公开(公告)号：US08782797B2

公开(公告)日：2014-07-15

申请号：US12175264

申请日：2008-07-17

申请人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Shuo Chen

发明人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Shuo Chen

IPC分类号： G06F7/04

CPC分类号： G06F21/55 ,  H04L63/1416

摘要： Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.

摘要翻译： 提供了管理在计算环境中发生的相同来源策略（SOP）故障的系统和方法。 在说明性实现中，示例性计算环境包括锁箱模块，以及指令集，其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令，以及根据 一个选定的SOP管理模式。 在说明性实现中，SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令，允许管理，监视和控制可在相同原始策略下操作的计算应用特征/操作。

公开(公告)号：US20100017883A1

公开(公告)日：2010-01-21

申请号：US12175264

申请日：2008-07-17

申请人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Shuo Chen

发明人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Shuo Chen

IPC分类号： G06F21/00

CPC分类号： G06F21/55 ,  H04L63/1416

摘要： Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.

摘要翻译： 提供了管理在计算环境中发生的相同来源策略（SOP）故障的系统和方法。 在说明性实现中，示例性计算环境包括锁箱模块，以及指令集，其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令，以及根据 一个选定的SOP管理模式。 在说明性实现中，SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令，允许管理，监视和控制可在相同原始策略下操作的计算应用特征/操作。

公开(公告)号：US10019570B2

公开(公告)日：2018-07-10

申请号：US11762900

申请日：2007-06-14

申请人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Collin Edward Jackson ,  Jonathan Ryan Howell ,  Zhenbin Xu

发明人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Collin Edward Jackson ,  Jonathan Ryan Howell ,  Zhenbin Xu

IPC分类号： H04L12/859 ,  G06F21/53 ,  G06F9/455 ,  H04L29/06

CPC分类号： G06F21/53 ,  G06F2009/45587 ,  G06F2221/2119 ,  H04L63/1441

摘要： Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.

公开(公告)号：US20090070663A1

公开(公告)日：2009-03-12

申请号：US11851309

申请日：2007-09-06

申请人： Xiaofeng Fan ,  Jiahe Helen Wang

发明人： Xiaofeng Fan ,  Jiahe Helen Wang

IPC分类号： G06F3/00

CPC分类号： G06F21/566 ,  G06F21/562

摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

摘要翻译： 描述了用于保护网络用户免受恶意可执行代码的过程和技术。 实现了拦截Web浏览器和脚本引擎之间的通信的代理引擎。 代理引擎可以调用各种定制事件处理程序，其被配置为处理在web内容的处理中发生的特定类型的事件（例如，脚本事件）。 脚本屏蔽事件处理程序在预定义的无脚本区域中检测脚本的存在，并防止脚本在用户设备上执行。

公开(公告)号：US09906549B2

公开(公告)日：2018-02-27

申请号：US11851303

申请日：2007-09-06

申请人： Xiaofeng Fan ,  Jiahe Helen Wang

发明人： Xiaofeng Fan ,  Jiahe Helen Wang

IPC分类号： G06F11/00 ,  H04L29/06 ,  G06F21/51 ,  G06F12/14 ,  H04L29/08

CPC分类号： H04L63/1441 ,  G06F21/51 ,  G06F2221/2119 ,  H04L63/0281 ,  H04L67/2819

摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

公开(公告)号：US20080313648A1

公开(公告)日：2008-12-18

申请号：US11762900

申请日：2007-06-14

申请人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Collin Edward Jackson ,  Jonathan Ryan Howell ,  Zhenbin Xu

发明人： Jiahe Helen Wang ,  Xiaofeng Fan ,  Collin Edward Jackson ,  Jonathan Ryan Howell ,  Zhenbin Xu

IPC分类号： G06F9/44

CPC分类号： G06F21/53 ,  G06F2009/45587 ,  G06F2221/2119 ,  H04L63/1441

摘要： Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.

摘要翻译： 根据本文公开的一个或多个实施例，用于访问与基于Web的应用相关联的资源的系统和方法可以包括从第一域获得至少第一资源的浏览器和从第二域获得第二资源的资源管理组件 控制第一资源和第二资源之间的通信，并且防止第一资源和第二资源访问第一资源和第二资源不被允许访问的其他资源。 资源管理组件可以进一步可操作以在沙盒容纳结构中包含受限服务和/或隔离服务实例中的访问控制资源。 此外，资源管理组件可以可操作以便于来自不同域的资源的灵活显示和/或其间的受控通信。

公开(公告)号：US20090070869A1

公开(公告)日：2009-03-12

申请号：US11851303

申请日：2007-09-06

申请人： Xiaofeng Fan ,  Jiahe Helen Wang

发明人： Xiaofeng Fan ,  Jiahe Helen Wang

IPC分类号： G06F21/00

CPC分类号： H04L63/1441 ,  G06F21/51 ,  G06F2221/2119 ,  H04L63/0281 ,  H04L67/2819

摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

公开(公告)号：US20080127341A1

公开(公告)日：2008-05-29

申请号：US11772085

申请日：2007-06-29

申请人： Shuo Chen ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： H04L9/32 ,  G06F3/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US08125669B2

公开(公告)日：2012-02-28

申请号：US11772085

申请日：2007-06-29

申请人： Shuo Chen ,  Yi-Min Wang ,  Jiahe Helen Wang

发明人： Shuo Chen ,  Yi-Min Wang ,  Jiahe Helen Wang

IPC分类号： G06F15/00 ,  G06F11/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US08539585B2

公开(公告)日：2013-09-17

申请号：US11768134

申请日：2007-06-25

申请人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： G06F21/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。