专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

101. 发明授权

US07237236B2 Method and apparatus for automatically determining optimum placement of privileged code locations in existing code 失效
标题翻译：用于自动确定现有代码中特权代码位置的最佳布局的方法和装置
公开(公告)号：US07237236B2
公开(公告)日：2007-06-26
申请号：US10226871
申请日：2002-08-22
申请人： Aaron Stephen Jay Kershenbaum , Lawrence Koved , Anthony Joseph Nadalin , Marco Pistoia
发明人： Aaron Stephen Jay Kershenbaum , Lawrence Koved , Anthony Joseph Nadalin , Marco Pistoia
IPC分类号： G06F9/45
CPC分类号： G06F8/433 , G06F8/72
摘要： A method and apparatus for automatically determining optimum placement of privileged code enablement locations in existing code are provided. A method invocation graph of existing code is generated and a static analysis of the method invocation graph is performed. The static analysis is used to analyze the permission propagation through chains of method invocations in the method invocation graph. When a method invocation in the method invocation graph satisfies one or more user definable criteria, the location in the method invocation graph is saved to a file that identifies recommended insertion points for a call to the authorization enablement code. This file may then be used to manually review the code to determine if a call to privileged mode enablement should actually be made at the identified locations. Alternatively, the call to privileged mode enablement may be automatically inserted at the indicated locations using refactoring.
摘要翻译：提供了一种用于自动确定现有代码中特权代码启用位置的最佳布局的方法和装置。生成现有代码的方法调用图，并执行方法调用图的静态分析。静态分析用于通过方法调用图中的方法调用链来分析权限传播。当方法调用图中的方法调用满足一个或多个用户可定义的标准时，方法调用图中的位置将保存到一个文件中，该文件标识了对授权启用代码的调用的推荐插入点。然后可以使用该文件手动查看代码，以确定是否应在所识别的位置实际执行对特权模式启用的调用。或者，可以使用重构在所指示的位置自动地插入对特权模式启用的呼叫。

102. 发明申请

US20050039158A1 Method and apparatus for adopting authorizations 失效
标题翻译：采用授权的方法和装置
公开(公告)号：US20050039158A1
公开(公告)日：2005-02-17
申请号：US10639862
申请日：2003-08-13
申请人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
发明人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
IPC分类号： G06F9/44
CPC分类号： G06F21/53
摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译：提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

103. 发明授权

US08789188B2 Method and apparatus for automatic determination of authorization requirements while editing or generating code 失效
标题翻译：在编辑或生成代码时自动确定授权要求的方法和装置
公开(公告)号：US08789188B2
公开(公告)日：2014-07-22
申请号：US11867792
申请日：2007-10-05
申请人： Ted A. Habeck , Lawrence Koved , Jeff McAffer , Marco Pistoia
发明人： Ted A. Habeck , Lawrence Koved , Jeff McAffer , Marco Pistoia
IPC分类号： G06F21/00
CPC分类号： G06F21/6218
摘要： Systems and methods are presented for automatically determining the security requirements of program code during the creation or modification of that program code and for presenting the necessary security permissions to a developer of the program code at the time of the creation or modification of the program code. A cache is established containing program code segments including library calls and application program interfaces that require security permissions at runtime. The cache also includes the security permissions associated with the stored program code segments. Program code editing is monitored in real time during the editing, and instances of edits that add, modify or delete the stored program code segments from the program code being edited are identified. The security permissions associated with the program code segments that are modified by the edits are retrieved from the cache. The retrieved security permissions are immediately presented to the developer in an interactive format that provides the developer with the ability to accept or decline the necessary changes to the security permissions.
摘要翻译：提出了系统和方法，用于在创建或修改程序代码期间自动确定程序代码的安全性要求，并在创建或修改程序代码时向程序代码的开发人员呈现必要的安全权限。建立了包含程序代码段的缓存，包括在运行时需要安全权限的库调用和应用程序接口。缓存还包括与存储的程序代码段相关联的安全许可。在编辑期间实时监控程序代码编辑，并且识别从正在编辑的程序代码中添加，修改或删除存储的程序代码段的编辑实例。从缓存中检索与编辑修改的程序代码段相关联的安全权限。检索到的安全权限立即以交互式格式呈现给开发人员，交互式格式使开发人员能够接受或拒绝对安全权限的必要更改。

104. 发明申请

US20130262617A1 AUTOMATIC AND TRANSPARENT APPLICATION LOGGING 有权
标题翻译：自动和透明应用程序记录
公开(公告)号：US20130262617A1
公开(公告)日：2013-10-03
申请号：US13431422
申请日：2012-03-27
申请人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
发明人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
IPC分类号： G06F9/44 , G06F15/16
CPC分类号： G06F11/3644 , G06F11/3466 , G06F11/3476 , G06F2201/865
摘要： Automatic application logging, in one aspect, may receive a directive for logging data associated with an application. One or more runtime objects of an instance of the application running on a processor may be modified according to the directive to collect the data. The data may be collected via the modified one or more runtime objects.
摘要翻译：在一个方面，自动应用程序日志记录可以接收用于记录与应用程序相关联的数据的指令。可以根据指令来修改在处理器上运行的应用的实例的一个或多个运行时对象以收集数据。可以经由修改的一个或多个运行时对象来收集数据。

105. 发明授权

US08332939B2 System and method for the automatic identification of subject-executed code and subject-granted access rights 有权
标题翻译：用于自动识别主体执行代码和主题授权访问权限的系统和方法
公开(公告)号：US08332939B2
公开(公告)日：2012-12-11
申请号：US11677272
申请日：2007-02-21
申请人： Paolina Centonze , Marco Pistoia
发明人： Paolina Centonze , Marco Pistoia
IPC分类号： H04L29/06
CPC分类号： G06F21/629 , G06F9/468 , G06F2221/2141 , G06F2221/2145
摘要： The present invention relates to a method for identifying subject-executed code and subject-granted access rights within a program, the method further comprising the steps of: constructing a static model of a program, and determining a set of access rights that are associated with each subject object that is comprised within the program. The method further comprises the steps of annotating the invocation graph with the set of access right data to generate a subject-rights analysis, wherein each node comprised within the invocation graph is mapped to a set of access rights that represent subject-granted access rights under which a method that corresponds to a respective node will be executed, and utilizing the subject-rights analysis to perform a subject-rights analysis of the program.
摘要翻译：本发明涉及一种用于识别程序内的主体执行代码和被授权访问权限的方法，所述方法还包括以下步骤：构建程序的静态模型，以及确定与包含在程序中的每个主题对象。该方法还包括以下步骤：利用一组访问权限数据注释调用图，以生成主题权限分析，其中包含在调用图中的每个节点被映射到一组访问权限，这些访问权限表示被授权的访问权限，将执行对应于相应节点的方法，并且利用主体权利分析来执行节目的主题权限分析。

106. 发明申请

US20120151454A1 GENERATING INPUTS FOR CLIENT-SERVER PROGRAMS FOR FAULT DETECTION AND LOCALIZATION 失效
标题翻译：为客户服务器程序生成用于故障检测和本地化的程序
公开(公告)号：US20120151454A1
公开(公告)日：2012-06-14
申请号：US12966556
申请日：2010-12-13
申请人： Shay ARTZI , Julian Dolby , Marco Pistoia , Frank Tip
发明人： Shay ARTZI , Julian Dolby , Marco Pistoia , Frank Tip
IPC分类号： G06F9/44
CPC分类号： G06F11/3684 , H04L69/40
摘要： The present invention provides a system, computer program product, and a computer implemented method for analyzing a set of two or more communicating applications. The method begins with receiving a first second application that communicates with each other during execution. Next, an initial input for executing the first application and the second application is received. The initial input is added to a set of inputs. An iterative execution loop is performed at least once. The loop begins with selecting inputs out of the set of inputs for execution. Next, using the selected inputs, the first and/or the second application is executed while information regarding the execution and information communicated to the other application are recorded. A set of one or more new application inputs for either applications is generated based the second application recorded information and the first application information. These new inputs are added to the set of inputs.
摘要翻译：本发明提供了一种系统，计算机程序产品和用于分析一组两个或多个通信应用的计算机实现的方法。该方法开始于在执行期间接收彼此通信的第一个第二应用程序。接下来，接收用于执行第一应用和第二应用的初始输入。初始输入被添加到一组输入。执行迭代执行循环至少一次。循环从选择输入集合中的输入开始执行。接下来，使用所选择的输入，执行第一和/或第二应用，同时记录关于执行的信息和传送给其他应用的信息。基于第二应用记录信息和第一应用信息生成用于任一应用的一组或多个新的应用输入。这些新的输入被添加到该组输入。

107. 发明申请

US20120089962A1 Unchanged Object Management 审中-公开
标题翻译：不变的对象管理
公开(公告)号：US20120089962A1
公开(公告)日：2012-04-12
申请号：US12900643
申请日：2010-10-08
申请人： Paolina Centonze , Peter K. Malkin , Marco Pistoia
发明人： Paolina Centonze , Peter K. Malkin , Marco Pistoia
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/443 , G06F8/24
摘要： A method includes, using a static analysis performed on code, analyzing the code to determine a set of unchanged objects and modifying the code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method also includes outputting the modified code. Apparatus and program products are also disclosed. Another method includes accessing code from a client, and in response to any of the code being source code, compiling the source code into object code until all the code from the client comprises object code. The method further includes, using a static analysis performed on the object code, analyzing the object code to determine a set of unchanged objects and modifying the object code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method additionally includes returning the modified object code to the client.
摘要翻译：一种方法包括：使用对代码执行的静态分析，分析代码以确定一组不变的对象，并修改代码以对该组不变对象的一个或多个成员进行单例模式技术。该方法还包括输出修改的代码。还公开了装置和程序产品。另一种方法包括从客户端访问代码，并且响应任何代码是源代码，将源代码编译成目标代码，直到来自客户端的所有代码包括目标代码。该方法还包括：使用对目标代码执行的静态分析，分析目标代码以确定一组未改变的对象并修改目标代码以对该组不变对象的一个或多个成员执行单例模式技术。该方法还包括将修改的对象代码返回给客户机。

108. 发明授权

US08006233B2 System and method for the automatic verification of privilege-asserting and subject-executed code 失效
标题翻译：用于自动验证特权声明和主体执行代码的系统和方法
公开(公告)号：US08006233B2
公开(公告)日：2011-08-23
申请号：US11677259
申请日：2007-02-21
申请人： Paolina Centonze , Marco Pistoia
发明人： Paolina Centonze , Marco Pistoia
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F21/57 , G06F8/75
摘要： The present relates to a method for verifying privileged and subject-executed code within a program, the method further comprising the steps of constructing a static model of a program, identifying checkPermission nodes that are comprised within the invocation graph, and performing a fixed-point iteration, wherein each determined permission set is propagated backwards across the nodes of the static model until a privilege-asserting code node is reached. The method further comprises the steps of associating each node of the invocation graph with a set of Permission allocation sites, analyzing each identified privilege-asserting code node and subject-executing code node to determine the Permission allocation site set that is associated with each privilege-asserting code node and subject-executing code node, and determining the cardinality of a Permission allocation-site set that is associated with each privilege-asserting code node and subject-executing code node.
摘要翻译：本发明涉及一种用于验证程序内的特权和主体执行代码的方法，所述方法还包括以下步骤：构建程序的静态模型，识别包含在调用图中的checkPermission节点，并执行定点迭代，其中每个确定的权限集合经过静态模型的节点向后传播，直到达到特权确定代码节点。该方法还包括以下步骤：将调用图的每个节点与一组权限分配站点相关联，分析每个已识别的特权代理节点和主体执行代码节点，以确定与每个权限分配站点相关联的权限分配站点集，断言代码节点和主体执行代码节点，以及确定与每个特权代理节点和主体执行代码节点相关联的权限分配站点集合的基数。

109. 发明申请

US20090007223A1 METHOD AND SYSTEM FOR RUN-TIME DYNAMIC AND INTERACTIVE IDENTIFICATION OF SOFTWARE AUTHORIZATION REQUIREMENTS AND PRIVILEGED CODE LOCATIONS, AND FOR VALIDATION OF OTHER SOFTWARE PROGRAM ANALYSIS RESULTS 审中-公开
标题翻译：软件授权要求和特殊代码位置的运行时间动态和交互式标识的方法和系统，以及其他软件程序分析结果的验证
公开(公告)号：US20090007223A1
公开(公告)日：2009-01-01
申请号：US12127298
申请日：2008-05-27
申请人： Paolina Centonze , Jose Gomes , Marco Pistoia
发明人： Paolina Centonze , Jose Gomes , Marco Pistoia
IPC分类号： G06F21/00
CPC分类号： G06F21/6227 , G06F2221/2141 , G06F2221/2149
摘要： A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.
摘要翻译：用于识别安全授权和特权代码要求的系统，方法和计算机程序产品; 用于验证使用静态分析进行的分析; 用于自动评估现有安全策略; 用于检测代码中的问题; 在执行软件程序的运行时执行环境中。该方法包括：响应于程序尝试访问需要授权的资源，实施用于识别执行程序中的程序点的反射对象，其中发生授权失败; 经由用户界面显示所识别的节目点的实例，所识别的实例是用户可选择的; 对于选定的程序点，实时地确定访问受限资源的授权和特权代码要求; 并且使得用户能够经由用户界面来选择是否应当授予所需的授权，其中本地系统提供需要授权的资源的细粒度访问。

110. 发明申请

US20080201693A1 SYSTEM AND METHOD FOR THE AUTOMATIC IDENTIFICATION OF SUBJECT-EXECUTED CODE AND SUBJECT-GRANTED ACCESS RIGHTS 有权
标题翻译：自动识别主体执行代码和被授权访问权限的系统和方法
公开(公告)号：US20080201693A1
公开(公告)日：2008-08-21
申请号：US11677272
申请日：2007-02-21
申请人： Paolina Centonze , Marco Pistoia
发明人： Paolina Centonze , Marco Pistoia
IPC分类号： G06F21/20
CPC分类号： G06F21/629 , G06F9/468 , G06F2221/2141 , G06F2221/2145
摘要： The present invention relates to a method for identifying subject-executed code and subject-granted access rights within a program, the method further comprising the steps of: constructing a static model of a program, and determining a set of access rights that are associated with each subject object that is comprised within the program. The method further comprises the steps of annotating the invocation graph with the set of access right data to generate a subject-rights analysis, wherein each node comprised within the invocation graph is mapped to a set of access rights that represent subject-granted access rights under which a method that corresponds to a respective node will be executed, and utilizing the subject-rights analysis to perform a subject-rights analysis of the program.
摘要翻译：本发明涉及一种用于识别程序内的主体执行代码和被授权访问权限的方法，所述方法还包括以下步骤：构建程序的静态模型，以及确定与包含在程序中的每个主题对象。该方法还包括以下步骤：利用一组访问权限数据注释调用图，以生成主题权限分析，其中包含在调用图中的每个节点被映射到一组访问权限，这些访问权限表示被授权的访问权限，将执行对应于相应节点的方法，并且利用主体权利分析来执行节目的主题权限分析。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式