专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060005227A1 Languages for expressing security policies 审中-公开
标题翻译：表达安全策略的语言
公开(公告)号：US20060005227A1
公开(公告)日：2006-01-05
申请号：US10882438
申请日：2004-07-01
申请人： Anders Samuelsson , Thomas Fakes , Arindam Chatterjee , Art Shelest , Mark Vayman , Rajesh Dadhia , Saveen Reddy , Shirish Koti , Steven Townsend
发明人： Anders Samuelsson , Thomas Fakes , Arindam Chatterjee , Art Shelest , Mark Vayman , Rajesh Dadhia , Saveen Reddy , Shirish Koti , Steven Townsend
IPC分类号： G06F17/00
CPC分类号： G06F21/6218
摘要： Languages for expressing security policies are provided. The languages comprise rules that specify conditions and actions. The rules may be enforced by a security engine when a security enforcement event occurs. The languages support data separation, dynamic evaluation, and ordered rule scope. By separating data from logic, security engines may only need to be updated with a portion of rules that change. With dynamic evaluation, expressions of rules may be evaluated dynamically, such as by querying a database, when a security engine enforces a rule. With ordered rule scope, when a security enforcement event implicates a number of rules simultaneously, the rules may be enforced in a deterministic and logically organized manner.
摘要翻译：提供表达安全策略的语言。语言包括指定条件和操作的规则。当安全执行事件发生时，规则可能由安全引擎执行。语言支持数据分离，动态评估和有序规则范围。通过将数据与逻辑分离，安全引擎可能只需要更改一部分更改的规则。通过动态评估，可以动态地评估规则表达式，例如通过查询数据库，安全引擎执行规则时。使用有序规则范围，当安全执行事件同时涉及多个规则时，可以以确定性和逻辑上有组织的方式强制执行规则。

2. 发明授权

US08453200B2 Access authorization having embedded policies 有权
公开(公告)号：US08453200B2
公开(公告)日：2013-05-28
申请号：US13273088
申请日：2011-10-13
申请人： Gilad Golan , Mark Vayman
发明人： Gilad Golan , Mark Vayman
IPC分类号： G06F17/00
CPC分类号： G06F21/30 , G06F17/30082 , G06F21/54 , G06F21/554 , G06F21/62
摘要： A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

3. 发明申请

US20120036554A1 ACCESS AUTHORIZATION HAVING EMBEDDED POLICIES 有权
标题翻译：具有嵌入式政策的访问授权
公开(公告)号：US20120036554A1
公开(公告)日：2012-02-09
申请号：US13273088
申请日：2011-10-13
申请人： Gilad Golan , Mark Vayman
发明人： Gilad Golan , Mark Vayman
IPC分类号： G06F21/00
CPC分类号： G06F21/30 , G06F17/30082 , G06F21/54 , G06F21/554 , G06F21/62
摘要： A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.
摘要翻译：提供了一种用于接收嵌入式策略的工具。该设施检查应用程序映像以了解是否存在嵌入式策略。如果检测到嵌入式策略，则该设施从应用程序映像内提取策略。然后，在应用程序图像被加载和/或执行之前，设备可以将提取的策略应用于应用程序图像。此外，该设施可以在提取嵌入式策略之前检查应用程序图像的完整性。

4. 发明授权

US07853993B2 Integrated access authorization 有权
标题翻译：集成访问授权
公开(公告)号：US07853993B2
公开(公告)日：2010-12-14
申请号：US12348649
申请日：2009-01-05
申请人： Mark Vayman
发明人： Mark Vayman
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , G06L29/06
CPC分类号： G06F21/57 , G06F21/6218 , G06F2221/2101
摘要： A facility for performing an access control check as an integral component of an operating system and utilizing a centralized policy store is provided. The facility executes as an integral part of an operating system executing on a computer and receives an authorization query to determine whether a principal has authorization to access a resource. The facility applies a policy maintained in a centralized policy store that is applicable to the principal to determine whether authorization exists to access the resource. If authorization does not exist, the facility denies the authorization query and records an indication of the denial of the authorization in an audit log. The facility may trigger events based on the auditing of authorization queries. The facility may also record an indication of authorization to access the resource in the audit log. The facility may additionally determine whether the authorization query is a request for authorization to perform an inherently dangerous operation, and record an indication of an authorization to perform the inherently dangerous operation in the audit log.
摘要翻译：提供了一种用于执行访问控制检查作为操作系统的组成部分并利用集中式策略存储的设施。该设施作为在计算机上执行的操作系统的组成部分执行，并且接收授权查询以确定主体是否具有访问资源的授权。该设施应用在集中策略存储中维护的策略，其适用于主体以确定是否存在访问资源的授权。如果授权不存在，则该设施将拒绝授权查询，并在审核日志中记录拒绝授权的指示。该设施可能会根据审核授权查询来触发事件。该设施还可以记录在审核日志中访问资源的授权指示。该设施可以另外确定授权查询是否是执行本质上危险的操作的授权请求，并且记录在审核日志中执行固有危险操作的授权指示。

5. 发明授权

US08931035B2 Access authorization having embedded policies 有权
公开(公告)号：US08931035B2
公开(公告)日：2015-01-06
申请号：US12944667
申请日：2010-11-11
申请人： Gilad Golan , Mark Vayman
发明人： Gilad Golan , Mark Vayman
IPC分类号： G06F21/30 , G06F21/54 , G06F21/55 , G06F21/62
CPC分类号： G06F21/30 , G06F17/30082 , G06F21/54 , G06F21/554 , G06F21/62
摘要： A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

6. 发明申请

US20110126260A1 ACCESS AUTHORIZATION HAVING EMBEDDED POLICIES 有权
标题翻译：具有嵌入式政策的访问授权
公开(公告)号：US20110126260A1
公开(公告)日：2011-05-26
申请号：US12944667
申请日：2010-11-11
申请人： Gilad Golan , Mark Vayman
发明人： Gilad Golan , Mark Vayman
IPC分类号： G06F21/00
CPC分类号： G06F21/30 , G06F17/30082 , G06F21/54 , G06F21/554 , G06F21/62
摘要： A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.
摘要翻译：提供了一种用于接收嵌入式策略的工具。该设施检查应用程序映像以了解是否存在嵌入式策略。如果检测到嵌入式策略，则该设施从应用程序映像内提取策略。然后，在应用程序图像被加载和/或执行之前，设备可以将提取的策略应用于应用程序图像。此外，该设施可以在提取嵌入式策略之前检查应用程序图像的完整性。

7. 发明申请

US20100280998A1 METADATA FOR DATA STORAGE ARRAY 有权
标题翻译：数据存储阵列的元数据
公开(公告)号：US20100280998A1
公开(公告)日：2010-11-04
申请号：US12432877
申请日：2009-04-30
申请人： David A. Goebel , James M. Lyon , Bulat Shelepov , Robert S. Kleinschmidt , Mark Vayman
发明人： David A. Goebel , James M. Lyon , Bulat Shelepov , Robert S. Kleinschmidt , Mark Vayman
IPC分类号： G06F12/16 , G06F17/30 , G06F12/00
CPC分类号： G06F3/0619 , G06F3/0665 , G06F3/0689 , G06F11/2058 , G06F11/2087 , G06F11/2094 , G06F17/30082 , G06F2003/0692
摘要： A data storage array may be made up of several storage devices, each of which may contain array metadata that may allow portions of the storage array to be used. A system may have a file system manager that may receive and respond to file system commands and a storage device manager that may store data on the several storage devices. Array metadata defining where data is stored within the storage array is stored on each device within the array. A policy engine may identify data to be stored on the array and determine if the data contains array metadata or other types of data and may store the data on every device, devices having specific characteristics, two or more devices, or one device.
摘要翻译：数据存储阵列可以由多个存储设备组成，每个存储设备可以包含可以允许使用存储阵列部分的阵列元数据。系统可以具有可以接收和响应文件系统命令的文件系统管理器以及可以在多个存储设备上存储数据的存储设备管理器。定义数据存储在存储阵列中的位置的数组元数据存储在阵列中的每个设备上。策略引擎可以识别要存储在阵列上的数据，并且确定数据是否包含阵列元数据或其他类型的数据，并且可以将数据存储在每个设备，具有特定特征的设备，两个或更多个设备或一个设备上。

8. 发明申请

US20100262802A1 Reclamation of Thin Provisioned Disk Storage 有权
标题翻译：精简配置磁盘存储的回收
公开(公告)号：US20100262802A1
公开(公告)日：2010-10-14
申请号：US12422327
申请日：2009-04-13
申请人： David A. Goebel , James M. Lyon , Bulat Shelepov , Robert S. Kleinschmidt , Mark Vayman
发明人： David A. Goebel , James M. Lyon , Bulat Shelepov , Robert S. Kleinschmidt , Mark Vayman
IPC分类号： G06F12/02
CPC分类号： G06F3/0608 , G06F3/0631 , G06F3/064 , G06F3/0665 , G06F3/0689
摘要： A thin provisioned storage system may have a file system manager that presents a logical storage system to a user and a storage management system that manages physical storage devices. When a block of data is freed at the logical layer, the file system manager may identify the freed block and send a command to the physical layer. The physical layer may identify the corresponding physical block or blocks and free those blocks on the physical layer. The storage management system may use a table to manage the location of blocks of data across multiple physical storage devices.
摘要翻译：精简配置的存储系统可以具有向用户呈现逻辑存储系统的文件系统管理器和管理物理存储设备的存储管理系统。当数据块在逻辑层被释放时，文件系统管理器可以识别被释放的块并向物理层发送命令。物理层可以识别对应的物理块或块，并释放物理层上的那些块。存储管理系统可以使用表来跨多个物理存储设备管理数据块的位置。

9. 发明授权

US07685632B2 Access authorization having a centralized policy 有权
标题翻译：具有集中策略的访问授权
公开(公告)号：US07685632B2
公开(公告)日：2010-03-23
申请号：US10956215
申请日：2004-10-01
申请人： Mark Vayman
发明人： Mark Vayman
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06
CPC分类号： H04L63/102 , G06F21/6218 , G06F2221/2101
摘要： A facility for performing an access control check is provided. The facility receives a request to perform an access control check to determine whether authorization exists to access a resource. The access control check is performed against the identity of a principal, a policy that applies to the principal, and the identity of the resource the principal wants to access. The principal may either be an application program or a combination of an application program and an identity of a user in whose context the application program is executing.
摘要翻译：提供了进行访问控制检查的设施。该设施接收到执行访问控制检查以确定是否存在访问资源的请求。访问控制检查是针对委托人的身份，适用于委托人的策略以及主体想要访问的资源的身份执行的。主体可以是应用程序，也可以是应用程序和应用程序在其上下文中正在执行的用户的身份的组合。

10. 发明授权

US08443433B2 Determining a merged security policy for a computer system 有权
公开(公告)号：US08443433B2
公开(公告)日：2013-05-14
申请号：US11823837
申请日：2007-06-28
申请人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , G06F21/577 , H04L63/0263
摘要： Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式