公开(公告)号：US20070209073A1

公开(公告)日：2007-09-06

申请号：US11364359

申请日：2006-02-28

申请人： Karen Corby ,  Mark Alcazar ,  Viresh Ramdatmisier ,  Ariel Kirsman ,  Andre Needham ,  Akhilesh Kaza ,  Raja Krishnaswamy ,  Jeff Cooperstein ,  Charles Kaufman ,  Chris Anderson ,  Venkata Prasad ,  Aaron Goldfeder ,  John Hawkins

发明人： Karen Corby ,  Mark Alcazar ,  Viresh Ramdatmisier ,  Ariel Kirsman ,  Andre Needham ,  Akhilesh Kaza ,  Raja Krishnaswamy ,  Jeff Cooperstein ,  Charles Kaufman ,  Chris Anderson ,  Venkata Prasad ,  Aaron Goldfeder ,  John Hawkins

IPC分类号： G06F12/14

CPC分类号： G06F21/62 ,  G06F21/51 ,  G06F21/53 ,  G06F21/577

摘要： Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

摘要翻译： 描述了一种技术，其包括评估方法，通过该评估方法，可以将一组特权代码（例如平台的API方法）标记为由不受信任的代码调用的安全关键和/或安全。 评估代码集以确定代码是否是安全关键代码，如果是，则将其标识为安全关键。 进一步评估这些代码以确定代码是否对于被不受信任的代码调用是安全的，如果是，则将其标记为安全的。 为了确定代码是否安全，确定第一组代码是否泄漏关键性，包括通过评估与第一组代码的一个或多个调用者相对应的一个或多个代码路径，以及通过评估一个或多个 对应于第一组代码的一个或多个被调用者的代码路径。

公开(公告)号：US20060090192A1

公开(公告)日：2006-04-27

申请号：US10971499

申请日：2004-10-21

申请人： Karen Corby ,  Aaron Goldfeder ,  John Hawkins

发明人： Karen Corby ,  Aaron Goldfeder ,  John Hawkins

IPC分类号： H04L9/00

CPC分类号： G06F21/51

摘要： Described is a system and method by which an application program is evaluated for trustworthiness based on the permissions and/or privileges it requests relative to a program category. The program describes the permissions needed to operate, and identifies itself as belonging to a particular category. Security components compare the requested permission set against the permissions that programs of that category actually need in order to operate properly. Programs requesting more permissions than needed are deemed untrustworthy. For example, screen saver application programs need only a limited permission set to operate properly, including full screen access and the ability to read files, but do not need network access permissions or write access to files. Any screensaver application that requests only the needed permission set is deemed trustworthy, while others that request permissions beyond what is actually needed are not deemed trustworthy, and a user or automated policy process may then intervene.

公开(公告)号：US20070199051A1

公开(公告)日：2007-08-23

申请号：US11355122

申请日：2006-02-15

申请人： Sujal Parikh ,  Lauren Lavoie ,  Karen Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma Vellanki

发明人： Sujal Parikh ,  Lauren Lavoie ,  Karen Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma Vellanki

IPC分类号： H04L9/32

CPC分类号： G06F21/53 ,  G09G2358/00

摘要： Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

摘要翻译： 描述了一种技术，通过该技术，托管Web浏览器控件托管非托管网络OLE控件以代表部分可信代码由非托管网络OLE控件控制导航请求。 可以执行站点锁定以限制站点仅导航到其站点内的其他页面，从而防止导航到不期望的位置。 在一个示例中，非托管网络OLE控件将对应于导航请求的信息传送到被管理的web浏览器控件，并且被管理的web浏览器控件处理信息以确定是否允许或阻止导航。 还描述了关于隐私的站点锁定的好处，以及z序管理以防止站点欺骗。