专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070162890A1 SECURITY ENGINEERING AND THE APPLICATION LIFE CYCLE 审中-公开
标题翻译：安全工程和申请生命周期
公开(公告)号：US20070162890A1
公开(公告)日：2007-07-12
申请号：US11382858
申请日：2006-05-11
申请人： John Meier , Srinath Vasireddy , Michael Dunner , Blaine Wastell
发明人： John Meier , Srinath Vasireddy , Michael Dunner , Blaine Wastell
IPC分类号： G06F9/44
CPC分类号： G06F21/577 , G06F8/20
摘要： A novel approach to security engineering that leverages expertise to enable a user to design, build and deploy secure applications is disclosed. In doing so, the innovation discloses novel techniques and mechanisms that integrate security into the application development lifecycle and to adapt current software engineering practices and methodologies to include specific security related activities. These activities include identifying security objectives, creating threat models, applying secure design guidelines, patterns and principles, conducting security design inspections, performing regular code inspections, testing for security, and conducting deployment inspections to ensure secure configuration.
摘要翻译：公开了一种利用专业知识使用户设计，构建和部署安全应用程序的安全工程的新颖方法。在这样做时，创新公开了将安全性集成到应用程序开发生命周期中的新技术和机制，并适应当前的软件工程实践和方法，以包括具体的安全相关活动。这些活动包括确定安全目标，创建威胁模型，应用安全设计指南，模式和原则，进行安全设计检查，执行常规代码检查，安全测试，以及进行部署检查以确保安全配置。

2. 发明申请

US20070157311A1 Security modeling and the application life cycle 审中-公开
标题翻译：安全建模和应用生命周期
公开(公告)号：US20070157311A1
公开(公告)日：2007-07-05
申请号：US11321425
申请日：2005-12-29
申请人： John Meier , Anandha Murukan , Srinath Vasireddy , Blaine Wastell , Michael Dunner
发明人： John Meier , Anandha Murukan , Srinath Vasireddy , Blaine Wastell , Michael Dunner
IPC分类号： G06F12/14
CPC分类号： G06F21/577
摘要： A security engineering system and methodology associated with the application life cycle is provided. The subject innovation provides a threat modeling system can be employed to identify threats and vulnerabilities associated with stages of the application life cycle. In accordance therewith, the novel innovation can facilitate identification of common issues that can arise during a threat modeling activity. The innovation can provide for a systematic mechanism to identify threats and/or vulnerabilities in accordance with the application life cycle.
摘要翻译：提供了与应用程序生命周期相关的安全工程系统和方法。本创新提供的威胁建模系统可用于识别与应用程序生命周期阶段相关的威胁和漏洞。根据此，新颖的创新可以有助于识别在威胁建模活动期间可能出现的常见问题。该创新可以提供系统的机制，以根据应用程序生命周期来识别威胁和/或漏洞。

3. 发明申请

US20070192344A1 THREATS AND COUNTERMEASURES SCHEMA 审中-公开
标题翻译：威胁和对策措施
公开(公告)号：US20070192344A1
公开(公告)日：2007-08-16
申请号：US11382857
申请日：2006-05-11
申请人： John Meier , Srinath Vasireddy , Michael Dunner
发明人： John Meier , Srinath Vasireddy , Michael Dunner
IPC分类号： G06F7/00
CPC分类号： G06F8/10 , G06F21/554
摘要： An threats and countermeasures schema that can incorporate expertise into an application engineering activity is provided. For example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures based upon an application type, user objective, etc. The novel threats and countermeasures schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g. threat modeling). For example, the schema can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of novel countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema based upon the determined application type.
摘要翻译：提供了将专业知识纳入应用工程活动的威胁和对策模式。例如，威胁和对策模式可以应用于威胁建模组件，以通过基于应用程序类型，用户目标等识别类别，漏洞，攻击和对策来将知识融合到活动中。新的威胁和对策模式可以创建一个共同的框架，它将知识与任何应用工程活动（例如威胁建模）相融合。例如，该模式可以包括可以执行的威胁和攻击的列表。同样，框架可以包括基于攻击的新颖的对策的列表。此外，可以采用上下文精确机制来自动和/或动态地确定应用环境的上下文。该上下文可以用于基于确定的应用程序类型自动生成适当的模式。

4. 发明申请

US20070157156A1 Information models and the application life cycle 审中-公开
标题翻译：信息模型和应用生命周期
公开(公告)号：US20070157156A1
公开(公告)日：2007-07-05
申请号：US11321153
申请日：2005-12-29
申请人： John Meier , Anandha Murukan , Sirnath Vasireddy , Michael Dunner
发明人： John Meier , Anandha Murukan , Sirnath Vasireddy , Michael Dunner
IPC分类号： G06F9/44
CPC分类号： G06F21/554 , G06F8/10
摘要： An information model (e.g., schema) that can incorporate expertise into an application engineering activity—for example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures. The novel schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g., threat modeling, performance modeling). For example, the framework can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema or information model.
摘要翻译：可以将专业知识融入到应用工程活动中的信息模型（例如，模式） - 例如威胁和对策模式可以应用于威胁建模组件，以通过识别类别，漏洞，攻击和对策来将知识融合到活动中。新颖的模式可以创建一个共同的框架，它将知识与任何应用程序工程活动（例如，威胁建模，性能建模）相融合。例如，框架可以包括可以采取的威胁和攻击的列表。同样，框架可以包括基于攻击的对策的列表。此外，可以采用上下文精确机制来自动和/或动态地确定应用环境的上下文。此上下文可用于自动生成适当的模式或信息模型。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式