-
公开(公告)号:US20070209073A1
公开(公告)日:2007-09-06
申请号:US11364359
申请日:2006-02-28
申请人: Karen Corby , Mark Alcazar , Viresh Ramdatmisier , Ariel Kirsman , Andre Needham , Akhilesh Kaza , Raja Krishnaswamy , Jeff Cooperstein , Charles Kaufman , Chris Anderson , Venkata Prasad , Aaron Goldfeder , John Hawkins
发明人: Karen Corby , Mark Alcazar , Viresh Ramdatmisier , Ariel Kirsman , Andre Needham , Akhilesh Kaza , Raja Krishnaswamy , Jeff Cooperstein , Charles Kaufman , Chris Anderson , Venkata Prasad , Aaron Goldfeder , John Hawkins
IPC分类号: G06F12/14
CPC分类号: G06F21/62 , G06F21/51 , G06F21/53 , G06F21/577
摘要: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.
摘要翻译: 描述了一种技术,其包括评估方法,通过该评估方法,可以将一组特权代码(例如平台的API方法)标记为由不受信任的代码调用的安全关键和/或安全。 评估代码集以确定代码是否是安全关键代码,如果是,则将其标识为安全关键。 进一步评估这些代码以确定代码是否对于被不受信任的代码调用是安全的,如果是,则将其标记为安全的。 为了确定代码是否安全,确定第一组代码是否泄漏关键性,包括通过评估与第一组代码的一个或多个调用者相对应的一个或多个代码路径,以及通过评估一个或多个 对应于第一组代码的一个或多个被调用者的代码路径。
-
公开(公告)号:US07926105B2
公开(公告)日:2011-04-12
申请号:US11364359
申请日:2006-02-28
申请人: Karen Elizabeth Corby , Mark Alcazar , Viresh Ramdatmisier , Ariel Jorge Kirsman , Andre A. Needham , Akhilesh Kaza , Raja Krishnaswamy , Jeff Cooperstein , Charles W Kaufman , Chris Anderson , Venkata Rama Prasad Tammana , Aaron R Goldfeder , John Hawkins
发明人: Karen Elizabeth Corby , Mark Alcazar , Viresh Ramdatmisier , Ariel Jorge Kirsman , Andre A. Needham , Akhilesh Kaza , Raja Krishnaswamy , Jeff Cooperstein , Charles W Kaufman , Chris Anderson , Venkata Rama Prasad Tammana , Aaron R Goldfeder , John Hawkins
CPC分类号: G06F21/62 , G06F21/51 , G06F21/53 , G06F21/577
摘要: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.
摘要翻译: 描述了一种技术,其包括评估方法,通过该评估方法,可以将一组特权代码(例如平台的API方法)标记为由不受信任的代码调用的安全关键和/或安全。 评估代码集以确定代码是否是安全关键代码,如果是,则将其标识为安全关键。 进一步评估这些代码以确定代码是否对于被不受信任的代码调用是安全的,如果是,则将其标记为安全的。 为了确定代码是否安全,确定第一组代码是否泄漏关键性,包括通过评估与第一组代码的一个或多个调用者相对应的一个或多个代码路径,以及通过评估一个或多个 对应于第一组代码的一个或多个被调用者的代码路径。
-
公开(公告)号:US08166406B1
公开(公告)日:2012-04-24
申请号:US10187389
申请日:2002-06-28
申请人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
发明人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
IPC分类号: G06F3/00
CPC分类号: H04L67/02 , G06F21/6263 , H04L63/102
摘要: A method and system that provide an intuitive user interface and related components for making Internet users aware of Internet cookie-related privacy issues, and enabling users to control Internet privacy through automatic cookie handling. Default privacy settings for handling cookies are provided, and through the user interface, the privacy settings may be customized to a user's liking. Further, through the user interface, for each individual site that forms a page of content, the site's privacy policy may be reviewed and/or the privacy controlled by specifying how cookies from that site are to be handled. To make users aware, the user interface provides an active alert on a first instance of a retrieved web site's content that fails to include satisfactory privacy information, and thereafter, provides a distinctive passive alert to allow the user selective access to privacy information, per-site cookie handling and cookie handling settings.
摘要翻译: 一种提供直观用户界面和相关组件的方法和系统,用于使互联网用户了解与互联网Cookie相关的隐私问题,并使用户能够通过自动Cookie处理来控制互联网隐私。 提供用于处理Cookie的默认隐私设置,通过用户界面,可以根据用户的喜好自定义隐私设置。 此外,通过用户界面,对于形成内容页面的每个单独站点,可以通过指定如何处理来自该站点的cookie来审查和/或隐私控制。 为了使用户意识到,用户界面在检索到的网站的内容的第一实例上提供了活动警报,该内容未能包含满意的隐私信息,此后,提供了独特的被动警报以允许用户选择性地访问隐私信息, 网站Cookie处理和Cookie处理设置。
-
公开(公告)号:US20120240050A1
公开(公告)日:2012-09-20
申请号:US13450193
申请日:2012-04-18
申请人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
发明人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
IPC分类号: G06F3/048
CPC分类号: H04L67/02 , G06F21/6263 , H04L63/102
摘要: A method and system that provide an intuitive user interface and related components for making Internet users aware of Internet cookie-related privacy issues, and enabling users to control Internet privacy through automatic cookie handling. Default privacy settings for handling cookies are provided, and through the user interface, the privacy settings may be customized to a user's liking. Further, through the user interface, for each individual site that forms a page of content, the site's privacy policy may be reviewed and/or the privacy controlled by specifying how cookies from that site are to be handled. To make users aware, the user interface provides an active alert on a first instance of a retrieved web site's content that fails to include satisfactory privacy information, and thereafter, provides a distinctive passive alert to allow the user selective access to privacy information, per-site cookie handling and cookie handling settings.
摘要翻译: 一种提供直观用户界面和相关组件的方法和系统,用于使互联网用户了解与互联网Cookie相关的隐私问题,并使用户能够通过自动Cookie处理来控制互联网隐私。 提供用于处理Cookie的默认隐私设置,通过用户界面,可以根据用户的喜好自定义隐私设置。 此外,通过用户界面,对于形成内容页面的每个单独站点,可以通过指定如何处理来自该站点的cookie来审查和/或隐私控制。 为了使用户意识到,用户界面在检索到的网站的内容的第一实例上提供了活动警报,该内容未能包含满意的隐私信息,此后,提供了独特的被动警报以允许用户选择性地访问隐私信息, 网站Cookie处理和Cookie处理设置。
-
公开(公告)号:US07519953B2
公开(公告)日:2009-04-14
申请号:US10677129
申请日:2003-09-30
CPC分类号: G06F11/3672 , Y10S707/99943
摘要: Testing of a software build. Differences between software builds are tracked by scanning the binaries of a software product to automatically discover its classes. A detailed dictionary is built that captures static and dynamic information of that build, including class dependencies. A comparison may be made with another build, so that selective tests may be automatically executed on any types, and their dependencies, that have had a structural or behavioral modification since the last build. Testers may load a set of constructors for any specific types to further increase coverage of types (or classes) tested. Detailed reports may also be provided that may be used to drive future testing work and target specific areas of the code for additional testing. Code generation from intermediate code to specified targets may also be performed to aid in reproducing and fixing bugs.
摘要翻译: 测试软件构建。 通过扫描软件产品的二进制文件来自动发现其类别来跟踪软件构建之间的差异。 构建了一个详细的字典,可以捕获该构建的静态和动态信息,包括类依赖性。 可以使用另一个构建进行比较,以便可以自动执行任何类型的选择性测试及其依赖关系,自上一次构建以来,它们具有结构或行为修改。 测试者可以为任何特定类型加载一组构造函数,以进一步增加测试类型(或类)的覆盖率。 还可能提供详细的报告,可用于推动未来的测试工作,并针对特定的代码区域进行额外的测试。 也可以执行从中间代码到指定目标的代码生成,以帮助重现和修复错误。
-
公开(公告)号:US20050071818A1
公开(公告)日:2005-03-31
申请号:US10677129
申请日:2003-09-30
IPC分类号: G06F9/44
CPC分类号: G06F11/3672 , Y10S707/99943
摘要: A system and method for improved testing of a software build is provided. The system and method automatically track differences between software builds by scanning the binaries of a software product to automatically discover its classes. The system and method then build a detailed dictionary that captures static and dynamic information of that build, including class dependencies. A comparison may be made with another build, so that the present invention may automatically execute selective tests on any types, and their dependencies, that have had a structural or behavioral modification since the last build. Testers may load a set of constructors for any specific types to further increase coverage of types (or classes) tested. The present invention may also provide detailed reports that may be used to drive future testing work and target specific areas of the code for additional testing. The system and method may further provide code generation from intermediate code to specified targets to aid in reproducing and fixing bugs.
摘要翻译: 提供了一种用于改进软件构建测试的系统和方法。 系统和方法通过扫描软件产品的二进制文件自动发现其类别来自动跟踪软件构建之间的差异。 然后,系统和方法构建一个详细的字典,捕获该构建的静态和动态信息,包括类依赖性。 可以与另一构造进行比较,使得本发明可以自动执行对自上次构建以来具有结构或行为修改的任何类型及其依赖性的选择性测试。 测试者可以为任何特定类型加载一组构造函数,以进一步增加测试类型(或类)的覆盖率。 本发明还可以提供可用于驱动未来测试工作并针对代码的特定区域进行附加测试的详细报告。 系统和方法可以进一步提供从中间代码到指定目标的代码生成,以帮助再现和修复错误。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.055 秒)
