公开(公告)号：US20080127341A1

公开(公告)日：2008-05-29

申请号：US11772085

申请日：2007-06-29

申请人： Shuo Chen ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： H04L9/32 ,  G06F3/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US08539585B2

公开(公告)日：2013-09-17

申请号：US11768134

申请日：2007-06-25

申请人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： G06F21/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US20080134338A1

公开(公告)日：2008-06-05

申请号：US11565426

申请日：2006-11-30

申请人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： G08B23/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

公开(公告)号：US20080133976A1

公开(公告)日：2008-06-05

申请号：US11768134

申请日：2007-06-25

申请人： Shuo Chen ,  Yi-Min Wang ,  Ralf Sasse ,  Jiahe Helen Wang

发明人： Shuo Chen ,  Yi-Min Wang ,  Ralf Sasse ,  Jiahe Helen Wang

IPC分类号： G06F11/36

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US08156559B2

公开(公告)日：2012-04-10

申请号：US11565426

申请日：2006-11-30

申请人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： H04L29/06

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

公开(公告)号：US08125669B2

公开(公告)日：2012-02-28

申请号：US11772085

申请日：2007-06-29

申请人： Shuo Chen ,  Yi-Min Wang ,  Jiahe Helen Wang

发明人： Shuo Chen ,  Yi-Min Wang ,  Jiahe Helen Wang

IPC分类号： G06F15/00 ,  G06F11/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US20080201337A1

公开(公告)日：2008-08-21

申请号：US12044760

申请日：2008-03-07

申请人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

发明人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

IPC分类号： G06F17/30

CPC分类号： H04L41/0853

摘要： A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

摘要翻译： 提供了以寻求保护隐私并确保检索的数据的完整性的方式从设备检索数据的方法和系统。 在通过安全通信链路彼此通信的设备网络上实现检索系统。 每个设备直接连接到它信任的一个或多个“朋友”设备。 检索系统通过将数据的请求从一个朋友设备转发到另一个朋友设备来操作。 每个朋友设备可以选择性地向请求中添加数据，直到添加所有请求的数据。 具有检索到的数据的请求将返回给发起请求的设备。

公开(公告)号：US07392295B2

公开(公告)日：2008-06-24

申请号：US10918086

申请日：2004-08-13

申请人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

发明人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

IPC分类号： G06F15/16

CPC分类号： H04L41/0853

摘要： A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

摘要翻译： 提供了以寻求保护隐私并确保检索的数据的完整性的方式从设备检索数据的方法和系统。 在通过安全通信链路彼此通信的设备网络上实现检索系统。 每个设备直接连接到它信任的一个或多个“朋友”设备。 检索系统通过将数据的请求从一个朋友设备转发到另一个朋友设备来操作。 每个朋友设备可以选择性地向请求中添加数据，直到添加所有请求的数据。 具有检索到的数据的请求将返回给发起请求的设备。

公开(公告)号：US07962571B2

公开(公告)日：2011-06-14

申请号：US12044760

申请日：2008-03-07

申请人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

发明人： Chun Yuan ,  Jiahe Helen Wang ,  Yi-Min Wang ,  Zheng Zhang

IPC分类号： G06F15/16

CPC分类号： H04L41/0853

摘要： A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

摘要翻译： 提供了以寻求保护隐私并确保检索的数据的完整性的方式从设备检索数据的方法和系统。 在通过安全通信链路彼此通信的设备网络上实现检索系统。 每个设备直接连接到它信任的一个或多个“朋友”设备。 检索系统通过将数据的请求从一个朋友设备转发到另一个朋友设备来操作。 每个朋友设备可以选择性地向请求中添加数据，直到添加所有请求的数据。 具有检索到的数据的请求将返回给发起请求的设备。

公开(公告)号：US07784101B2

公开(公告)日：2010-08-24

申请号：US11214123

申请日：2005-08-29

申请人： Chad E Verbowski ,  John D. Dungan ,  Shuo Chen ,  Yi-Min Wang

发明人： Chad E Verbowski ,  John D. Dungan ,  Shuo Chen ,  Yi-Min Wang

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： G06F21/6218 ,  G06F2221/2101

摘要： A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

摘要翻译： 用于在给定的安全上下文中识别应用的依赖性的技术包括监视应用产生的安全检查。 识别需要提升权限的安全检查，并且可能会记录与识别的安全检查对应的应用程序的执行状态。 可以通过监视访问检查，监视特权检查，针对与提升的权限相关联的已知标识符的列表等来检查用户/组标识符来识别需要提高权限的安全检查。