[ { "title": "Method and system for securing a third party communication with a hosting web page", "publication_date": "2009/02/11", "number": "08347352", "url": "/2009/11/02/method-and-system-for-securing-a-third-party-communication-with-a-hosting-web-page/", "abstract": "A method and system for securing hosting web pages from malicious third party modules. The method includes uploading a third party module to a hosting web page; validating a proxy API call received from the third party module, wherein the proxy API call includes at least a payload parameter provided by the third party module; generating an engine API call including at least the payload parameter; validating the engine API call; and executing the payload parameter if the engine API call is validated.", "owner": "Mediamind Technologies Ltd.", "owner_city": "Herzliya", "owner_country": "IL" }, { "title": "Malware protection using file input/output virtualization", "publication_date": "2009/08/04", "number": "08510838", "url": "/2009/04/08/malware-protection-using-file-inputoutput-virtualization/", "abstract": "Applications running in an API-proxy-based emulator are prevented from infecting a PC's hard disk when executing file I/O commands. Such commands are redirected to an I/O redirection engine instead of going directly to the PC's normal operating system where it can potentially harm files in on the hard disk. The redirection engine executes the file I/O command using a private storage area in the hard disk that is not accessible by the PC's normal operating system. If a file that is the subject of a file I/O command from an emulated application is not in the private storage area, a copy is made from the original that is presumed to exist in the public storage area. This copy is then acted on by the command and is stored in the private storage area, which can be described as a controlled, quarantined storage space on the hard disk. In this manner the PC's (or any computing device's) hard disk is defended from potential malware that may originate from applications running in emulated environments.", "owner": "Trend Micro, Inc.", "owner_city": "Tokyo", "owner_country": "JP" }, { "title": "Inferring missing type information for reflection", "publication_date": "2009/20/03", "number": "08407667", "url": "/2009/03/20/inferring-missing-type-information-for-reflection/", "abstract": "A stripped-down version of a library is generated from server source code extracted from a server project. The transitive closure of program entities extracted from the server source code and referenced by the extracted program entities can be computed. A placeholder entity can be inferred for an entity defined by the transitive closure computation if a definition of the entity cannot be found in the server source code. The stripped-down library generated from the extracted server source code is received by a reflection-based component that uses reflection to generate documentation and disclosure information helpful in the development of the client source code. A placeholder entity can be marked or decorated to signal to the reflection-based component that client source code is not to be generated for the decorated entities.", "owner": "Microsoft Corporation", "owner_city": "Redmond", "owner_country": "US" }, { "title": "Generating libraries for reflection without project compilation", "publication_date": "2009/20/03", "number": "08239823", "url": "/2009/03/20/generating-libraries-for-reflection-without-project-compilation/", "abstract": "A stripped-down version of a library is generated from server source code extracted from a server project under development. Information extracted from the server source code may include only that information which is exposed to a client project under development. The stripped-down library generated from the extracted server source code is received by a reflection-based component that uses reflection to generate documentation and disclosure information helpful in the development of the client source code. Because the server project does not have to be compiled or ready to be compiled before the software development information for the client project can be provided, development of the server side source code and the client side source code can proceed in tandem or incrementally.", "owner": "Microsoft Corporation", "owner_city": "Redmond", "owner_country": "US" } ]