机信任被管理的呼叫者的程度。
-
公开(公告)号:US20050172133A1
公开(公告)日:2005-08-04
申请号:US10771653
申请日:2004-02-03
申请人: Christopher Brumme , Vance Morrison , Sebastian Lange , Gregory Fee , Dario Russi , Simon Hall , Mahesh Prakriya , Brian Sullivan
发明人: Christopher Brumme , Vance Morrison , Sebastian Lange , Gregory Fee , Dario Russi , Simon Hall , Mahesh Prakriya , Brian Sullivan
CPC分类号: H04L63/102 , G06F9/468 , G06F21/52 , G06F21/62 , H04L63/101
摘要: A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.
摘要翻译: 主机拦截两个可执行文件之间的调用,并根据主机的可以识别的安全模型(例如基于用户身份的特定数据库用户上下文中将访问权限映射到数据库对象访问)来确定是否允许呼叫。 这种身份安全模型与公共语言运行时安全模型不同,托管代码使用代码访问安全性来防止托管程序集执行某些操作。 与主机注册的托管程序集是主机视角的主机对象,可以通过安全规则定义访问权限,例如为各个用户身份定义的对象。 主机可以基于主机的基于身份的访问规则来决定托管的可执行文件之间的访问,通过捕获任何交叉程序集调用,并根据相应的身份安全设置来确定这些呼叫是应该继续还是被阻止发生。
-
公开(公告)号:US07610579B2
公开(公告)日:2009-10-27
申请号:US11008831
申请日:2004-12-10
申请人: Sean E. Trowbridge , Brian M. Grunkemeyer , Christopher W. Brumme , Mahesh Prakriya , Patrick H. Dussud , Ian H. Carmichael
发明人: Sean E. Trowbridge , Brian M. Grunkemeyer , Christopher W. Brumme , Mahesh Prakriya , Patrick H. Dussud , Ian H. Carmichael
IPC分类号: G06F9/44
CPC分类号: G06F11/3664 , Y10S707/99953 , Y10S707/99956
摘要: A finalizer may include a notification that no tolerance for failure or corruption is expected. Any potential failure point, which may be induced by a runtime execution environment routine or subroutine that is associated with the finalizer may then be prepared apart from the finalizer.
摘要翻译: 终结者可能会包含一个通知,即不会容忍失败或腐败的容忍。 可能由与终结器相关联的运行时执行环境例程或子程序引发的任何潜在故障点可以与终结器分开准备。
-
公开(公告)号:US07418718B2
公开(公告)日:2008-08-26
申请号:US10771837
申请日:2004-02-03
申请人: Weiwen Liu , Steven J. Pratschner , Ian H. Carmichael , Peter A. Carlin , Christopher W. Brumme , Mason K. Bendixen , Beysim Sezgin , Sean E. Trowbridge , Christopher James Brown , Mei-Chin Tsai , Mahesh Prakriya , Raja Krishnaswamy , Alan C. Shi , Suzanne Maurine Cook
发明人: Weiwen Liu , Steven J. Pratschner , Ian H. Carmichael , Peter A. Carlin , Christopher W. Brumme , Mason K. Bendixen , Beysim Sezgin , Sean E. Trowbridge , Christopher James Brown , Mei-Chin Tsai , Mahesh Prakriya , Raja Krishnaswamy , Alan C. Shi , Suzanne Maurine Cook
摘要: Systems and methods for enhanced runtime hosting are described. In one aspect the runtime hosting interface includes a host abstraction interface. The HAI allowing the runtime to configure host execution environment parameters and/or notify the host of a runtime event. In particular, the host abstraction interface (HAI) corresponds to execution environment abstractions supported by a host application. Responsive to an action or event, the runtime invokes an identified HAI or an associated object during execution of runtime managed code.
摘要翻译: 描述用于增强运行时托管的系统和方法。 在一个方面,运行时主机接口包括主机抽象接口。 HAI允许运行时配置主机执行环境参数和/或通知主机运行时事件。 特别地,主机抽象接口(HAI)对应于主机应用程序支持的执行环境抽象。 响应于动作或事件,运行时在执行运行时托管代码期间调用识别的HAI或关联对象。
-
公开(公告)号:US07685574B2
公开(公告)日:2010-03-23
申请号:US10953650
申请日:2004-09-29
申请人: Christopher W Brumme , Sean E Trowbridge , Rudi Martin , WeiWen Liu , Brian M. Grunkemeyer , Mahesh Prakriya
发明人: Christopher W Brumme , Sean E Trowbridge , Rudi Martin , WeiWen Liu , Brian M. Grunkemeyer , Mahesh Prakriya
CPC分类号: G06F11/3604 , G06F11/008
摘要: Authored code may include a notification that no tolerance for failure or corruption is expected for an identified sub-set of the code. Any potential failure point, which may be induced by a runtime environment routine or sub-routine, that is associated with the identified sub-set of code may then be identified and hoisted to a point apart from the identified sub-set of code.
摘要翻译: 已编号的代码可能包括一个通知,即对于识别的代码子集不期望对于故障或损坏的容限。 然后可以将与所识别的代码子集相关联的可能由运行时环境例程或子例程引起的任何潜在故障点识别并提升到与所识别的代码子集不同的点。
-
公开(公告)号:US07610322B2
公开(公告)日:2009-10-27
申请号:US10853420
申请日:2004-05-25
申请人: Brian M. Grunkemeyer , David Sebastien Mortenson , Rudi Martin , Sonja Keserovic , Mahesh Prakriya , Christopher W. Brumme
发明人: Brian M. Grunkemeyer , David Sebastien Mortenson , Rudi Martin , Sonja Keserovic , Mahesh Prakriya , Christopher W. Brumme
CPC分类号: G06F21/52 , Y10S707/99931 , Y10S707/99952 , Y10S707/99957
摘要: Enabling secure and efficient marshaling, utilization, and releasing of handles in either of an operating system or runtime environment includes wrapping a handle with a counter to tabulate a number of threads using currently using the handle. Thus, handle administration is implemented to circumvent potential security risks, avoid correctness problems, and foster more efficient handle releasing.
摘要翻译: 在操作系统或运行时环境中实现安全有效的封送,利用和释放句柄包括使用当前使用句柄的带有计数器的句柄来制表数个线程。 因此,执行处理管理以规避潜在的安全隐患,避免正确性问题,并促进更有效的处理释放。
-
公开(公告)号:US07571428B2
公开(公告)日:2009-08-04
申请号:US10845679
申请日:2004-05-14
申请人: Rudi Martin , Mahesh Prakriya , Brian M. Grunkemeyer , Christopher W. Brumme , Sean E. Trowbridge , Weiwen Liu
发明人: Rudi Martin , Mahesh Prakriya , Brian M. Grunkemeyer , Christopher W. Brumme , Sean E. Trowbridge , Weiwen Liu
IPC分类号: G06F9/45
摘要: Reliability contracts declare an intent of executable code, and may be associated with at least a portion of the executable code. The intent of the executable code in the face of particular conditions may be declared for the use in any one of a programming, execution, or testing environment.
摘要翻译: 可靠性合同声明可执行代码的意图,并且可以与可执行代码的至少一部分相关联。 面向特定条件的可执行代码的意图可以被声明用于编程,执行或测试环境中的任何一个。
-
公开(公告)号:US07487380B2
公开(公告)日:2009-02-03
申请号:US10966333
申请日:2004-10-14
申请人: Christopher W Brumme , WeiWen Liu , Mahesh Prakriya , Sean E Trowbridge , Ian H Carmichael , Patrick H Dussud , Brian M Grunkemeyer
发明人: Christopher W Brumme , WeiWen Liu , Mahesh Prakriya , Sean E Trowbridge , Ian H Carmichael , Patrick H Dussud , Brian M Grunkemeyer
IPC分类号: G06F11/00
CPC分类号: G06F11/1482
摘要: Deterministic code execution may be recovered for programs or portions thereof by implementing a programmable policy on a system host to escalate the scope of a code discard based on various parameters.
摘要翻译: 可以通过在系统主机上实施可编程策略以基于各种参数来升级代码丢弃的范围来为程序或其部分恢复确定性代码执行。
-
公开(公告)号:US20050172286A1
公开(公告)日:2005-08-04
申请号:US10772205
申请日:2004-02-03
CPC分类号: G06F9/468
摘要: A host operating in a managed environment intercepts a call from a managed caller to a particular callee and determines whether the call is permissible according to the host's prior configuration of a plurality of callees. The particular callee, which provides access to a resource that the host can be protecting, can have been previously configured by the host to always allow the call to be made, to never allow the call to be made, or to allow the call to be made based upon the degree to which the host trusts the managed caller.
摘要翻译: 在受管环境中操作的主机拦截来自被管理的呼叫者到特定被叫方的呼叫,并根据主机先前配置多个被呼叫者确定该呼叫是否被允许。 提供对主机可以保护的资源的访问的特定被叫方可以先前由主机配置,以始终允许进行呼叫,从不允许进行呼叫,或允许呼叫成为 基于主机信任被管理的呼叫者的程度。
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.042 秒)
