会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Lockbox for mitigating same origin policy failures
    • Lockbox用于减轻相同的原始策略失败
    • US08782797B2
    • 2014-07-15
    • US12175264
    • 2008-07-17
    • Jiahe Helen WangXiaofeng FanShuo Chen
    • Jiahe Helen WangXiaofeng FanShuo Chen
    • G06F7/04
    • G06F21/55H04L63/1416
    • Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
    • 提供了管理在计算环境中发生的相同来源策略(SOP)故障的系统和方法。 在说明性实现中,示例性计算环境包括锁箱模块,以及指令集,其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令,以及根据 一个选定的SOP管理模式。 在说明性实现中,SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令,允许管理,监视和控制可在相同原始策略下操作的计算应用特征/操作。
    • 3. 发明授权
    • Immunizing HTML browsers and extensions from known vulnerabilities
    • 免疫HTML浏览器和已知漏洞的扩展
    • US08225392B2
    • 2012-07-17
    • US11183329
    • 2005-07-15
    • Opher DubrovskyBoaz Ein-GilJiahe Helen Wang
    • Opher DubrovskyBoaz Ein-GilJiahe Helen Wang
    • H04L29/06
    • H04L63/1433H04L63/145H04L67/02
    • An exemplary computer-implementable method (300) transforms or “immunizes” information to reduce or eliminate risk of exploitation of a known vulnerabilty of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and an immunization component (264, 268) for immunizing the information to prevent exploitation of a vulnerabilty of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.
    • 示例性的可计算机可实现的方法(300)转换或“免疫”信息以减少或消除利用软件服务的已知脆弱性的风险,并且包括响应于请求接收信息(304),将信息(308)变换为 产生变换后的信息并发送变换后的信息(312)。 示例性防火墙服务器(112)包括服务器软件(144,148),其允许防火墙服务器(112)经由网络从资源(104,108)接收信息,并将信息发送到客户端计算机(114)和 用于免疫所述信息以防止利用所述客户端计算机(114)上的浏览器软件(154)的脆弱性的免疫组件(264,268)。 还公开了各种其它示例性方法,装置,系统等。
    • 5. 发明授权
    • Method and system for filtering communications to prevent exploitation of a software vulnerability
    • 用于过滤通信以防止利用软件漏洞的方法和系统
    • US07694022B2
    • 2010-04-06
    • US10955963
    • 2004-09-30
    • Jason GarmsChuanxiong GuoDaniel R. SimonJiahe Helen WangAlf Peter Zugenmaier
    • Jason GarmsChuanxiong GuoDaniel R. SimonJiahe Helen WangAlf Peter Zugenmaier
    • G06F15/173G06F15/16G06F11/00
    • H04L63/1408H04L63/1433
    • A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.
    • 提供了一种用于保护实现通信协议以免利用基于通信的漏洞的应用的方法和系统。 保护系统提供了保护策略,指定如何识别暴露特定漏洞的消息,并指定暴露漏洞时采取的操作。 保护策略规定了暴露漏洞的消息及其有效载荷特征的顺序。 保护系统可以使用消息协议状态机来指定消息的序列。 应用程序的消息协议状态机表示应用程序在接收各种消息时转换的状态。 保护策略的消息协议状态机可以是与该漏洞相关的应用的消息协议状态机的一部分。 保护系统使用消息协议状态机来跟踪导致该漏洞暴露的状态。
    • 7. 发明申请
    • Systematic Approach to Uncover GUI Logic Flaws
    • 揭示GUI逻辑缺陷的系统方法
    • US20080127341A1
    • 2008-05-29
    • US11772085
    • 2007-06-29
    • Shuo ChenJiahe Helen WangYi-Min Wang
    • Shuo ChenJiahe Helen WangYi-Min Wang
    • H04L9/32G06F3/00
    • G06F11/3608G06F21/577G06F21/83
    • To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
    • 为了实现端到端的安全性,如果图形用户界面(GUI)的完整性受到损害,则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括:(1)将视觉不变量映射到程序不变; (2)对程序逻辑,用户动作和执行上下文进行正式建模,并系统地探索违反程序不变的可能性; (3)根据探索找到真正的欺骗攻击。
    • 9. 发明授权
    • Securing anti-virus software with virtualization
    • 使用虚拟化保护防病毒软件
    • US08307443B2
    • 2012-11-06
    • US11863870
    • 2007-09-28
    • Jiahe Helen WangJacob R. LorchBryan Jeffrey Parno
    • Jiahe Helen WangJacob R. LorchBryan Jeffrey Parno
    • G06F11/00
    • G06F21/53
    • The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.
    • 本发明涉及通过虚拟化来保护防病毒软件的系统和方法。 防病毒系统可以通过虚拟化与用户应用程序和操作系统分开维护。 用户应用程序和操作系统在客户虚拟机中运行,而防病毒系统在安全虚拟机中被隔离。 这些虚拟机是部分相互依赖的,因此防病毒系统可以监控用户应用程序和操作系统,同时防病毒系统保持免受来自用户环境的可能的恶意攻击。 此外,防病毒系统可以抵御零日攻击,从而可以在零日后发生检测和恢复。