-
公开(公告)号:US20120304283A1
公开(公告)日:2012-11-29
申请号:US13118158
申请日:2011-05-27
申请人: Tyler K. Beam , Kavitha Radhakrishnan , Benjamin J. Karas , Katrina M. Blanch , Lyon Wong , Allen T. Kim , Steven J. Ball , J. Tracy Lauricella , Scott B. Graham , Manav Mishra
发明人: Tyler K. Beam , Kavitha Radhakrishnan , Benjamin J. Karas , Katrina M. Blanch , Lyon Wong , Allen T. Kim , Steven J. Ball , J. Tracy Lauricella , Scott B. Graham , Manav Mishra
IPC分类号: G06F21/00
摘要: A broker module of a computing device receives requests from an isolated application to access one or more items of an item source. In response to a request, storage item objects representing items of the item source are generated and returned to the isolated application for each item of the item source that the isolated application is authorized to access. Whether the isolated application is authorized to access a particular item can be based on particular item sources and/or particular item locations.
摘要翻译: 计算设备的代理模块从孤立应用接收请求以访问项目源的一个或多个项目。 响应于请求,生成表示项目源的项目的存储项目对象,并将其返回给被隔离应用程序被授权访问的项目源的每个项目的隔离应用程序。 孤立应用程序是否被授权访问特定项目可以基于特定项目源和/或特定项目位置。
-
公开(公告)号:US20130067570A1
公开(公告)日:2013-03-14
申请号:US13228338
申请日:2011-09-08
IPC分类号: G06F21/24
CPC分类号: G06F21/566 , G06F21/629 , G06F2221/2141 , H04L63/107 , H04L63/126 , H04L63/14
摘要: Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.
摘要翻译: 描述内容检查技术。 在一个或多个实现中,检测到在计算设备上执行的应用正在调用要用于处理内容的一组代码元素的特定代码元素。 例如,代码元素组可以包括预先指定的代码元素组(例如,功能和/或属性),其可以使得能够访问计算设备的特定功能,并且因此与已知的安全风险相关联。 然后确定内容是不受信任的,并且响应于确定内容不受信任,检查内容以确定内容是否安全地被传递给代码元素。
-
公开(公告)号:US20130061316A1
公开(公告)日:2013-03-07
申请号:US13225945
申请日:2011-09-06
申请人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
发明人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F21/6218 , G06F2221/2141 , G06F2221/2149
摘要: Capability access management techniques for processes are described. In one or more implementations, a token is formed having one or more security identifiers that reference capabilities described in a manifest for the executable code responsive to an input received to initiate execution of executable code installed on the computing device. The one or more processes formed through execution of the executable code on the computing device are associated with the token, the token usable to manage access of the one or more processes to the capabilities of the computing device.
摘要翻译: 描述进程的能力访问管理技术。 在一个或多个实现中,形成具有一个或多个安全标识符的令牌,所述安全标识符响应于接收到的输入来引用可执行代码的清单中描述的能力,以启动安装在计算设备上的可执行代码的执行。 通过在计算设备上执行可执行代码形成的一个或多个过程与令牌相关联,令牌可用于管理一个或多个进程对计算设备的能力的访问。
-
公开(公告)号:US09223976B2
公开(公告)日:2015-12-29
申请号:US13228338
申请日:2011-09-08
CPC分类号: G06F21/566 , G06F21/629 , G06F2221/2141 , H04L63/107 , H04L63/126 , H04L63/14
摘要: Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.
摘要翻译: 描述内容检查技术。 在一个或多个实现中,检测到在计算设备上执行的应用正在调用要用于处理内容的一组代码元素的特定代码元素。 例如,代码元素组可以包括预先指定的代码元素组(例如,功能和/或属性),其可以使得能够访问计算设备的特定功能,并且因此与已知的安全风险相关联。 然后确定内容是不受信任的,并且响应于确定内容不受信任,检查内容以确定内容是否安全地被传递给代码元素。
-
公开(公告)号:US08505070B2
公开(公告)日:2013-08-06
申请号:US13228346
申请日:2011-09-08
CPC分类号: G06F21/53
摘要: Various embodiments provide an ability to isolate execution of trusted content and/or script from execution of untrusted content and/or script. Separate contexts and/or execution environments can be used for the trusted content and untrusted content, respectively. A trusted context and/or execution environment associated with execution of trusted content can be configured to enable access to sensitive resources associated with a computing device. An untrusted context and/or execution environment associated with execution of untrusted content can be configured with limited and/or no access to the sensitive resources. Alternately or additionally, data generated within the untrusted context can be transferred to the trusted context in a benign manner.
摘要翻译: 各种实施例提供将可信内容和/或脚本的执行隔离为不受信任的内容和/或脚本的执行的能力。 单独的上下文和/或执行环境可以分别用于可信内容和不可信内容。 与可信内容的执行相关联的可信赖的上下文和/或执行环境可以被配置为使得能够访问与计算设备相关联的敏感资源。 与执行不受信任的内容相关联的不可信上下文和/或执行环境可以被配置为对敏感资源的有限和/或不访问。 或者或另外地,在不可信上下文内生成的数据可以以良性的方式传送到可信上下文。
-
公开(公告)号:US09118686B2
公开(公告)日:2015-08-25
申请号:US13226223
申请日:2011-09-06
申请人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
发明人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
CPC分类号: H04L63/102 , G06F21/335 , G06F21/51 , G06F21/52 , G06F2221/2121 , G06F2221/2141 , G06F2221/2145 , H04L63/20 , H04L67/34
摘要: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.
摘要翻译: 描述每个进程联网能力技术。 在一个或多个实现中,确定是否允许基于与该过程相关联的令牌在计算设备上执行的进程对网络能力的访问。 令牌具有引用清单中描述的一个或多个网络能力的一个或多个安全标识符。 基于确定来管理对网络能力的访问。
-
公开(公告)号:US20130061282A1
公开(公告)日:2013-03-07
申请号:US13227201
申请日:2011-09-07
IPC分类号: G06F21/00
CPC分类号: G06F21/629 , G06F21/52 , G06F21/53 , G06F21/56 , G06F21/566 , G06F2221/2141 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1483
摘要: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.
摘要翻译: 描述用于应用的内容处理的技术。 在一个或多个实现中,为允许调用计算设备的代码元素的应用的第一部分强制执行第一组内容处理策略,并且为应用的第二部分强制执行第二组内容处理策略 这是不允许调用代码元素的。 此外,确定是否基于应用的哪个部分请求内容来应用第一组内容处理策略或第二组内容处理策略到内容。
-
公开(公告)号:US20130062401A1
公开(公告)日:2013-03-14
申请号:US13228695
申请日:2011-09-09
IPC分类号: G06F17/00
CPC分类号: G06F21/52 , G06F9/468 , G06F17/00 , G06F21/121 , G06F21/44 , G06F21/6281 , G06F2221/033
摘要: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.
-
公开(公告)号:US20130061309A1
公开(公告)日:2013-03-07
申请号:US13226223
申请日:2011-09-06
申请人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
发明人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
CPC分类号: H04L63/102 , G06F21/335 , G06F21/51 , G06F21/52 , G06F2221/2121 , G06F2221/2141 , G06F2221/2145 , H04L63/20 , H04L67/34
摘要: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.
摘要翻译: 描述每个进程联网能力技术。 在一个或多个实现中,确定是否允许基于与该过程相关联的令牌在计算设备上执行的进程对网络能力的访问。 令牌具有引用清单中描述的一个或多个网络能力的一个或多个安全标识符。 基于确定来管理对网络能力的访问。
-
公开(公告)号:US10445528B2
公开(公告)日:2019-10-15
申请号:US13227201
申请日:2011-09-07
摘要: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.052 秒)
