-
公开(公告)号:US20110106948A1
公开(公告)日:2011-05-05
申请号:US12840123
申请日:2010-07-20
申请人: Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
发明人: Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
IPC分类号: G06F15/173
CPC分类号: G06F21/53
摘要: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.
摘要翻译: 在各种实施例中,被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行,所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如,在一些实施例中,受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质(例如硬盘)的部分进行读取和写入访问。 在这些实施例中,称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。
-
公开(公告)号:US08161563B2
公开(公告)日:2012-04-17
申请号:US12840123
申请日:2010-07-20
申请人: Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
发明人: Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
IPC分类号: H04L29/06
CPC分类号: G06F21/53
摘要: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.
摘要翻译: 在各种实施例中,被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行,所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如,在一些实施例中,受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质(例如硬盘)的部分进行读取和写入访问。 在这些实施例中,称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。
-
公开(公告)号:US07792964B2
公开(公告)日:2010-09-07
申请号:US11262316
申请日:2005-10-28
申请人: Roberto A. Franco , Anantha P Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
发明人: Roberto A. Franco , Anantha P Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: G06F21/53
摘要: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.
摘要翻译: 在各种实施例中,被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行,所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如,在一些实施例中,受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质(例如硬盘)的部分进行读取和写入访问。 在这些实施例中,称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。
-
公开(公告)号:US08078740B2
公开(公告)日:2011-12-13
申请号:US11145530
申请日:2005-06-03
IPC分类号: G06F15/16
CPC分类号: G06F21/53
摘要: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.
摘要翻译: 在各种实施例中,被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行,所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如,在一些实施例中,受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质(例如硬盘)的部分进行读取和写入访问。 在这些实施例中,称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。
-
公开(公告)号:US20120304316A1
公开(公告)日:2012-11-29
申请号:US13570044
申请日:2012-08-08
申请人: Sundaram Ramani , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
发明人: Sundaram Ramani , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
IPC分类号: G06F21/00
CPC分类号: H04L63/104 , H04L63/102
摘要: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.
摘要翻译: 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时,组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫,使得标记域被导航到新的网页。 然而,防止未经授权的呼叫,使得不允许对新网页的导航。 标记域已导航后,与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。
-
公开(公告)号:US08601278B2
公开(公告)日:2013-12-03
申请号:US13570044
申请日:2012-08-08
申请人: Sundaram Ramini , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
发明人: Sundaram Ramini , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
IPC分类号: G06F21/00
CPC分类号: H04L63/104 , H04L63/102
摘要: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.
摘要翻译: 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时,组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫,使得标记域被导航到新的网页。 然而,防止未经授权的呼叫,使得不允许对新网页的导航。 标记域已导航后,与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。
-
公开(公告)号:US08245049B2
公开(公告)日:2012-08-14
申请号:US10867338
申请日:2004-06-14
申请人: Sundaram Ramani , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
发明人: Sundaram Ramani , Joseph S. Beda , Mark Alcazar , Roberto A. Franco , Roland Katsuaki Tokumi , John G. Bedworth
IPC分类号: G06F21/00
CPC分类号: H04L63/104 , H04L63/102
摘要: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.
摘要翻译: 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时,组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫,使得标记域被导航到新的网页。 然而,防止未经授权的呼叫,使得不允许对新网页的导航。 标记域已导航后,与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。
-
公开(公告)号:US20100107251A1
公开(公告)日:2010-04-29
申请号:US12685528
申请日:2010-01-11
CPC分类号: G06F21/60 , G06F21/56 , G06F21/562 , G06F21/566
摘要: A model restricts un-trusted data/objects from running on a user's machine without permission. The data is received by a protocol layer that reports a MIME type associated with the DATA, and caches the data and related cache file name (CFN). A MIME sniffer is arranged to identify a sniffed MIME type based on the cached data, the CFN, and the reported MIME type. Reconciliation logic evaluates the sniffed MIME type and the CFN to determine a reconciled MIME type, and to update the CFN. A class ID sniffer evaluates the updated CFN, the cached data, and the reconciled MIME type to determine an appropriate class ID. Security logic evaluates the updated CFN, the reported class ID, and other related system parameters to build a security matrix. Parameters from the security matrix are used to intercept data/objects before an un-trusted data/object can create a security breach on the machine.
摘要翻译: 模型限制不受信任的数据/对象在未经许可的情况下在用户计算机上运行。 数据由报告与DATA关联的MIME类型的协议层接收,并缓存数据和相关缓存文件名(CFN)。 安排MIME嗅探器根据缓存的数据,CFN和报告的MIME类型来识别嗅探的MIME类型。 调和逻辑评估嗅探的MIME类型和CFN以确定对帐的MIME类型,并更新CFN。 类ID嗅探器评估更新的CFN,缓存数据和已对帐的MIME类型,以确定适当的类ID。 安全逻辑评估更新的CFN,报告的类ID和其他相关系统参数以构建安全性矩阵。 来自安全矩阵的参数用于在不可信数据/对象可能在机器上创建安全漏洞之前拦截数据/对象。
-
公开(公告)号:US07660999B2
公开(公告)日:2010-02-09
申请号:US10873576
申请日:2004-06-22
CPC分类号: G06F21/60 , G06F21/56 , G06F21/562 , G06F21/566
摘要: A model restricts un-trusted data/objects from running on a user's machine without permission. The data is received by a protocol layer that reports a MIME type associated with the DATA, and caches the data and related cache file name (CFN). A MIME sniffer is arranged to identify a sniffed MIME type based on the cached data, the CFN, and the reported MIME type. Reconciliation logic evaluates the sniffed MIME type and the CFN to determine a reconciled MIME type, and to update the CFN. A class ID sniffer evaluates the updated CFN, the cached data, and the reconciled MIME type to determine an appropriate class ID. Security logic evaluates the updated CFN, the reported class ID, and other related system parameters to build a security matrix. Parameters from the security matrix are used to intercept data/objects before an un-trusted data/object can create a security breach on the machine.
摘要翻译: 模型限制不受信任的数据/对象在未经许可的情况下在用户计算机上运行。 数据由报告与DATA关联的MIME类型的协议层接收,并缓存数据和相关缓存文件名(CFN)。 安排MIME嗅探器根据缓存的数据,CFN和报告的MIME类型来识别嗅探的MIME类型。 调和逻辑评估嗅探的MIME类型和CFN以确定对帐的MIME类型,并更新CFN。 类ID嗅探器评估更新的CFN,缓存数据和已对帐的MIME类型,以确定适当的类ID。 安全逻辑评估更新的CFN,报告的类ID和其他相关系统参数以构建安全性矩阵。 来自安全矩阵的参数用于在不可信数据/对象可能在机器上创建安全漏洞之前拦截数据/对象。
-
公开(公告)号:US07770182B2
公开(公告)日:2010-08-03
申请号:US10894918
申请日:2004-07-20
IPC分类号: G06F9/318
CPC分类号: G06F9/542 , G06F2209/543 , G06F2209/545
摘要: An extensible editor allows integration of extensions that modify the editor's default behavior and provide customized feedback to users. The editor includes an event routing model that works to decrease the occurrence of conflicts between the editor and extensions and between extensions. Upon the occurrence of an event, the editor routes the event to each extension before the editor's default handling of the event occurs. When an extension responds to an event, the extension may “consume” the event by indicating to the editor not to allow further processing of the event. After an event has been pre-processed by each extension, the default editor acts on the event. The editor then routes the event to each extension again, to allow each extension to process the event after the default editor has acted.
摘要翻译: 可扩展的编辑器可以集成扩展,修改编辑器的默认行为,并向用户提供定制的反馈。 编辑器包括一个事件路由模型,可以减少编辑器和扩展之间以及扩展之间冲突的发生。 发生事件后,编辑器将在发生事件的默认处理之前将事件路由到每个扩展。 当分机响应事件时,分机可以通过向编辑器指示不允许进一步处理事件来“消耗”事件。 事件由每个扩展名预先处理后,默认编辑器对事件进行操作。 然后,编辑器再次将事件路由到每个扩展,以允许每个扩展在默认编辑器执行后处理事件。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.046 秒)
