专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明申请

US20120054724A1 INCREMENTAL STATIC ANALYSIS 审中-公开
标题翻译：增量静态分析
公开(公告)号：US20120054724A1
公开(公告)日：2012-03-01
申请号：US12873219
申请日：2010-08-31
申请人： Daniel Kalman , Marco Pistoia , Guy Podjarny , Omer Tripp , Omri Weisman
发明人： Daniel Kalman , Marco Pistoia , Guy Podjarny , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F8/75 , G06F11/3604 , G06F21/577
摘要： A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g., an application), where the changed portion was changed subsequent to performing a static analysis on the application, a static analysis result invalidator for invalidating any static analysis result that is dependent on the changed portion, and an incremental static analyzer for performing a first incremental static analysis on at least the changed portion, presenting the results of the first incremental static analysis, receiving a request to provide additional information regarding a selected result of the first incremental static analysis, performing, responsive to receiving the request, a second incremental static analysis on any portion of the application to gather the additional information, and presenting results of the second incremental static analysis, thereby providing the additional information regarding the selected result of the first incremental static analysis.
摘要翻译：一种用于增量静态分析的系统，方法和计算机程序产品，包括用于识别计算机软件（例如，应用程序）的改变部分的变化影响分析器，其中在对应用执行静态分析之后改变部分被改变，静态分析结果无效器，用于使依赖于改变的部分的任何静态分析结果无效;以及增量静态分析器，用于至少对所述改变的部分执行第一增量静态分析，呈现第一增量静态分析的结果，请求提供关于第一增量静态分析的选定结果的附加信息，响应于接收到请求执行，对应用的任何部分进行第二增量静态分析以收集附加信息，以及呈现第二增量静态分析的结果，从而提供附加信息rega 选择第一个增量静态分析的结果。

82. 发明授权

US07171558B1 Transparent digital rights management for extendible content viewers 失效
标题翻译：透明的数字版权管理可扩展内容观众
公开(公告)号：US07171558B1
公开(公告)日：2007-01-30
申请号：US09667286
申请日：2000-09-22
申请人： Magda M. Mourad , Jonathan P. Munson , Tamer Nadeem , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
发明人： Magda M. Mourad , Jonathan P. Munson , Tamer Nadeem , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/10
摘要： A digital rights management system for controlling the distribution of digital content to player applications. The system comprises a verification system, a trusted content handler, and a user interface control. The verification system is provided to validate the integrity of the player applications; and the trusted content handler is used to decrypt content and to transmit the decrypted content to the player applications, and to enforce usage rights associated with the content. The user interface control module is provided to ensure that users of the player applications are not exposed to actions that violate the usage rights. The preferred embodiment of the present invention provides a system that enables existing content viewers, such as Web browsers, document viewers, and Java Virtual Machines running content-viewing applications, with digital rights management capabilities, in a manner that is transparent to the viewer. Extending content viewers with such capabilities enables and facilitates the free exchange of digital content over open networks, such as the Internet, while protecting the rights of content owners, authors, and distributors. This protection is achieved by controlling access to the content and constraining it according to the rights and privileges granted to the user during the content acquisition phase.
摘要翻译：数字版权管理系统，用于控制数字内容到玩家应用程序的分发。系统包括验证系统，可信内容处理程序和用户界面控制。提供验证系统以验证玩家申请的完整性; 并且可信内容处理程序用于解密内容并将解密的内容传送给播放器应用，并且执行与内容相关联的使用权限。提供用户界面控制模块以确保玩家应用的用户不会暴露于违反使用权限的动作。本发明的优选实施例提供了一种系统，其以对观看者透明的方式，使具有数字权限管理功能的现有内容观众（诸如Web浏览器，文档查看器和运行内容观看应用的Java虚拟机）成为可能。扩展具有此类功能的内容观众能够实现和促进数字内容在互联网等开放网络上的自由交换，同时保护内容所有者，作者和分销商的权利。该保护通过控制对内容的访问并根据在内容获取阶段中授予用户的权限和特权来约束来实现。

83. 发明授权

US09459990B2 Automatic and transparent application logging 有权
标题翻译：自动和透明的应用程序日志记录
公开(公告)号：US09459990B2
公开(公告)日：2016-10-04
申请号：US13431422
申请日：2012-03-27
申请人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
发明人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
IPC分类号： G06F11/36 , G06F11/34
CPC分类号： G06F11/3644 , G06F11/3466 , G06F11/3476 , G06F2201/865
摘要： Automatic application logging, in one aspect, may receive a directive for logging data associated with an application. One or more runtime objects of an instance of the application running on a processor may be modified according to the directive to collect the data. The data may be collected via the modified one or more runtime objects.
摘要翻译：在一个方面，自动应用程序日志记录可以接收用于记录与应用程序相关联的数据的指令。可以根据指令来修改在处理器上运行的应用的实例的一个或多个运行时对象以收集数据。可以经由修改的一个或多个运行时对象来收集数据。

84. 发明授权

US08910293B2 Determining the vulnerability of computer software applications to privilege-escalation attacks 有权
标题翻译：确定计算机软件应用程序对特权升级攻击的脆弱性
公开(公告)号：US08910293B2
公开(公告)日：2014-12-09
申请号：US13542214
申请日：2012-07-05
申请人： Marco Pistoia , Ori Segal , Omer Tripp
发明人： Marco Pistoia , Ori Segal , Omer Tripp
IPC分类号： G06F11/00 , G06F21/56 , H04L29/06 , G06F21/57
CPC分类号： G06F21/563 , G06F21/577 , H04L63/1433
摘要： Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.
摘要翻译：确定计算机软件应用程序对特权升级攻击的脆弱性，例如将指令分类器配置为用于识别计算机软件应用程序的指令的候选访问受限区域的位置以及静态分析器，以进行静态分析候选访问限制区域，以确定是否存在控制进入候选访问受限区域的执行流程的条件指令，执行静态分析以确定条件指令是否依赖于计算机软件应用程序内的数据源，并指定候选访问限制区域容易受到特权升级攻击的攻击，不存在条件指令和日期源。

85. 发明授权

US08875297B2 Interactive analysis of a security specification 有权
标题翻译：交互式分析安全规范
公开(公告)号：US08875297B2
公开(公告)日：2014-10-28
申请号：US13448029
申请日：2012-04-16
申请人： Marco Pistoia , Takaaki Tateishi , Omer Tripp
发明人： Marco Pistoia , Takaaki Tateishi , Omer Tripp
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F9/445 , G06F11/36 , G06F21/56 , G06F21/52 , G06F9/45
CPC分类号： G06F11/3604 , G06F8/43 , G06F9/44589 , G06F11/3672 , G06F11/3684 , G06F11/3688 , G06F21/52 , G06F21/562 , G06F21/577
摘要： Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Via a processor, testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader.
摘要翻译：分析安全规范。一个实施例可以包括识别被测试的计算机程序中的降级器。通过处理器，可以在第一级分析中对降级器进行测试。对于在第一级分析中没有通过测试的降级分析器，可以自动合成降级器的反例。此外，可以使用计数器示例作为降级器的输入参数来为降级器创建测试单元。可以执行测试单元以在第二级分析中对降级器进行测试。响应于在第二级分析中通过测试的降级者，可以提示用户简化降级的模型。

86. 发明授权

US08863292B2 Interactive analysis of a security specification 有权
标题翻译：交互式分析安全规范
公开(公告)号：US08863292B2
公开(公告)日：2014-10-14
申请号：US13313757
申请日：2011-12-07
申请人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
发明人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F9/45 , G06F9/445 , G06F21/52 , G06F21/56 , G06F11/36
CPC分类号： G06F11/3604 , G06F8/43 , G06F9/44589 , G06F11/3672 , G06F11/3684 , G06F11/3688 , G06F21/52 , G06F21/562 , G06F21/577
摘要： Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader.
摘要翻译：分析安全规范。一个实施例可以包括识别被测试的计算机程序中的降级器。降级测试可以在第一级分析中进行。对于在第一级分析中没有通过测试的降级分析器，可以自动合成降级器的反例。此外，可以使用计数器示例作为降级器的输入参数来为降级器创建测试单元。可以执行测试单元以在第二级分析中对降级器进行测试。响应于在第二级分析中通过测试的降级者，可以提示用户简化降级的模型。

87. 发明授权

US08769696B2 Automated detection of flaws and incompatibility problems in information flow downgraders 有权
标题翻译：自动检测信息流下载中的缺陷和不兼容问题
公开(公告)号：US08769696B2
公开(公告)日：2014-07-01
申请号：US13248724
申请日：2011-09-29
申请人： Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
发明人： Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/577 , G06F21/00 , G06F21/50
摘要： Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated.
摘要翻译：评估应用程序代码中关于目标部署环境的降级代码的机制。识别应用程序代码中的降级代码。基于输入字符串，识别降级代码响应于输入字符串而输出的输出字符串。检索一组或多组非法字符串模式。一组或多组非法字符串模式中的每一个与相应的部署环境相关联。非法字符串模式是为了安全起见，降级标识在信息流中的字符串模式。基于一组或多组非法字符串模式和输出字符串，确定降级代码是否与目标部署环境兼容。产生指示确定结果的输出。

88. 发明授权

US08695098B2 Detecting security vulnerabilities in web applications 有权
标题翻译：检测Web应用程序中的安全漏洞
公开(公告)号：US08695098B2
公开(公告)日：2014-04-08
申请号：US13174628
申请日：2011-06-30
申请人： Marco Pistoia , Ori Segal , Omer Tripp
发明人： Marco Pistoia , Ori Segal , Omer Tripp
IPC分类号： G06F11/00
CPC分类号： G06F21/577 , H04L63/1433
摘要： Method to detect security vulnerabilities includes: interacting with a web application during its execution to identify a web page exposed by the web application; statically analyzing the web page to identify a parameter within the web page that is constrained by a client-side validation measure and that is to be sent to the web application; determining a server-side validation measure to be applied to the parameter in view of the constraint placed upon the parameter by the client-side validation measure; statically analyzing the web application to identify a location within the web application where the parameter is input into the web application; determining whether the parameter is constrained by the server-side validation measure prior to the parameter being used in a security-sensitive operation; and identifying the parameter as a security vulnerability.
摘要翻译：检测安全漏洞的方法包括：在执行期间与Web应用程序进行交互以识别Web应用程序公开的网页; 静态地分析网页以识别受到客户端验证措施约束并且要发送到Web应用程序的网页内的参数; 鉴于通过客户端验证措施对参数的约束，确定要应用于参数的服务器端验证度量; 静态分析Web应用程序以识别Web应用程序中将参数输入到Web应用程序中的位置; 在参数在安全敏感操作中使用之前，确定参数是否受到服务器端验证度量的约束; 并将该参数识别为安全漏洞。

89. 发明授权

US08667584B2 Formal analysis of the quality and conformance of information flow downgraders 有权
公开(公告)号：US08667584B2
公开(公告)日：2014-03-04
申请号：US12968646
申请日：2010-12-15
申请人： Ryan J. Berg , Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
发明人： Ryan J. Berg , Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
IPC分类号： G06F21/00
CPC分类号： G06F21/50 , G06F21/577
摘要： Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration.

90. 发明授权

US08661264B1 Security model for actor-based languages and apparatus, methods, and computer programming products using same 失效
公开(公告)号：US08661264B1
公开(公告)日：2014-02-25
申请号：US13588347
申请日：2012-08-17
申请人： Bard Bloom , John H. Field , Salvatore Guarnieri , Marco Pistoia
发明人： Bard Bloom , John H. Field , Salvatore Guarnieri , Marco Pistoia
IPC分类号： G06F9/44
CPC分类号： G06F21/6218 , G06F8/20 , G06F21/554 , G06F21/566 , G06F21/6227 , G06F2221/2113 , H04L63/08 , H04L63/20
摘要： An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式