公开(公告)号：US07770202B2

公开(公告)日：2010-08-03

申请号：US10771653

申请日：2004-02-03

申请人： Christopher W. Brumme ,  Vance Morrison ,  Sebastian Lange ,  Gregory D. Fee ,  Dario Russi ,  Simon Jeremy Hall ,  Mahesh Prakriya ,  Brian F. Sullivan

发明人： Christopher W. Brumme ,  Vance Morrison ,  Sebastian Lange ,  Gregory D. Fee ,  Dario Russi ,  Simon Jeremy Hall ,  Mahesh Prakriya ,  Brian F. Sullivan

IPC分类号： G06F17/00 ,  H04L29/06

CPC分类号： H04L63/102 ,  G06F9/468 ,  G06F21/52 ,  G06F21/62 ,  H04L63/101

摘要： A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.

摘要翻译： 主机拦截两个可执行文件之间的调用，并根据主机的可以识别的安全模型（例如基于用户身份的特定数据库用户上下文中将访问权限映射到数据库对象访问）来确定是否允许呼叫。 这种身份安全模型与公共语言运行时安全模型不同，托管代码使用代码访问安全性来防止托管程序集执行某些操作。 与主机注册的托管程序集是主机视角的主机对象，可以通过安全规则定义访问权限，例如为各个用户身份定义的对象。 主机可以基于主机的基于身份的访问规则来决定托管的可执行文件之间的访问，通过捕获任何交叉程序集调用，并根据相应的身份安全设置来确定这些呼叫是应该继续还是被阻止发生。

公开(公告)号：US07526502B2

公开(公告)日：2009-04-28

申请号：US10938401

申请日：2004-09-10

申请人： Simon Jeremy Hall ,  George Harold Bosworth

发明人： Simon Jeremy Hall ,  George Harold Bosworth

IPC分类号： G06F17/00

CPC分类号： G06F9/4491 ,  Y10S707/99944 ,  Y10S707/99945

摘要： Dynamic call site binding includes determining, based on a context of a call received from a call site, a pointer to target code to be executed to carry out the call. A cache entry is generated, for use with subsequent calls from the call site, the cache entry associating the context of the call with the pointer to the target code. The cache entry is saved as being associated with the call site.

摘要翻译： 动态呼叫站点绑定包括基于从呼叫站点接收的呼叫的上下文来确定要执行的目标代码的指针以执行呼叫。 生成缓存条目，用于来自呼叫站点的后续呼叫，缓存条目将呼叫的上下文与指向目标代码的指针相关联。 缓存条目被保存为与呼叫站点相关联。