利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

71 条记录 (耗时 0.034 秒)

    Memory bound functions for spam deterrence and the like
    1.
    发明授权
    Memory bound functions for spam deterrence and the like 有权
    用于垃圾邮件威慑的内存绑定功能等

    公开(公告)号:US07149801B2

    公开(公告)日:2006-12-12

    申请号:US10290879

    申请日:2002-11-08

    申请人: Michael Burrows Martin Abadi Mark Steven Manasse Edward P. Wobber Daniel Ron Simon

    发明人: Michael Burrows Martin Abadi Mark Steven Manasse Edward P. Wobber Daniel Ron Simon

    IPC分类号: G06F15/173 H04K1/00

    CPC分类号: H04L63/126 H04L51/12

    摘要: A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. Such abuse may be discouraged by introducing an artificial cost in the form of a moderately expensive computation. Thus, the sender of an e-mail might be required to pay by computing for a few seconds before the e-mail is accepted. Unfortunately, because of sharp disparities across computer systems, this approach may be ineffective against malicious users with high-end systems, prohibitively slow for legitimate users with low-end systems, or both. Starting from this observation, we identify moderately hard, memory bound functions that most recent computer systems will evaluate at about the same speed, and we explain how to use them for protecting against abuses.

    摘要翻译: 如果用户投入很少或没有成本,资源可能会被滥用。 例如,电子邮件滥用是猖獗的,因为发送电子邮件对发件人的成本可以忽略不计。 通过以中等昂贵的计算的形式引入人造成本,可能不鼓励这种滥用。 因此,电子邮件的发件人可能需要在电子邮件被接受之前几秒计算才能付款。 不幸的是,由于计算机系统之间的差异很大,对于具有高端系统的恶意用户来说,这种方法可能无效,对于具有低端系统的合法用户或者两者都是非常缓慢的。 从这个观察开始,我们确定了最近的计算机系统以相同的速度评估的适度硬的记忆绑定功能,我们解释如何使用它们来防止滥用。

    Access control subsystem and method for distributed computer system using compound principals
    2.
    发明授权
    Access control subsystem and method for distributed computer system using compound principals 失效
    使用复合主体的分布式计算机系统的访问控制子系统和方法

    公开(公告)号:US5173939A

    公开(公告)日:1992-12-22

    申请号:US783361

    申请日:1991-10-28

    申请人: Martin Abadi Michael Burrows Edward P. Wobber

    发明人: Martin Abadi Michael Burrows Edward P. Wobber

    IPC分类号: G06F9/46

    CPC分类号: G06F9/468 Y10S707/99939

    摘要: A distributed computer system has a number of computers coupled thereto at distinct nodes and a naming service with a membership table that defines a list of assumptions concerning which principals in the system are stronger than other principals, and which roles adopted by principals are stronger than other roles. Each object in the system has an access control list (ACL) having a list of entries. Each entry is either a simple principal or a compound principal. The set of allowed compound principals is limited to a predefined set of allowed combinations of simple principals, roles, delegations and conjunctions in accordance with a defined hierarchical ordering of the conjunction, delegation and role portions of each compound principal. The assumptions in the membership table reduce the number of entries needed in an ACL by allowing an entry to state only the weakest principals and roles that are to be allowed access. The reference checking process, handled by a reference monitor found at each node of the distributed system, grants an access request if the requestor is stronger than any one of the entries in the access control list for the resource requested. Furthermore, one entry is stronger than another entry if for each of the conjuncts in the latter entry there is a stronger conjunct in the former. Additional rules used by the reference monitor during the reference checking process govern the processes of comparing conjuncts in a requestor principal with the conjuncts in an access control list entry and of using assumptions to compare the relative strengths of principals and roles.

    摘要翻译: 分布式计算机系统具有多个与不同节点耦合的计算机,以及具有会员表的命名服务,该成员表定义了系统中哪些主体比其他主体更强的假设列表,以及由主体采用的角色比其他主体更强 角色。 系统中的每个对象都具有一个具有条目列表的访问控制列表(ACL)。 每个条目都是简单的主体或复合主体。 允许的复合主体的集合被限制为根据每个复合主体的连接,委派和角色部分的定义的分级顺序的简单主体,角色,委托和连接的允许的组合的预定义集合。 成员资格表中的假设通过允许条目仅指定允许访问的最弱主体和角色来减少ACL中所需的条目数。 如果请求者比所请求的资源的访问控制列表中的任何一个条目更强,由在分布式系统的每个节点处发现的参考监视器处理的参考检查过程就会授予访问请求。 此外,如果对于前一个条目中的每个连词都有一个更强的连接,则一个条目比另一个条目更强。 引用检查过程中参考监视器使用的附加规则管理将请求方主体中的连接与访问控制列表条目中的连接进行比较的过程,以及使用假设来比较主体和角色的相对强度。

    Secure web tunnel
    4.
    发明授权
    Secure web tunnel 失效
    安全的网络隧道

    公开(公告)号:US5805803A

    公开(公告)日:1998-09-08

    申请号:US855025

    申请日:1997-05-13

    申请人: Andrew D. Birrell Edward P. Wobber Martin Abadi Raymond P. Stata

    发明人: Andrew D. Birrell Edward P. Wobber Martin Abadi Raymond P. Stata

    IPC分类号: H04L29/06 G06F13/14

    CPC分类号: H04L63/0272 H04L63/029 H04L63/0823 H04L63/0884

    摘要: In a computer implemented method, a client computer connected to a public network such as the Internet makes a request for an intranet resource to a tunnel of a firewall isolating the intranet from the Internet. The request is made in a public message. The tunnel sends a message to the client computer to redirect to a proxy server of the tunnel. The client computer send a token and the request for the resource the proxy server. If the token is valid, the request is forwarded to the intranet, otherwise, the user of the client computer must first be authenticated.

    摘要翻译: 在计算机实现的方法中,连接到公共网络(例如因特网)的客户端计算机向内部网络与因特网隔离的防火墙的隧道请求内部网资源。 请求是在公开消息中发出的。 隧道向客户端计算机发送消息以重定向到隧道的代理服务器。 客户端计算机向代理服务器发送令牌和资源请求。 如果令牌有效,请求将转发到内部网,否则客户端计算机的用户必须首先被认证。

    Systems and methods for pattern matching on principal names to control access to computing resources
    6.
    发明授权
    Systems and methods for pattern matching on principal names to control access to computing resources 有权
    用于主体名称上的模式匹配的系统和方法,以控制对计算资源的访问

    公开(公告)号:US07716734B2

    公开(公告)日:2010-05-11

    申请号:US11133806

    申请日:2005-05-19

    申请人: Andrew David Birrell Edward P. Wobber Martin Abadi

    发明人: Andrew David Birrell Edward P. Wobber Martin Abadi

    IPC分类号: G06F7/04 G06F21/00

    CPC分类号: G06F21/6218

    摘要: Systems and methods are provided for resource access control in computer systems. Our approach includes new techniques for composing and authenticating principals in an access control system. Our principals may comprise information that identifies the role of the user of a computer system, the mechanism by which the user was authenticated, and program execution history. Thus, when a principal makes a request, access control determinations can be made based on the principal's identity. Access control lists may provide patterns that are used to recognize principals, thereby ensuring a level of security without enumerating precise identifiers for all of the possible principles that may request a particular resource.

    摘要翻译: 为计算机系统中的资源访问控制提供了系统和方法。 我们的方法包括在访问控制系统中组合和验证主体的新技术。 我们的主体可以包括识别计算机系统的用户的角色,用户被认证的机制以及程序执行历史的信息。 因此,当委托人发出请求时,可以基于主体的身份进行访问控制确定。 访问控制列表可以提供用于识别主体的模式,从而确保安全级别,而不需要列举可能请求特定资源的所有可能原则的精确标识符。

    Searching for information utilizing a probabilistic detector
    7.
    发明授权
    Searching for information utilizing a probabilistic detector 失效
    使用概率检测器搜索信息

    公开(公告)号:US07730058B2

    公开(公告)日:2010-06-01

    申请号:US11243924

    申请日:2005-10-05

    申请人: Gaurav Sareen Mark Steven Manasse Martin Abadi Michael A. Isard

    发明人: Gaurav Sareen Mark Steven Manasse Martin Abadi Michael A. Isard

    IPC分类号: G06F7/00 G06F17/30

    CPC分类号: G06F17/30687

    摘要: A probabilistic detector is utilized to query a database. Utilization of a probabilistic detector provides assurance with 100 per cent probability that a search expression in the query is not in the database index. The probabilistic detector is implemented in the form of a Bloom filter. The probabilistic detector is created by hashing expressions in the database index and mapping the resulting hash values into the probabilistic detector. Upon receiving a query, expressions of the query are hashed. The probabilistic detector is queried using these hash values. If the results of querying the probabilistic detector indicate that searched for information may be in the database, the database is not queried. If the results of querying the probabilistic detector indicate that the information may be in the database, the database is queried for the information using the original query. This technique is advantageous in mitigating detrimental effects of denial of service attacks.

    摘要翻译: 利用概率检测器查询数据库。 概率检测器的利用率提供了100%的可能性,即查询中的搜索表达式不在数据库索引中。 概率检测器以Bloom滤波器的形式实现。 概率检测器是通过在数据库索引中散列表达式并将生成的散列值映射到概率检测器中创建的。 在接收到查询后,查询的表达式将被哈希。 使用这些散列值查询概率检测器。 如果查询概率检测器的结果表明搜索到的信息可能在数据库中,则不会查询数据库。 如果查询概率检测器的结果表明信息可能在数据库中,则使用原始查询查询数据库中的信息。 这种技术有利于减轻拒绝服务攻击的有害影响。

    Access-control permissions with inter-process message-based communications
    8.
    发明授权
    Access-control permissions with inter-process message-based communications 有权
    基于进程间消息通信的访问控制权限

    公开(公告)号:US07865934B2

    公开(公告)日:2011-01-04

    申请号:US11419145

    申请日:2006-05-18

    申请人: Edward P. Wobber Manuel A Fahndrich Ulfar Erlingsson Martin Abadi

    发明人: Edward P. Wobber Manuel A Fahndrich Ulfar Erlingsson Martin Abadi

    IPC分类号: H04L29/00

    CPC分类号: G06F21/6281

    摘要: Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.

    摘要翻译: 这里描述了一种或多种实现,其便于在计算环境中的软件进程之间通过通信导线进行消息传递。 更具体地,所描述的实施方式通过在连接过程的特定管道上传递的消息来限制一个进程的访问,并且访问控制限制由与该特定管道相关联的合同定义。

    Access control policy in a weakly-coherent distributed collection
    9.
    发明授权
    Access control policy in a weakly-coherent distributed collection 有权
    访问控制策略在弱连贯的分布式集合中

    公开(公告)号:US08505065B2

    公开(公告)日:2013-08-06

    申请号:US11765886

    申请日:2007-06-20

    申请人: Edward P. Wobber Martin Abadi Thomas L. Rodeheffer

    发明人: Edward P. Wobber Martin Abadi Thomas L. Rodeheffer

    IPC分类号: G06F17/00 H04L29/06

    CPC分类号: G06F17/30578 H04L9/12 H04L9/321 H04L9/3268 H04L2209/60 H04L2209/80

    摘要: A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.

    摘要翻译: 公开了一种用于在弱相关分布式集合中创建和实现访问控制策略框架的系统。 收集管理员可以签署形成共享特定权限的副本的等价类的证书。 收集管理员和/或某些特权副本可能会颁发授权来管理项目策略和副本策略的证书。 可以签署创建一个或多个项目的其他证书,为这些一个或多个项目设置策略,并且定义一个或多个项目授权的一组操作。 根据本制度制定的颁发和实施控制政策框架的证书不能修改或简单地覆盖。 颁发政策证书后,只能由收款经理或具有撤销授权的副本撤销。