CN103975336B - 对动态语言值中的安全性标签进行编码的方法和计算装置 - Google Patents

对动态语言值中的安全性标签进行编码的方法和计算装置 Download PDF

Info

Publication number
CN103975336B
CN103975336B CN201280054410.3A CN201280054410A CN103975336B CN 103975336 B CN103975336 B CN 103975336B CN 201280054410 A CN201280054410 A CN 201280054410A CN 103975336 B CN103975336 B CN 103975336B
Authority
CN
China
Prior art keywords
safety tag
value
dynamic language
mode
tag
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201280054410.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN103975336A (zh
Inventor
克里斯托夫·克施鲍默
穆罕默德·H·雷夏迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN103975336A publication Critical patent/CN103975336A/zh
Application granted granted Critical
Publication of CN103975336B publication Critical patent/CN103975336B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2125Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Devices For Executing Special Programs (AREA)
  • Stored Programmes (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
CN201280054410.3A 2011-11-07 2012-09-28 对动态语言值中的安全性标签进行编码的方法和计算装置 Active CN103975336B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201161556658P 2011-11-07 2011-11-07
US61/556,658 2011-11-07
US13/399,136 2012-02-17
US13/399,136 US8898780B2 (en) 2011-11-07 2012-02-17 Encoding labels in values to capture information flows
PCT/US2012/057682 WO2013070334A1 (en) 2011-11-07 2012-09-28 Encoding labels in values to capture information flows

Publications (2)

Publication Number Publication Date
CN103975336A CN103975336A (zh) 2014-08-06
CN103975336B true CN103975336B (zh) 2016-10-26

Family

ID=48224691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280054410.3A Active CN103975336B (zh) 2011-11-07 2012-09-28 对动态语言值中的安全性标签进行编码的方法和计算装置

Country Status (9)

Country Link
US (1) US8898780B2 (enExample)
EP (1) EP2776970B1 (enExample)
JP (1) JP5707542B2 (enExample)
KR (1) KR101542335B1 (enExample)
CN (1) CN103975336B (enExample)
ES (1) ES2707866T3 (enExample)
HU (1) HUE041676T2 (enExample)
IN (1) IN2014CN03105A (enExample)
WO (1) WO2013070334A1 (enExample)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9171028B1 (en) * 2013-06-11 2015-10-27 Google Inc. Method of maintaining a large set of taint labels
CN106663171B (zh) * 2014-08-11 2019-12-10 日本电信电话株式会社 浏览器模拟器装置、构建装置、浏览器模拟方法以及构建方法
WO2017075546A1 (en) * 2015-10-28 2017-05-04 Hrl Laboratories, Llc System and method for maintaining security tags and reference counts for objects in computer memory
JP6472545B2 (ja) * 2016-01-27 2019-02-20 優太 竹田 処理システム、処理方法及びプログラム
US11403418B2 (en) * 2018-08-30 2022-08-02 Netskope, Inc. Enriching document metadata using contextual information
US10382518B2 (en) * 2016-03-22 2019-08-13 Google Llc Low latency applications using multiple servers
CN109213502B (zh) * 2017-06-30 2022-09-27 上海尚往网络科技有限公司 应用更新方法和装置
US11165704B2 (en) * 2019-04-30 2021-11-02 Ebay Inc. Adaptive encoding network
CN111770170B (zh) 2020-06-29 2023-04-07 北京百度网讯科技有限公司 请求处理方法、装置、设备和计算机存储介质
CN111949950A (zh) * 2020-08-20 2020-11-17 郑州昂视信息科技有限公司 一种应用软件的异构方法及系统
US11848949B2 (en) 2021-01-30 2023-12-19 Netskope, Inc. Dynamic distribution of unified policies in a cloud-based policy enforcement system
CN113808252B (zh) * 2021-08-19 2024-02-27 广西电网有限责任公司 基于交互性标签和宏的三维模型逐级重建方法
US11336689B1 (en) 2021-09-14 2022-05-17 Netskope, Inc. Detecting phishing websites via a machine learning-based system using URL feature hashes, HTML encodings and embedded images of content pages
CN114003412A (zh) * 2021-12-27 2022-02-01 支付宝(杭州)信息技术有限公司 小程序和宿主程序进行通信的方法和装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230949A1 (en) * 2003-05-14 2004-11-18 Vanish Talwar Native language verification system and method
US20070006294A1 (en) * 2005-06-30 2007-01-04 Hunter G K Secure flow control for a data flow in a computer and data flow in a computer network
US20070256117A1 (en) * 2006-05-01 2007-11-01 Patrick Shomo Systems and methods for the secure control of data within heterogeneous systems and networks
CN101160574A (zh) * 2004-05-28 2008-04-09 富可视公司 具有基于标签的通信协议的图像处理系统和方法
JP2008299414A (ja) * 2007-05-29 2008-12-11 Internatl Business Mach Corp <Ibm> コンテンツ処理システム、方法及びプログラム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2538352A3 (en) * 2003-07-11 2013-03-06 Google, Inc. System and method for providing Java server page security
US8732856B2 (en) * 2004-12-30 2014-05-20 Oracle International Corporation Cross-domain security for data vault
US20070107057A1 (en) * 2005-11-10 2007-05-10 Docomo Communications Laboratories Usa, Inc. Method and apparatus for detecting and preventing unsafe behavior of javascript programs
NO326590B1 (no) * 2007-04-16 2009-01-19 Kubekit As Fremgangsmate og anordning for verifikasjon av informasjonstilgang i IKT-system med flere sikkerhetsdimensjoner og sikkerhetsniva.
JP5383665B2 (ja) 2007-05-18 2014-01-08 セキュア・キーズ・プロプライエタリー・リミテッド セキュリティトークンならびにセキュリティトークンを生成およびデコードするためのシステムおよび方法
CN101662460B (zh) * 2008-08-25 2015-07-15 阿里巴巴集团控股有限公司 一种跨域通讯的方法、系统和装置
US8997217B2 (en) 2010-01-25 2015-03-31 Samsung Electronics Co., Ltd. Safely processing and presenting documents with executable text

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230949A1 (en) * 2003-05-14 2004-11-18 Vanish Talwar Native language verification system and method
CN101160574A (zh) * 2004-05-28 2008-04-09 富可视公司 具有基于标签的通信协议的图像处理系统和方法
US20070006294A1 (en) * 2005-06-30 2007-01-04 Hunter G K Secure flow control for a data flow in a computer and data flow in a computer network
US20070256117A1 (en) * 2006-05-01 2007-11-01 Patrick Shomo Systems and methods for the secure control of data within heterogeneous systems and networks
JP2008299414A (ja) * 2007-05-29 2008-12-11 Internatl Business Mach Corp <Ibm> コンテンツ処理システム、方法及びプログラム

Also Published As

Publication number Publication date
WO2013070334A1 (en) 2013-05-16
US20130117845A1 (en) 2013-05-09
EP2776970B1 (en) 2018-10-24
IN2014CN03105A (enExample) 2015-07-03
EP2776970A1 (en) 2014-09-17
HUE041676T2 (hu) 2019-05-28
CN103975336A (zh) 2014-08-06
JP2015501961A (ja) 2015-01-19
JP5707542B2 (ja) 2015-04-30
ES2707866T3 (es) 2019-04-05
US8898780B2 (en) 2014-11-25
KR101542335B1 (ko) 2015-08-05
KR20140090240A (ko) 2014-07-16

Similar Documents

Publication Publication Date Title
CN103975336B (zh) 对动态语言值中的安全性标签进行编码的方法和计算装置
EP3085050B1 (en) Privileged static hosted web applications
Luo et al. Attacks on WebView in the Android system
CN103562928B (zh) 用于阻挡使用跟踪的方法和装置
US11775629B2 (en) Client device information for controlling access to web applications
Chin et al. Bifocals: Analyzing webview vulnerabilities in android applications
US9195809B1 (en) Automated vulnerability and error scanner for mobile applications
US8789204B2 (en) Method and apparatus for secure cross-site scripting
CN105631355B (zh) 一种数据处理方法和装置
US20190089810A1 (en) Resource access method, apparatus, and system
CN115225707A (zh) 资源访问方法及装置
CN105610810A (zh) 一种数据处理方法、客户端和服务器
CN105631359A (zh) 一种网页操作的控制方法和装置
CN106030528A (zh) 数据代理服务
CN115017497B (zh) 信息处理方法、装置及存储介质
CN111163095A (zh) 网络攻击分析方法、网络攻击分析装置、计算设备和介质
US10686834B1 (en) Inert parameters for detection of malicious activity
Bao et al. Cross-site scripting attacks on android hybrid applications
CN103971059B (zh) 一种Cookie本地存储与使用方法
Raval et al. Permissions plugins as android apps
CN111163094A (zh) 网络攻击检测方法、网络攻击检测装置、电子设备和介质
Luo Attacks and countermeasures for WebView on mobile systems
CN116383823A (zh) 一种漏洞检测的方法、装置、存储介质及电子设备
KR101305755B1 (ko) 주소에 기반하여 스크립트 실행을 필터링하는 장치 및 방법
Zavou et al. Exploiting split browsers for efficiently protecting user data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant