利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

132 条记录 (耗时 0.026 秒)

    System, Method and Apparatus for Simultaneous Definition and Enforcement of Access-control and Integrity Policies
    1.
    发明申请
    System, Method and Apparatus for Simultaneous Definition and Enforcement of Access-control and Integrity Policies 审中-公开
    用于同时定义和执行访问控制和完整性政策的系统,方法和装置

    公开(公告)号:US20150089637A1

    公开(公告)日:2015-03-26

    申请号:US14033502

    申请日:2013-09-22

    申请人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    发明人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    IPC分类号: G06F21/57

    CPC分类号: G06F21/57 G06F21/51 G06F21/604 H04L63/102 H04L63/20

    摘要: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

    摘要翻译: 访问控制和信息流完整性策略在计算系统中通过检测在计算系统上运行的应用的软件代码中的安全敏感的汇和从计算系统可访问的数据库检索访问控制策略来实施。 访问控制策略将计算系统内的一组访问权限映射到多个主体中的每一个。 对于每个检测到的安全敏感接收器,检测到影响该安全敏感信宿的所有主体,并通过对该安全敏感信宿的所有影响主体的访问权限集合的交集来分配每个安全敏感信宿的总访问权限 水槽。 如果此权限集不足,则会报告完整性违规。 此外,权限标签分配给在安全敏感的接收器中使用的变量的每个值。 每个权限标签都是一组权限。

    System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies
    2.
    发明授权
    System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies 失效
    用于同时定义和执行访问控制和完整性策略的系统,方法和装置

    公开(公告)号:US08572727B2

    公开(公告)日:2013-10-29

    申请号:US12624172

    申请日:2009-11-23

    申请人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    发明人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    IPC分类号: G06F21/00

    CPC分类号: G06F21/57 G06F21/51 G06F21/604 H04L63/102 H04L63/20

    摘要: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

    摘要翻译: 访问控制和信息流完整性策略在计算系统中通过检测在计算系统上运行的应用的软件代码中的安全敏感的汇和从计算系统可访问的数据库检索访问控制策略来实施。 访问控制策略将计算系统内的一组访问权限映射到多个主体中的每一个。 对于每个检测到的安全敏感接收器,检测到影响该安全敏感信宿的所有主体,并通过对该安全敏感信宿的所有影响主体的访问权限集合的交集来分配每个安全敏感信宿的总访问权限 水槽。 如果此权限集不足,则会报告完整性违规。 此外,权限标签分配给在安全敏感的接收器中使用的变量的每个值。 每个权限标签都是一组权限。

    System, Method and Apparatus for Simultaneous Definition and Enforcement of Access-control and Integrity Policies
    3.
    发明申请
    System, Method and Apparatus for Simultaneous Definition and Enforcement of Access-control and Integrity Policies 失效
    用于同时定义和执行访问控制和完整性政策的系统,方法和装置

    公开(公告)号:US20110126282A1

    公开(公告)日:2011-05-26

    申请号:US12624172

    申请日:2009-11-23

    申请人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    发明人: Paolina Centonze Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Omer Tripp

    IPC分类号: G06F21/00 G06F17/30

    CPC分类号: G06F21/57 G06F21/51 G06F21/604 H04L63/102 H04L63/20

    摘要: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

    摘要翻译: 访问控制和信息流完整性策略在计算系统中通过检测在计算系统上运行的应用的软件代码中的安全敏感的汇和从计算系统可访问的数据库检索访问控制策略来实施。 访问控制策略将计算系统内的一组访问权限映射到多个主体中的每一个。 对于每个检测到的安全敏感接收器,检测到影响该安全敏感信宿的所有主体,并通过对该安全敏感信宿的所有影响主体的访问权限集合的交集来分配每个安全敏感信宿的总访问权限 水槽。 如果此权限集不足,则会报告完整性违规。 此外,权限标签分配给在安全敏感的接收器中使用的变量的每个值。 每个权限标签都是一组权限。

    Eliminating false reports of security vulnerabilities when testing computer software
    4.
    发明授权
    Eliminating false reports of security vulnerabilities when testing computer software 失效
    在测试计算机软件时,消除安全漏洞的虚假报告

    公开(公告)号:US08584246B2

    公开(公告)日:2013-11-12

    申请号:US12578013

    申请日:2009-10-13

    申请人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F12/14

    CPC分类号: G06F21/57 G06F11/3692

    摘要: A system for eliminating false reports of security vulnerabilities when testing computer software, including a taint analysis engine configured to identify a tainted variable v in a computer application, a data mapping identification engine configured to identify a variable x within the application that holds data derived from v, where x is in a different format than v, an AddData identification engine configured to identify an AddData operation within the application that is performed on x, a signature identification engine configured to identify a Sign operation within the application that is performed on the results of the AddData operation on x, a signature comparison identification engine configured to identify an operation within the application that compares the results of the Sign operation with another value.

    摘要翻译: 一种用于在测试计算机软件时消除安全漏洞的虚假报告的系统,包括配置成识别计算机应用程序中的受污染变量v的污染分析引擎,配置为识别应用程序内的变量x,该变量x保存从 v,其中x与v不同的格式,被配置为识别在x上执行的应用程序内的AddData操作的AddData识别引擎,被配置为识别在结果上执行的应用程序内的签名操作的签名识别引擎 的签名比较识别引擎,所述签名比较识别引擎被配置为识别应用程序内将所述Sign操作的结果与另一值进行比较的操作。

    Verification of information-flow downgraders
    5.
    发明授权
    Verification of information-flow downgraders 失效
    验证信息流下载

    公开(公告)号:US08635602B2

    公开(公告)日:2014-01-21

    申请号:US12843308

    申请日:2010-07-26

    申请人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F21/577 H04L63/105

    摘要: A method includes determining grammar for output of an information-flow downgrader in a software program. The software program directs the output of the information-flow downgrader to a sink. The method includes determining whether the grammar of the output conforms to one or more predetermined specifications of the sink. The method includes, in response to a determination the grammar of the output conforms to the one or more predetermined specifications of the sink, determining the information-flow downgrader is verified for the sink, wherein determining grammar, determining whether the grammar, and determining the information-flow downgrader are performed via static analysis of the software program. Apparatus and computer program products are also disclosed. An apparatus includes a user interface providing a result of whether or not output of an information-flow downgrader in the software program conforms to one or more predetermined specifications of a sink in the software program.

    摘要翻译: 一种方法包括在软件程序中确定信息流降级器的输出的语法。 软件程序将信息流降级器的输出引导到宿。 该方法包括确定输出的语法是否符合汇的一个或多个预定规范。 该方法包括响应于确定,输出的语法符合信宿的一个或多个预定规范,确定信宿流降级器对于汇点进行验证,其中确定语法,确定语法,并确定 信息流降级器通过软件程序的静态分析来执行。 还公开了装置和计算机程序产品。 一种装置,包括提供软件程序中的信息流下载器的输出是否符合软件程序中的接收器的一个或多个预定规格的结果的用户界面。

    WEB CRAWLING USING STATIC ANALYSIS
    6.
    发明申请
    WEB CRAWLING USING STATIC ANALYSIS 审中-公开
    使用静态分析的WEB抓取

    公开(公告)号:US20120215757A1

    公开(公告)日:2012-08-23

    申请号:US13032638

    申请日:2011-02-22

    申请人: Omri Weisman Yinnon Avraham Haviv Adi Sharabani Omer Tripp Marco Pistoia Takaaki Tateishi Guy Podjarny

    发明人: Omri Weisman Yinnon Avraham Haviv Adi Sharabani Omer Tripp Marco Pistoia Takaaki Tateishi Guy Podjarny

    IPC分类号: G06F17/30

    CPC分类号: G06F16/951

    摘要: A crawler including a document retriever configured to retrieve a first computer-based document, a link identifier configured to identify an actual string within the computer-based document as being a hyperlink-type string, and a static analyzer configured to perform static analysis of an operation on a variable within the first computer-based document to identify a possible string value of the variable as being a hyperlink-type string, where any of the strings indicate a location of at least a second computer-based document.

    摘要翻译: 包括被配置为检索第一基于计算机的文档的文档检索器的爬行器,被配置为将所述基于计算机的文档内的实际字符串标识为超链接字符串的链接标识符和被配置为执行静态分析的静态分析器 操作第一基于计算机的文档中的变量,以将变量的可能字符串值标识为超链接类型的字符串,其中任何字符串指示至少第二基于计算机的文档的位置。

    Verification of Information-Flow Downgraders
    7.
    发明申请
    Verification of Information-Flow Downgraders 失效
    信息流降级的验证

    公开(公告)号:US20120023486A1

    公开(公告)日:2012-01-26

    申请号:US12843308

    申请日:2010-07-26

    申请人: Yinnon A. Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Yinnon A. Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F21/577 H04L63/105

    摘要: A method includes determining grammar for output of an information-flow downgrader in a software program. The software program directs the output of the information-flow downgrader to a sink. The method includes determining whether the grammar of the output conforms to one or more predetermined specifications of the sink. The method includes, in response to a determination the grammar of the output conforms to the one or more predetermined specifications of the sink, determining the information-flow downgrader is verified for the sink, wherein determining grammar, determining whether the grammar, and determining the information-flow downgrader are performed via static analysis of the software program. Apparatus and computer program products are also disclosed. An apparatus includes a user interface providing a result of whether or not output of an information-flow downgrader in the software program conforms to one or more predetermined specifications of a sink in the software program.

    摘要翻译: 一种方法包括在软件程序中确定信息流降级器的输出的语法。 软件程序将信息流降级器的输出引导到宿。 该方法包括确定输出的语法是否符合汇的一个或多个预定规范。 该方法包括响应于确定,输出的语法符合信宿的一个或多个预定规范,确定信宿流降级器对于汇点进行验证,其中确定语法,确定语法,并确定 信息流降级器通过软件程序的静态分析来执行。 还公开了装置和计算机程序产品。 一种装置,包括提供软件程序中的信息流下载器的输出是否符合软件程序中的接收器的一个或多个预定规格的结果的用户界面。

    SIMULATING BLACK BOX TEST RESULTS USING INFORMATION FROM WHITE BOX TESTING
    10.
    发明申请
    SIMULATING BLACK BOX TEST RESULTS USING INFORMATION FROM WHITE BOX TESTING 有权
    使用白盒测试中的信息模拟黑盒测试结果

    公开(公告)号:US20120254839A1

    公开(公告)日:2012-10-04

    申请号:US13493067

    申请日:2012-06-11

    申请人: Stephen Fink Yinnon A. Haviv Roee Hay Marco Pistoia Ory Segal Adi Sharabani Manu Sridharan Frank Tip Omer Tripp Omri Weisman

    发明人: Stephen Fink Yinnon A. Haviv Roee Hay Marco Pistoia Ory Segal Adi Sharabani Manu Sridharan Frank Tip Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F11/3604 G06F9/44589 G06F9/455 G06F11/36 G06F11/362 G06F21/577 G06F2221/033

    摘要: Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

    摘要翻译: 系统,方法是使用从白盒测试获得的信息来模拟黑盒测试结果的程序产品,包括分析计算机软件(例如应用程序)以识别计算机软件应用程序中的潜在漏洞以及与潜在漏洞相关联的多个里程碑 ,其中每个里程碑指示计算机软件应用程序内的位置,跟踪从第一个里程碑到入口点的路径到计算机软件应用程序中,识别入口点的输入将导致控制流从 描述在描述入口点和输入的描述中的潜在漏洞,以及经由计算机控制的输出介质呈现描述的入口点和通过每个里程碑。