专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08239954B2 Access control based on program properties 有权
标题翻译：基于程序属性的访问控制
公开(公告)号：US08239954B2
公开(公告)日：2012-08-07
申请号：US11745048
申请日：2007-05-07
申请人： Edward P. Wobber , Andrew Birrell , Martin Abadi
发明人： Edward P. Wobber , Andrew Birrell , Martin Abadi
IPC分类号： H04L29/06
CPC分类号： H04L63/101 , G06F21/6218
摘要： A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.
摘要翻译：模式匹配访问控制系统基于主体的应用程序的属性确定是否应授予主体访问权限以使用资源。可以在应用程序加载时调用主体名称，调用其他应用程序（或程序）和/或假定新的角色上下文。访问是基于每个应用程序，发布者是否被系统策略授权以根据应用程序请求授予特权来提供访问。当一个委托人请求一个需要该权限的资源时，该资源的访问控制列表（ACL）会被扩展，并通过其发布者授权的应用程序列表来声明该权限。将扩展的ACL与主体名称进行比较以确定资源访问。

12. 发明申请

US20070271594A1 Access-Control Permissions with Inter-Process Message-Based Communications 有权
标题翻译：具有进程间消息通信的访问控制权限
公开(公告)号：US20070271594A1
公开(公告)日：2007-11-22
申请号：US11419145
申请日：2006-05-18
申请人： Edward P. Wobber , Manuel A. Fahndrich , Ulfar Erlingsson , Martin Abadi
发明人： Edward P. Wobber , Manuel A. Fahndrich , Ulfar Erlingsson , Martin Abadi
IPC分类号： H04L9/32
CPC分类号： G06F21/6281
摘要： Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.
摘要翻译：这里描述了一种或多种实现，其便于在计算环境中的软件进程之间通过通信导线进行消息传递。更具体地，所描述的实施方式通过在连接过程的特定管道上传递的消息来限制一个进程的访问，并且访问控制限制由与该特定管道相关联的合同定义。

13. 发明授权

US5173939A Access control subsystem and method for distributed computer system using compound principals 失效
标题翻译：使用复合主体的分布式计算机系统的访问控制子系统和方法
公开(公告)号：US5173939A
公开(公告)日：1992-12-22
申请号：US783361
申请日：1991-10-28
申请人： Martin Abadi , Michael Burrows , Edward P. Wobber
发明人： Martin Abadi , Michael Burrows , Edward P. Wobber
IPC分类号： G06F9/46
CPC分类号： G06F9/468 , Y10S707/99939
摘要： A distributed computer system has a number of computers coupled thereto at distinct nodes and a naming service with a membership table that defines a list of assumptions concerning which principals in the system are stronger than other principals, and which roles adopted by principals are stronger than other roles. Each object in the system has an access control list (ACL) having a list of entries. Each entry is either a simple principal or a compound principal. The set of allowed compound principals is limited to a predefined set of allowed combinations of simple principals, roles, delegations and conjunctions in accordance with a defined hierarchical ordering of the conjunction, delegation and role portions of each compound principal. The assumptions in the membership table reduce the number of entries needed in an ACL by allowing an entry to state only the weakest principals and roles that are to be allowed access. The reference checking process, handled by a reference monitor found at each node of the distributed system, grants an access request if the requestor is stronger than any one of the entries in the access control list for the resource requested. Furthermore, one entry is stronger than another entry if for each of the conjuncts in the latter entry there is a stronger conjunct in the former. Additional rules used by the reference monitor during the reference checking process govern the processes of comparing conjuncts in a requestor principal with the conjuncts in an access control list entry and of using assumptions to compare the relative strengths of principals and roles.
摘要翻译：分布式计算机系统具有多个与不同节点耦合的计算机，以及具有会员表的命名服务，该成员表定义了系统中哪些主体比其他主体更强的假设列表，以及由主体采用的角色比其他主体更强角色。系统中的每个对象都具有一个具有条目列表的访问控制列表（ACL）。每个条目都是简单的主体或复合主体。允许的复合主体的集合被限制为根据每个复合主体的连接，委派和角色部分的定义的分级顺序的简单主体，角色，委托和连接的允许的组合的预定义集合。成员资格表中的假设通过允许条目仅指定允许访问的最弱主体和角色来减少ACL中所需的条目数。如果请求者比所请求的资源的访问控制列表中的任何一个条目更强，由在分布式系统的每个节点处发现的参考监视器处理的参考检查过程就会授予访问请求。此外，如果对于前一个条目中的每个连词都有一个更强的连接，则一个条目比另一个条目更强。引用检查过程中参考监视器使用的附加规则管理将请求方主体中的连接与访问控制列表条目中的连接进行比较的过程，以及使用假设来比较主体和角色的相对强度。

14. 发明授权

US08745738B2 Vouching for user account using social networking relationship 有权
标题翻译：使用社交网络关系为用户帐户提供支持
公开(公告)号：US08745738B2
公开(公告)日：2014-06-03
申请号：US13350806
申请日：2012-01-15
申请人： Yinglian Xie , Fang Yu , Qifa Ke , Martin Abadi , Eliot C. Gillum , Krishna Vitaldevara , Jason D. Walter
发明人： Yinglian Xie , Fang Yu , Qifa Ke , Martin Abadi , Eliot C. Gillum , Krishna Vitaldevara , Jason D. Walter
IPC分类号： G06F12/14 , G06F15/16 , G06F13/00 , H04L29/06 , G06F11/00
CPC分类号： G06F21/316 , G06F21/33 , G06Q50/01
摘要： Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph.
摘要翻译：确定应用程序提供程序的可信用户帐户。使用与受信任帐户相对应的每个节点来创建诸如树之类的图形。每个节点都与一个备份配额相关联，或者节点可以共享一个备份配额。不信任的用户帐户被确定。对于每个这些不受信任的帐户，确定具有社交网络关系的可信用户帐户。如果与受信任用户帐户相对应的节点具有足够的备用配额来保证不受信任的用户帐户，则会将配额扣除，为图中不可信任的用户帐户添加一个节点，并为不受信任的用户帐户进行验证。如果不是，可以从图中的其他节点借用可用的支票配额。

15. 发明授权

US08266604B2 Transactional memory compatibility management 有权
标题翻译：事务性内存兼容性管理
公开(公告)号：US08266604B2
公开(公告)日：2012-09-11
申请号：US12359492
申请日：2009-01-26
申请人： Dana Groff , Yosseff Levanoni , Stephen Toub , Michael McKenzie Magruder , Weirong Zhu , Timothy Lawrence Harris , Christopher William Dern , John Joseph Duffy , David Detlefs , Martin Abadi , Sukhdeep Singh Sodhi , Lingli Zhang , Alexander Dadiomov , Vinod Grover
发明人： Dana Groff , Yosseff Levanoni , Stephen Toub , Michael McKenzie Magruder , Weirong Zhu , Timothy Lawrence Harris , Christopher William Dern , John Joseph Duffy , David Detlefs , Martin Abadi , Sukhdeep Singh Sodhi , Lingli Zhang , Alexander Dadiomov , Vinod Grover
IPC分类号： G06F12/00 , G06F9/44
CPC分类号： G06F8/44
摘要： Transactional memory compatibility type attributes are associated with intermediate language code to specify, for example, that intermediate language code must be run within a transaction, or must not be run within a transaction, or may be run within a transaction. Attributes are automatically produced while generating intermediate language code from annotated source code. Default rules also generate attributes. Tools use attributes to statically or dynamically check for incompatibility between intermediate language code and a transactional memory implementation.
摘要翻译：事务性内存兼容性类型属性与中间语言代码相关联，以指定例如中间语言代码必须在事务中运行，或者不能在事务中运行，或者可以在事务中运行。自动生成属性，同时从注释的源代码生成中间语言代码。默认规则也生成属性。工具使用属性来静态或动态地检查中间语言代码和事务内存实现之间的不兼容性。

16. 发明授权

US08185613B2 Host accountability using unreliable identifiers 有权
标题翻译：使用不可靠的标识符托管问责制
公开(公告)号：US08185613B2
公开(公告)日：2012-05-22
申请号：US12479882
申请日：2009-06-08
申请人： Yinglian Xie , Fang Yu , Martin Abadi
发明人： Yinglian Xie , Fang Yu , Martin Abadi
IPC分类号： G06F17/30
CPC分类号： H04L63/1408 , H04L2463/144
摘要： An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e.g., network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. To generate a host tracking graph, a host is represented. Host representations may be application-dependent. In an implementation, application-level identifiers (IDs) such as user email IDs, messenger login IDs, social network IDs, or cookies may be used. Each identifier may be associated with a human user. These unreliable IDs can be used to track the activity of the corresponding hosts.
摘要翻译： IP（互联网协议）地址是互联网中主机网络流量的直接可观察标识符，主机的IP地址可以动态更改。可以执行流量分析（例如，网络活动或应用请求）日志，并且可以生成显示主机及其与IP地址的绑定的主机跟踪图。可以使用主机跟踪图来确定主机责任。要生成主机跟踪图，表示主机。主机表示可能取决于应用程序。在实现中，可以使用诸如用户电子邮件ID，信使登录ID，社交网络ID或cookie的应用级标识符（ID）。每个标识符可以与人类用户相关联。这些不可靠的ID可用于跟踪相应主机的活动。

17. 发明授权

US08180986B2 Memory conflict detection via mapping of the physical heap to control access permissions to the memory 有权
标题翻译：通过物理堆映射来检测内存冲突，以控制对内存的访问权限
公开(公告)号：US08180986B2
公开(公告)日：2012-05-15
申请号：US12212025
申请日：2008-09-17
申请人： Timothy Harris , Martin Abadi
发明人： Timothy Harris , Martin Abadi
IPC分类号： G06F12/00
CPC分类号： G06F12/145 , G06F9/528
摘要： A transactional memory system is described for reporting memory access violations which occur when memory accesses made from instructions within a transaction conflict with memory accesses to the same memory location made from a non-transactional instruction. In an embodiment this is achieved by creating two mappings of a physical heap being used by a thread. The thread (which may be part of a multi-threaded process) comprises instructions for both transactional and non-transactional accesses to the physical heap which may execute concurrently as part of that thread. One of the mappings is used for non-transactional memory accesses to the physical heap. The other mapping is used for transactional memory accesses to the physical heap. Access permissions associated with the mappings are controlled to enable attempted memory access violations to be detected and reported.
摘要翻译：描述了一种事务性存储器系统，用于报告存储器访问冲突的发生，当由事务内的指令进行的存储器访问与从非事务性指令进行的存储器访问的存储器访问冲突时发生。在一个实施例中，这是通过创建由线程使用的物理堆的两个映射来实现的。线程（可以是多线程进程的一部分）包括用于对物理堆的事务和非事务性访问的指令，该物理堆可以作为该线程的一部分同时执行。其中一个映射用于对物理堆的非事务内存访问。另一个映射用于对物理堆的事务内存访问。控制与映射关联的访问权限，以便检测和报告尝试的内存访问冲突。

18. 发明申请

US20120102169A1 AUTOMATIC IDENTIFICATION OF TRAVEL AND NON-TRAVEL NETWORK ADDRESSES 有权
标题翻译：自动识别旅行和非旅行网络地址
公开(公告)号：US20120102169A1
公开(公告)日：2012-04-26
申请号：US12909839
申请日：2010-10-22
申请人： Fang Yu , Yinglian Xie , Martin Abadi , Stefan Roberts Savage , Geoffrey Michael Voelker , Andreas Pitsillidis
发明人： Fang Yu , Yinglian Xie , Martin Abadi , Stefan Roberts Savage , Geoffrey Michael Voelker , Andreas Pitsillidis
IPC分类号： G06F15/173
CPC分类号： H04L67/18 , H04L61/15 , H04L61/609 , H04L63/1425
摘要： A system to automatically classify types of IP addresses associated with a user. Information, such as user names, machine information, IP address, etc., may be obtained from logs. For each user or host in the logs, home IP addresses are identified from IP addresses where the user or host shows a predetermined level of activity. Travel IP addresses are identified, which are IP addresses at locations greater than a predetermined distance from the home IP addresses, as determined from geolocation data. A pattern analysis may be performed to determine which of the home IP addresses are work IP addresses associated with the user or host. The system may thus provide a classification of a user's or host's associated IP addresses as being one of travel, home, and work IP addresses. From this classification, mobility patterns may be derived, as well as applications to enhance security, advertising, search and network management.
摘要翻译：用于自动分类与用户相关联的IP地址类型的系统。可以从日志中获取诸如用户名，机器信息，IP地址等的信息。对于日志中的每个用户或主机，归属IP地址从用户或主机显示预定级别的活动的IP地址识别。识别出旅行IP地址，这些IP地址在距离家庭IP地址大于预定距离的位置处，这是根据地理定位数据确定的。可以执行模式分析以确定哪个归属IP地址是与用户或主机相关联的工作IP地址。因此，系统可以将用户或主机的相关IP地址的分类提供为旅行，家庭和工作IP地址之一。从这种分类可以推导出移动性模式，以及增强安全性，广告，搜索和网络管理的应用。

19. 发明申请

US20100070727A1 Transactional Memory System 有权
标题翻译：事务性内存系统
公开(公告)号：US20100070727A1
公开(公告)日：2010-03-18
申请号：US12212025
申请日：2008-09-17
申请人： Timothy Harris , Martin Abadi
发明人： Timothy Harris , Martin Abadi
IPC分类号： G06F12/14
CPC分类号： G06F12/145 , G06F9/528
摘要： A transactional memory system is described for reporting memory access violations which occur when memory accesses made from instructions within a transaction conflict with memory accesses to the same memory location made from a non-transactional instruction. In an embodiment this is achieved by creating two mappings of a physical heap being used by a thread. The thread (which may be part of a multi-threaded process) comprises instructions for both transactional and non-transactional accesses to the physical heap which may execute concurrently as part of that thread. One of the mappings is used for non-transactional memory accesses to the physical heap. The other mapping is used for transactional memory accesses to the physical heap. Access permissions associated with the mappings are controlled to enable attempted memory access violations to be detected and reported.
摘要翻译：描述了一种事务性存储器系统，用于报告存储器访问冲突的发生，当由事务内的指令进行的存储器访问与从非事务性指令进行的存储器访问的存储器访问冲突时发生。在一个实施例中，这是通过创建由线程使用的物理堆的两个映射来实现的。线程（可以是多线程进程的一部分）包括用于对物理堆的事务和非事务性访问的指令，该物理堆可以作为该线程的一部分同时执行。其中一个映射用于对物理堆的非事务内存访问。另一个映射用于对物理堆的事务内存访问。控制与映射关联的访问权限，以便检测和报告尝试的内存访问冲突。

20. 发明申请

US20090083832A1 Modal and linear techniques for access control logic 审中-公开
标题翻译：访问控制逻辑的模态和线性技术
公开(公告)号：US20090083832A1
公开(公告)日：2009-03-26
申请号：US11903076
申请日：2007-09-20
申请人： Martin Abadi , Deepak Garg , David E. Langworthy
发明人： Martin Abadi , Deepak Garg , David E. Langworthy
IPC分类号： H04L9/32 , G06F17/00
CPC分类号： G06F21/6218
摘要： Access control logic may use logical constructs such as “says” and “speaks for”, and may be translated to modal logic. The modal logic may be used to determine the truth or falsehood of formulas in access control logic, which may be used in access control decisions. The modal logic may be S4, and access control logic, including “says” and “speaks for”, may be translated into S4. Linear logic may be used to guarantee separation of duty in access control.
摘要翻译：访问控制逻辑可以使用诸如“说”和“说话”之类的逻辑结构，并且可以被转换为模态逻辑。模态逻辑可用于确定访问控制逻辑中公式的真值或虚假，这可以用于访问控制决策。模态逻辑可以是S4，并且包括“说”和“说话”的访问控制逻辑可以被翻译成S4。线性逻辑可用于保证访问控制中的责任分离。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式