Patent application number | Description | Published |
20090204978 | SYNCHRONIZING SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE - A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module. | 08-13-2009 |
20090210888 | SOFTWARE ISOLATED DEVICE DRIVER ARCHITECTURE - A device driver includes a hypervisor stub and a virtual machine driver module. The device driver may access device registers while operating within a virtual machine to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the hypervisor stub may run an interrupt service routine and write information to shared memory. Control is passed to the virtual machine driver module by a reflector. The virtual machine driver module may then read the information from the shared memory to continue servicing the interrupt. | 08-20-2009 |
20100192026 | IMPLEMENTATIONS OF PROGRAM RUNTIME CHECKS - Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways. | 07-29-2010 |
20100205588 | GENERAL PURPOSE DISTRIBUTED DATA PARALLEL COMPUTING USING A HIGH LEVEL LANGUAGE - General-purpose distributed data-parallel computing using a high-level language is disclosed. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. The distributed execution plan is then executed on large compute clusters. Thus, the developer is allowed to write the program using familiar programming constructs in the high level language. Moreover, developers without experience with distributed compute systems are able to take advantage of such systems. | 08-12-2010 |
20100241827 | High Level Programming Extensions For Distributed Data Parallel Processing - General-purpose distributed data-parallel computing using high-level computing languages is described. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. A set of extensions to a sequential high-level computing language are provided to support distributed parallel computations and to facilitate generation and optimization of distributed execution plans. The extensions are fully integrated with the programming language, thereby enabling developers to write sequential language programs using known constructs while providing the ability to invoke the extensions to enable better generation and optimization of the execution plan for a distributed computing environment. | 09-23-2010 |
Patent application number | Description | Published |
20090113403 | Replacing no operations with auxiliary code - A machine code computer program may comprise machine code directed to a main task and may contain no operations (NOPs). Some or all of the NOPs may be replaced with auxiliary code. Alternatively, the machine code computer program may be generated with auxiliary code where the NOPs would otherwise be. In some implementations, additional auxiliary code may also be provided in the machine code computer program. The auxiliary code and additional auxiliary code may comprise instructions that provide additional information about the machine code computer program in which they reside and its execution, but otherwise may act as NOPs with regard to the functionality of the machine code computer program. | 04-30-2009 |
20090138625 | SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE - A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt. | 05-28-2009 |
20090138937 | ENHANCED SECURITY AND PERFORMANCE OF WEB APPLICATIONS - A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application. | 05-28-2009 |
20090265715 | VEX - Virtual Extension Framework - Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process. | 10-22-2009 |
20120311698 | Methods and Systems for Using Derived User Accounts - Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA. | 12-06-2012 |
20130311782 | Packet Validation Using Watermarks - Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark hits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques. | 11-21-2013 |
20140150122 | Methods and Systems for Using Derived User Accounts - Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA. | 05-29-2014 |
20150047030 | Methods and Systems for Implementing a Secure Application Execution Environment Using Derived User Accounts for Internet Content - Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted. | 02-12-2015 |
20150052592 | Methods and Systems for Using Derived User Accounts - Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA. | 02-19-2015 |