-
公开(公告)号:US20060233367A1
公开(公告)日:2006-10-19
申请号:US11058950
申请日:2005-02-15
Applicant: Andrew Birrell , Edward Wobber , Muthukaruppan Annamalai , Ulfar Erlingsson
Inventor: Andrew Birrell , Edward Wobber , Muthukaruppan Annamalai , Ulfar Erlingsson
IPC: H04N7/167
CPC classification number: G06F12/0866 , G06F3/061 , G06F3/0656 , G06F3/0664 , G06F3/067 , G06F9/4451 , G06F9/45558 , G06F21/56 , G06F2009/45579 , G06F2212/2022 , G06F2212/2146 , G06F2212/222
Abstract: A system is provided for reading and writing sectors which may be realized as either a disk device to the local operating system, or as a virtual disk device to a virtual machine. A user's computing environment is stored in the network in the form of a disk image, which may be a virtual disk image, for example. The virtual disk is realized on host computers through host-resident virtual machine monitors such as MICROSOFT VIRTUAL PC®. Portable memory devices, such as flash devices, buffer virtual disk writes and cache reads, greatly reducing the performance degradation associated with remote disk access. The cache is mobile so that it can be travel with the user. The flash device remembers commonly used virtual disk content fingerprints so that the host machine's local disk can be used to satisfy many common disk reads when ubiquitous static content is involved. Standard, frequently used software images might be distributed in advance to host machines. Flash disk contents are trickled back into the networked parent disk image in order to provide an automatic backup facility, adding the benefit of ensuring that the flash drive doesn't overflow.
-
公开(公告)号:US20060161978A1
公开(公告)日:2006-07-20
申请号:US11036121
申请日:2005-01-14
Applicant: Martin Abadi , Mihai-Dan Budiu , Ulfar Erlingsson , Jay Ligatti
Inventor: Martin Abadi , Mihai-Dan Budiu , Ulfar Erlingsson , Jay Ligatti
IPC: G06F12/14
CPC classification number: G06F21/54 , G06F21/52 , G06F21/566
Abstract: Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.
-
公开(公告)号:US08850574B1
公开(公告)日:2014-09-30
申请号:US13037085
申请日:2011-02-28
Applicant: Jason Ansel , Cliff L. Biffle , Ulfar Erlingsson , David C. Sehr
Inventor: Jason Ansel , Cliff L. Biffle , Ulfar Erlingsson , David C. Sehr
IPC: G06F21/00
CPC classification number: G06F21/53
Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for runtime language-independent sandboxing of software. In one aspect, a system implements an extended Software Fault Isolation (SFI) software sandboxing system configured to provide a user-mode program interface for receiving runtime requests for modifying verifiably safe executable machine code. Requests can include dynamic code creation, dynamic code deletion, and atomic modification of machine code instructions. A runtime modification of a verifiably safe executable memory region is made in response to each received runtime request, and code within the modified memory region has a guarantee of safe execution.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于运行时语言无关的沙盒化软件。 在一个方面,系统实现扩展的软件故障隔离(SFI)软件沙箱系统,其配置为提供用于接收用于修改可验证安全的可执行机器代码的运行时请求的用户模式程序接口。 请求可以包括动态代码创建,动态代码删除和机器码指令的原子修改。 响应于每个接收的运行时间请求,进行可验证安全的可执行存储器区域的运行时修改,并且修改的存储器区域内的代码具有安全执行的保证。
-
24.发明授权公开(公告)号:US08209664B2
公开(公告)日:2012-06-26
申请号:US12406826
申请日:2009-03-18
Applicant: Yuan Yu , Ulfar Erlingsson , Michael A Isard , Frank McSherry
Inventor: Yuan Yu , Ulfar Erlingsson , Michael A Isard , Frank McSherry
IPC: G06F9/44
CPC classification number: H04L12/44 , G06F8/314 , G06F9/5066
Abstract: General-purpose distributed data-parallel computing using high-level computing languages is described. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. A set of extensions to a sequential high-level computing language are provided to support distributed parallel computations and to facilitate generation and optimization of distributed execution plans. The extensions are fully integrated with the programming language, thereby enabling developers to write sequential language programs using known constructs while providing the ability to invoke the extensions to enable better generation and optimization of the execution plan for a distributed computing environment.
Abstract translation: 描述了使用高级计算语言的通用分布式数据并行计算。 由开发者以高级语言编写的顺序程序的数据并行部分将自动转换为分布式执行计划。 提供了一组连续高级计算语言的扩展,以支持分布式并行计算,并促进分布式执行计划的生成和优化。 扩展与编程语言完全集成,从而使开发人员可以使用已知构造编写顺序语言程序,同时提供调用扩展的能力,以实现更好的生成和优化分布式计算环境的执行计划。
-
公开(公告)号:US08136091B2
公开(公告)日:2012-03-13
申请号:US11700451
申请日:2007-01-31
Applicant: Ulfar Erlingsson , Martin Abadi , Mihai-Dan Budiu
Inventor: Ulfar Erlingsson , Martin Abadi , Mihai-Dan Budiu
CPC classification number: G06F12/1441 , G06F21/52
Abstract: Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.
Abstract translation: 描述了用于控制流完整性(CFI)和XFI内存保护的指令集架构(ISA)扩展支持。 ISA用单个指令替代了CFI防护码。 以边界检查指示的形式为XFI提供ISA支持。 与软件卫士相比,CFI和XFI的硬件支持提高了执行效率和简单性。 此外,CFI指令的语义允许更精确的静态控制流程图编码,而不是以前的软件CFI实现。
-
Patent Agency Ranking
26.发明授权公开(公告)号:US07865934B2
公开(公告)日:2011-01-04
申请号:US11419145
申请日:2006-05-18
Applicant: Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
Inventor: Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
IPC: H04L29/00
CPC classification number: G06F21/6281
Abstract: Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.
Abstract translation: 这里描述了一种或多种实现,其便于在计算环境中的软件进程之间通过通信导线进行消息传递。 更具体地,所描述的实施方式通过在连接过程的特定管道上传递的消息来限制一个进程的访问,并且访问控制限制由与该特定管道相关联的合同定义。
-
27.发明申请公开(公告)号:US20100241827A1
公开(公告)日:2010-09-23
申请号:US12406826
申请日:2009-03-18
Applicant: Yuan Yu , Ulfar Erlingsson , Michael A. Isard , Frank McSherry
Inventor: Yuan Yu , Ulfar Erlingsson , Michael A. Isard , Frank McSherry
CPC classification number: H04L12/44 , G06F8/314 , G06F9/5066
Abstract: General-purpose distributed data-parallel computing using high-level computing languages is described. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. A set of extensions to a sequential high-level computing language are provided to support distributed parallel computations and to facilitate generation and optimization of distributed execution plans. The extensions are fully integrated with the programming language, thereby enabling developers to write sequential language programs using known constructs while providing the ability to invoke the extensions to enable better generation and optimization of the execution plan for a distributed computing environment.
Abstract translation: 描述了使用高级计算语言的通用分布式数据并行计算。 由开发者以高级语言编写的顺序程序的数据并行部分将自动转换为分布式执行计划。 提供了一组连续高级计算语言的扩展,以支持分布式并行计算,并促进分布式执行计划的生成和优化。 扩展与编程语言完全集成,从而使开发人员可以使用已知构造编写顺序语言程序,同时提供调用扩展的能力,以实现更好的生成和优化分布式计算环境的执行计划。
-
公开(公告)号:US07664927B2
公开(公告)日:2010-02-16
申请号:US11393014
申请日:2006-03-29
Applicant: Ulfar Erlingsson , Mark Steven Manasse , Frank D. McSherry , Abraham D. Flaxman
Inventor: Ulfar Erlingsson , Mark Steven Manasse , Frank D. McSherry , Abraham D. Flaxman
IPC: G06F12/00
CPC classification number: G06F17/30949
Abstract: Hash tables comprising load factors of up to and above 97% are disclosed. The hash tables may be associated with three or more hash functions, each hash function being applied to a key to identify a location in a hash table. The load factor of a hash table may be increased, obviating any need to increase the size of the hash table to accommodate more insertions. Such increase in load factor may be accomplished by a combination of increasing the number of cells per bucket in a hash table and increasing the number of hash functions associated with the hash table.
Abstract translation: 公开了包含高达和高于97%的负载因子的哈希表。 散列表可以与三个或更多个散列函数相关联,每个散列函数被应用于密钥以标识散列表中的位置。 可以增加散列表的负载因子,从而避免了增加哈希表的大小以适应更多的插入的任何需要。 负载因子的这种增加可以通过增加哈希表中的每个桶的单元数目并增加与散列表相关联的散列函数的数量的组合来实现。
-
公开(公告)号:US20090138937A1
公开(公告)日:2009-05-28
申请号:US11944460
申请日:2007-11-23
Applicant: Ulfar Erlingsson , Yinglian Xie , Ben Livshits , Cedric Fournet
Inventor: Ulfar Erlingsson , Yinglian Xie , Ben Livshits , Cedric Fournet
IPC: H04L9/00
CPC classification number: H04L63/1416 , G06F21/305 , G06F21/54 , G06F2221/2119 , G06F2221/2141 , H04L63/102
Abstract: A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.
Abstract translation: 客户端执行机制可以允许以编程方式在服务器处指定应用安全策略。 服务器可以将安全策略指定为服务器返回的页面中包含的JavaScript函数,并在其他脚本之前运行。 在运行时,并且在初始加载期间,客户机在每次修改页面时调用这些功能,以确保页面符合安全策略。 因此,在突变生效之前,策略可以转换该突变以及页面的代码和数据。 复制的代码执行可以在客户端和服务器上进行,其中服务器在可信执行环境中运行其自己的客户端应用程序的卷影副本,以便服务器可以检查来自客户机的方法调用是否对应于正确的 客户端应用程序的执行客户机上的冗余执行可以不受信任,但用于提高Web应用程序的响应性和性能。
-
公开(公告)号:US20070285271A1
公开(公告)日:2007-12-13
申请号:US11450493
申请日:2006-06-09
Applicant: Ulfar Erlingsson , Martin Abadi , Michael Vrable
Inventor: Ulfar Erlingsson , Martin Abadi , Michael Vrable
IPC: G08B5/00
CPC classification number: G06F21/52 , G06F12/1441
Abstract: A verifier performs static checks of machine code to ensure that the code will execute safely. After verification is performed, the code is executed. The code modules generated by the rewriter and verified by the verifier prevent runtime code modifications so that properties established by the verifier cannot be invalidated during execution. Guards ensure that control flows only as expected. Stack data that must be shared within a code module, and which may therefore be corrupted during execution, is placed on a separate data stack. Other stack data remains on the regular execution stack, called the control stack. Multiple memory accesses can be checked by a single memory-range guard, optimized for fast access to the most-frequently used memory.
Abstract translation: 验证者执行机器代码的静态检查,以确保代码将安全执行。 执行验证后,执行代码。 由重写器生成并由验证者验证的代码模块防止运行时代码修改,以便验证者建立的属性在执行过程中不能被无效。 护卫员确保控制只能按预期方式流动。 必须在代码模块中共享的堆栈数据,并且可能在执行期间被破坏的堆栈数据被放置在单独的数据堆栈上。 其他堆栈数据保留在常规执行堆栈中,称为控制堆栈。 多个存储器访问可以由单个存储器范围保护来检查,优化用于快速访问最常用的存储器。
-
-
-
-
-
-
-
-
-
Search Results
46
records
(took 0.023 seconds)
