公开(公告)号：US20070239979A1

公开(公告)日：2007-10-11

申请号：US11392349

申请日：2006-03-29

申请人： Stefan Berger ,  Trent Jaeger ,  Ronald Perez ,  Reiner Sailer ,  Enriquillo Valdez

发明人： Stefan Berger ,  Trent Jaeger ,  Ronald Perez ,  Reiner Sailer ,  Enriquillo Valdez

IPC分类号： G06F15/173

CPC分类号： H04L63/102 ,  H04L63/12

摘要： A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These polices are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.

摘要翻译： 提出了一种在虚拟机生命周期内保护策略状态信息的方案。 为了保护和保存虚拟机的策略状态信息，进程创建源策略，映射策略和二进制策略。 这些政策都是安全策略的不同表征。 不同的策略表示通过加密散列链接在一​​起。

公开(公告)号：US20070107046A1

公开(公告)日：2007-05-10

申请号：US11268220

申请日：2005-11-07

申请人： Trent Jaeger ,  Reiner Sailer ,  Leendert Van Doorn

发明人： Trent Jaeger ,  Reiner Sailer ,  Leendert Van Doorn

IPC分类号： H04L9/32

CPC分类号： G06F21/57

摘要： The present invention provides a computer-implemented method system and program product for remotely verifying (e.g., analytic) integrity of a system. Specifically, at startup of the system an access control policy that sets forth information flows within the system is read and a set of trusted subjects that interact with a target application in the system is determined. Based on the access information flows and the set of trusted subjects, an information flow graph of the system is constructed. At runtime of the target application, runtime information and program code loaded into the set of trusted subjects are measured. Measuring the program code that is loaded allows the remote party to verify that the program code is “expected” program code for the set of trusted subjects.

摘要翻译： 本发明提供了一种用于远程验证（例如，分析）系统完整性的计算机实现的方法系统和程序产品。 特别地，在系统启动时，读取在系统内设置信息流的访问控制策略，并且确定与系统中的目标应用交互的一组可信对象。 基于访问信息流和可信任对象的集合，构建系统的信息流图。 在目标应用程序的运行时间，测量加载到可信任对象集合中的运行时信息和程序代码。 测量加载的程序代码允许远程方验证程序代码是可信任对象集合的“预期”程序代码。

公开(公告)号：US20070162976A1

公开(公告)日：2007-07-12

申请号：US11328589

申请日：2006-01-10

申请人： Kay Anderson ,  Pau-Chen Cheng ,  Mark Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent Jaeger ,  Paul Karger ,  Zhen Liu ,  Ronald Perez ,  Anton Riabov ,  Pankaj Rohatgi ,  Angela Schuett ,  Michael Steiner ,  Grant Wagner

发明人： Kay Anderson ,  Pau-Chen Cheng ,  Mark Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent Jaeger ,  Paul Karger ,  Zhen Liu ,  Ronald Perez ,  Anton Riabov ,  Pankaj Rohatgi ,  Angela Schuett ,  Michael Steiner ,  Grant Wagner

IPC分类号： G06F11/00

CPC分类号： G06F21/577

摘要： An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

摘要翻译： 提供了一种示范性的方法来通过规划来管理和减轻安全风险。 收到所请求产品的第一个安全相关信息。 接收到可用于生成请求的产品的资源的第二个安全相关信息。 执行由第一安全相关信息和第二安全相关信息管理的具有安全风险的多阶段过程以产生所请求的产品。

公开(公告)号：US20060253709A1

公开(公告)日：2006-11-09

申请号：US11123998

申请日：2005-05-06

申请人： Pau-Chen Cheng ,  Shai Halevi ,  Trent Jaeger ,  Paul Karger ,  Ronald Perez ,  Pankaj Rohatgi ,  Angela Schuett ,  Michael Steiner ,  Grant Wagner

发明人： Pau-Chen Cheng ,  Shai Halevi ,  Trent Jaeger ,  Paul Karger ,  Ronald Perez ,  Pankaj Rohatgi ,  Angela Schuett ,  Michael Steiner ,  Grant Wagner

IPC分类号： H04L9/00

CPC分类号： G06N7/023 ,  G06F21/577 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/105

摘要： An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.

公开(公告)号：US20060248519A1

公开(公告)日：2006-11-02

申请号：US11119553

申请日：2005-05-02

申请人： Trent Jaeger ,  Lawrence Koved ,  Liangzhao Zeng ,  Xiaolan Zhang

发明人： Trent Jaeger ,  Lawrence Koved ,  Liangzhao Zeng ,  Xiaolan Zhang

IPC分类号： G06F9/45

CPC分类号： G06F8/51 ,  G06F11/3604

摘要： A unified program analysis framework that facilitates the analysis of complex multi-language software systems, analysis reuse, and analysis comparison, by employing techniques such as program translation and automatic results mapping, is presented. The feasibility and effectiveness of such a framework are demonstrated using a sample application of the framework. The comparison yields new insights into the effectiveness of the techniques employed in both analysis tools. These encouraging results yield the observation that such a unified program analysis framework will prove to be valuable both as a testbed for examining different language analysis techniques, and as a unified toolset for broad program analysis.