-
公开(公告)号:US07516477B2
公开(公告)日:2009-04-07
申请号:US10971499
申请日:2004-10-21
申请人: Karen E. Corby , Aaron Goldfeder , John M. Hawkins
发明人: Karen E. Corby , Aaron Goldfeder , John M. Hawkins
IPC分类号: H04L9/00
CPC分类号: G06F21/51
摘要: Described is a system and method by which an application program is evaluated for trustworthiness based on the permissions and/or privileges it requests relative to a program category. The program describes the permissions needed to operate, and identifies itself as belonging to a particular category. Security components compare the requested permission set against the permissions that programs of that category actually need in order to operate properly. Programs requesting more permissions than needed are deemed untrustworthy. For example, screen saver application programs need only a limited permission set to operate properly, including full screen access and the ability to read files, but do not need network access permissions or write access to files. Any screensaver application that requests only the needed permission set is deemed trustworthy, while others that request permissions beyond what is actually needed are not deemed trustworthy, and a user or automated policy process may then intervene.
摘要翻译: 描述了一种系统和方法,通过该系统和方法,基于其相对于节目类别请求的许可和/或特权来评估应用程序的可信度。 该程序描述了操作所需的权限,并将其标识为属于特定类别。 安全组件将请求的权限集与该类别的程序实际需要的权限进行比较,以便正常运行。 需要更多权限的程序被认为是不可信赖的。 例如,屏幕保护程序应用程序只需要有限的权限集来正常运行,包括全屏访问和读取文件的能力,但不需要网络访问权限或写入对文件的访问权限。 任何只要求所需权限集的屏保应用程序都被认为是可信赖的,而其他请求权限超出实际需要的则不被认为是可信赖的,用户或自动化策略进程可能会进行干预。
-
公开(公告)号:US07669238B2
公开(公告)日:2010-02-23
申请号:US10705756
申请日:2003-11-10
申请人: Gregory D. Fee , Aaron Goldfeder , John M. Hawkins , Jamie L. Cool , Sebastian Lange , Sergey Khorun
发明人: Gregory D. Fee , Aaron Goldfeder , John M. Hawkins , Jamie L. Cool , Sebastian Lange , Sergey Khorun
IPC分类号: H04L9/00
摘要: Evidence-based application security may be implemented at the application and/or application group levels. A manifest may be provided defining at least one trust condition for the application or application group. A policy manager evaluates application evidence (e.g., an XrML license) for an application or group of applications relative to the manifest. The application is only granted permissions on the computer system if the application evidence indicates that the application is trusted. Similarly, a group of applications are only granted permissions on the computer system if the evidence indicates that the group of applications is trusted. If the application evidence satisfies the at least one trust condition defined by the manifest, the policy manager generates a permission grant set for each code assembly that is a member of the at least one application. Evidence may be further evaluated for code assemblies that are members of the trusted application or application group.
摘要翻译: 基于证据的应用程序安全性可以在应用程序和/或应用程序组级别实现。 可以提供清单来为应用或应用组定义至少一个信任条件。 策略管理员针对相对于清单的应用程序或应用程序组来评估应用程序证据(例如,XrML许可证)。 如果应用程序的证据表明应用程序是可信任的,则该应用程序仅被授予计算机系统的权限。 类似地,如果证据表明应用程序组是可信任的,则一组应用程序仅被授予计算机系统的权限。 如果应用证据满足由清单定义的至少一个信任条件,则策略管理器为作为至少一个应用的成员的每个代码集合生成许可授权集合。 可以对作为可信应用程序或应用程序组成员的代码程序集进一步评估证据。
-
公开(公告)号:US20070050854A1
公开(公告)日:2007-03-01
申请号:US11217748
申请日:2005-09-01
IPC分类号: H04L9/00 , G06F17/30 , G06F17/00 , G06F7/04 , H04K1/00 , G06K9/00 , H03M1/68 , H04L9/32 , H04N7/16
CPC分类号: G06F21/53
摘要: Access to a resource by sandboxed code is dynamically authorized by a client security system based on a resource based policy. A sandboxed application running on a client is granted access to a resource based on a resource based policy despite denial of the access based on a static policy associated with the client security system. The granting of access coincides with the determination that the threat to a user or the user's information is not increased should the access be granted.
摘要翻译: 通过沙盒代码访问资源由客户端安全系统基于资源的策略动态授权。 在客户机上运行的沙盒应用程序被授予对基于资源的策略的资源访问,尽管基于与客户端安全系统相关联的静态策略拒绝访问。 准予访问与确定对用户的威胁或用户的信息没有增加的确定是一致的。
-
公开(公告)号:US20120240050A1
公开(公告)日:2012-09-20
申请号:US13450193
申请日:2012-04-18
申请人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
发明人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
IPC分类号: G06F3/048
CPC分类号: H04L67/02 , G06F21/6263 , H04L63/102
摘要: A method and system that provide an intuitive user interface and related components for making Internet users aware of Internet cookie-related privacy issues, and enabling users to control Internet privacy through automatic cookie handling. Default privacy settings for handling cookies are provided, and through the user interface, the privacy settings may be customized to a user's liking. Further, through the user interface, for each individual site that forms a page of content, the site's privacy policy may be reviewed and/or the privacy controlled by specifying how cookies from that site are to be handled. To make users aware, the user interface provides an active alert on a first instance of a retrieved web site's content that fails to include satisfactory privacy information, and thereafter, provides a distinctive passive alert to allow the user selective access to privacy information, per-site cookie handling and cookie handling settings.
摘要翻译: 一种提供直观用户界面和相关组件的方法和系统,用于使互联网用户了解与互联网Cookie相关的隐私问题,并使用户能够通过自动Cookie处理来控制互联网隐私。 提供用于处理Cookie的默认隐私设置,通过用户界面,可以根据用户的喜好自定义隐私设置。 此外,通过用户界面,对于形成内容页面的每个单独站点,可以通过指定如何处理来自该站点的cookie来审查和/或隐私控制。 为了使用户意识到,用户界面在检索到的网站的内容的第一实例上提供了活动警报,该内容未能包含满意的隐私信息,此后,提供了独特的被动警报以允许用户选择性地访问隐私信息, 网站Cookie处理和Cookie处理设置。
-
公开(公告)号:US20060090192A1
公开(公告)日:2006-04-27
申请号:US10971499
申请日:2004-10-21
申请人: Karen Corby , Aaron Goldfeder , John Hawkins
发明人: Karen Corby , Aaron Goldfeder , John Hawkins
IPC分类号: H04L9/00
CPC分类号: G06F21/51
摘要: Described is a system and method by which an application program is evaluated for trustworthiness based on the permissions and/or privileges it requests relative to a program category. The program describes the permissions needed to operate, and identifies itself as belonging to a particular category. Security components compare the requested permission set against the permissions that programs of that category actually need in order to operate properly. Programs requesting more permissions than needed are deemed untrustworthy. For example, screen saver application programs need only a limited permission set to operate properly, including full screen access and the ability to read files, but do not need network access permissions or write access to files. Any screensaver application that requests only the needed permission set is deemed trustworthy, while others that request permissions beyond what is actually needed are not deemed trustworthy, and a user or automated policy process may then intervene.
-
6.发明授权Method and system for improved internet security via HTTP-only cookies 有权方法和系统,通过仅HTTP Cookie改进互联网安全公开(公告)号:US07359976B2
公开(公告)日:2008-04-15
申请号:US10303113
申请日:2002-11-23
申请人: David A. Ross , Cem Paya , Aaron Goldfeder
发明人: David A. Ross , Cem Paya , Aaron Goldfeder
IPC分类号: G06F15/16
CPC分类号: H04L63/1441 , G06F21/6263 , H04L67/02 , H04L69/329
摘要: A system and method that prevents certain cookies, as specified by an Internet server, from being accessed through client-side script, thereby mitigating the amount of damage that cross-site scripting attacks can accomplish. The server marks selected cookies with an attribute that flags such cookies as being protected, and a security mechanism in the client prevents protected cookies from being accessed via script. A protected (flagged) cookie can still be accessed by the server, (e.g., via HTTP), while non-flagged cookies can be accessed by the server or script. An API or similar layer implements the security mechanism that checks for the attribute, and fails requests for any cookies having that attribute set. The present invention can also be adapted to prevent a malicious script from overwriting existing HTTP-only cookies on a client machine.
摘要翻译: 防止由Internet服务器指定的某些Cookie通过客户端脚本访问的系统和方法,从而减轻跨站点脚本攻击可以实现的损害量。 服务器将所选的Cookie标记为将这样的Cookie标记为受保护的属性,客户端中的安全机制可防止通过脚本访问受保护的Cookie。 服务器(例如,通过HTTP)仍然可以访问受保护(标记的)Cookie,而未标记的Cookie可以被服务器或脚本访问。 API或类似的层实现检查属性的安全机制,并且对具有该属性集的任何Cookie的请求失败。 本发明还可以适用于防止恶意脚本覆盖客户端机器上现有的只有HTTP的cookie。
-
公开(公告)号:US20050172126A1
公开(公告)日:2005-08-04
申请号:US10772207
申请日:2004-02-03
CPC分类号: G06F21/53
摘要: All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.
摘要翻译: 托管代码中的一个或多个程序集的所有执行路径都被模拟,以查找每个执行路径的权限。 托管代码可以对应于托管共享库或托管应用程序。 每个执行路径中的每个调用都具有相应的权限集。 当库或应用程序具有不少于执行路径所需权限集的执行权限时,库或应用程序的任何动态执行都不会触发安全异常。模拟执行提供了一种可用于确保 正在编写的代码不会超过代码的最大安全许可。 对于与应用程序对应的每个程序集以及对应于共享库的每个入口点,工具可以确定权限集。
-
公开(公告)号:US20120216123A1
公开(公告)日:2012-08-23
申请号:US13403844
申请日:2012-02-23
申请人: Leo Shklovskii , Aaron Goldfeder , Scott Case , Michael Blasnik
发明人: Leo Shklovskii , Aaron Goldfeder , Scott Case , Michael Blasnik
CPC分类号: G06Q30/0201
摘要: An online energy audit system poses and collects responses to a list of survey questions regarding a subject house from a remote occupant via a survey UI. Survey responses are stored in an energy-use profile associated with the subject house and are used to populate model inputs to an energy-use software model, from which an energy-efficiency score is derived. To help a remote occupant choose appropriate answers and to facilitate completion of the survey, the survey UI includes question-specific house-feature images associated with some or all questions. Survey questions are designed to be easy for a homeowner to understand, and the survey is kept short. The energy-efficiency score of the subject house is presented to the remote occupant in comparison with comparison energy-use data together with an action message to encourage the remote occupant to improve the energy score of the subject house.
摘要翻译: 在线能源审计系统通过调查用户界面从偏远的乘客身上收集了关于主题房屋问卷调查问题的答复。 调查回答存储在与主题房间相关联的能量使用简档中,并且用于将模型输入填充到能量使用软件模型,从该能量使用软件模型导出能量效率得分。 为了帮助偏远的乘客选择适当的答案并方便完成调查,调查用户界面包括与某些或所有问题相关的问题特定的房屋特征图像。 调查问题的设计是为了让房主易于理解,调查工作保持短暂。 与对比的能量使用数据与动作消息相比,将主体房的能量效率得分提供给远程乘员,以鼓励偏远乘客提高主体房屋的能量分数。
-
公开(公告)号:US08166406B1
公开(公告)日:2012-04-24
申请号:US10187389
申请日:2002-06-28
申请人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
发明人: Aaron Goldfeder , Cem Paya , Joseph J. Gallagher , Roberto A. Franco , Stephen J. Purpura , Darren Mitchell , Frank M. Schwieterman , Viresh Ramdatmisier
IPC分类号: G06F3/00
CPC分类号: H04L67/02 , G06F21/6263 , H04L63/102
摘要: A method and system that provide an intuitive user interface and related components for making Internet users aware of Internet cookie-related privacy issues, and enabling users to control Internet privacy through automatic cookie handling. Default privacy settings for handling cookies are provided, and through the user interface, the privacy settings may be customized to a user's liking. Further, through the user interface, for each individual site that forms a page of content, the site's privacy policy may be reviewed and/or the privacy controlled by specifying how cookies from that site are to be handled. To make users aware, the user interface provides an active alert on a first instance of a retrieved web site's content that fails to include satisfactory privacy information, and thereafter, provides a distinctive passive alert to allow the user selective access to privacy information, per-site cookie handling and cookie handling settings.
摘要翻译: 一种提供直观用户界面和相关组件的方法和系统,用于使互联网用户了解与互联网Cookie相关的隐私问题,并使用户能够通过自动Cookie处理来控制互联网隐私。 提供用于处理Cookie的默认隐私设置,通过用户界面,可以根据用户的喜好自定义隐私设置。 此外,通过用户界面,对于形成内容页面的每个单独站点,可以通过指定如何处理来自该站点的cookie来审查和/或隐私控制。 为了使用户意识到,用户界面在检索到的网站的内容的第一实例上提供了活动警报,该内容未能包含满意的隐私信息,此后,提供了独特的被动警报以允许用户选择性地访问隐私信息, 网站Cookie处理和Cookie处理设置。
-
公开(公告)号:US07743423B2
公开(公告)日:2010-06-22
申请号:US10772207
申请日:2004-02-03
CPC分类号: G06F21/53
摘要: All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.
摘要翻译: 托管代码中的一个或多个程序集的所有执行路径都被模拟,以查找每个执行路径的权限。 托管代码可以对应于托管共享库或托管应用程序。 每个执行路径中的每个调用都具有相应的权限集。 当库或应用程序具有不少于执行路径所需权限集的执行权限时,库或应用程序的任何动态执行都不会触发安全异常。模拟执行提供了一种可用于确保 正在编写的代码不会超过代码的最大安全许可。 对于与应用程序对应的每个程序集以及对应于共享库的每个入口点,工具可以确定权限集。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.02 秒)
