公开(公告)号：US20050246718A1

公开(公告)日：2005-11-03

申请号：US10837971

申请日：2004-04-30

申请人： Ulfar Erlingsson ,  Edward Wobber ,  Paul Barham ,  Thomas Roeder

发明人： Ulfar Erlingsson ,  Edward Wobber ,  Paul Barham ,  Thomas Roeder

IPC分类号： G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  H04K1/00

CPC分类号： G06F9/4411 ,  G06F9/4401

摘要： Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

摘要翻译： 操作系统或软件应用程序的扩展可以托管在虚拟环境中，以隔离扩展。 由主机进程调用的通用代理扩展可以协调在虚拟进程中调用适当的扩展，该虚拟进程可以提供与主机进程相同的支持API。 此外，可以通过存储器复制或页表修改在虚拟过程中向用户模式上下文提供。 此外，可以通过克隆一致的状态来有效地启动虚拟进程，特别是在虚拟机上运行的虚拟操作系统进程。 当虚拟机启动时，或者计算设备启动并且观察并保存适当的参数时，可以创建一致的状态。 或者，操作系统可以通过相信在引导过程中有额外的CPU来创建一致的状态。

公开(公告)号：US20130346758A1

公开(公告)日：2013-12-26

申请号：US13528400

申请日：2012-06-20

申请人： Brian A. LaMacchia ,  Edmund B. Nightingale ,  Paul Barham

发明人： Brian A. LaMacchia ,  Edmund B. Nightingale ,  Paul Barham

IPC分类号： G06F21/00 ,  G06F12/14

CPC分类号： G06F21/445 ,  G06F21/76 ,  G06F21/85

摘要： Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.

摘要翻译： 现场可编程门阵列可用作通用计算系统中的共享可编程协处理器资源。 FPGA的组件是隔离的，用于保护FPGA和FPGA与计算机系统其他组件之间传输的数据。 例如，由FPGA写入存储器的数据被加密，并在从存储器读回时在FPGA内进行解密。 FPGA和GPU等其他组件（无论是直接还是通过内存）之间传输的数据可以使用通信组件已知的加密密钥进行加密。 传输的数据也可以由FPGA或其他组件进行数字签名，以提供认证。 编程FPGA的代码可以由作者进行加密和签名，在加密状态下加载到FPGA中，然后在使用代码编程FPGA之前，由FPGA自身对其进行解密和认证。

公开(公告)号：US20130346669A1

公开(公告)日：2013-12-26

申请号：US13528329

申请日：2012-06-20

申请人： Edmund B. Nightingale ,  Brian LaMacchia ,  Paul Barham

发明人： Edmund B. Nightingale ,  Brian LaMacchia ,  Paul Barham

IPC分类号： G06F12/02

CPC分类号： G06F8/65 ,  G06F9/44521 ,  G06F15/7871

摘要： A computer system includes one or more field programmable gate arrays as a coprocessor that can be shared among processes and programmed using hardware libraries. Given a set of hardware libraries, an update process periodically updates the libraries and/or adds new libraries. One or more update servers can provide information about libraries available for download, either in response to a request or by notifying systems using such libraries. New available libraries can be presented to a user for selection and download. Requests for updated libraries can arise in several ways, such as through polling for updates, exceptions from applications attempting to use libraries, and upon compilation of application code.

摘要翻译： 计算机系统包括作为协处理器的一个或多个现场可编程门阵列，其可以在进程之间共享并且使用硬件库进行编程。 给定一组硬件库，更新过程定期更新库和/或添加新库。 一个或多个更新服务器可以提供有关可供下载的库的信息，无论是响应请求还是通知使用此类库的系统。 可以将新的可用库呈现给用户进行选择和下载。 更新库的请求可以通过几种方式出现，例如通过轮询更新，尝试使用库的应用程序的异常以及编译应用程序代码。

公开(公告)号：US20130169626A1

公开(公告)日：2013-07-04

申请号：US13688093

申请日：2012-11-28

申请人： Alexandru Balan ,  Jason Flaks ,  Steve Hodges ,  Michael Isard ,  Oliver Williams ,  Paul Barham ,  Shahram Izadi ,  Otmar Hiliges ,  David Molyneaux ,  David Kim

发明人： Alexandru Balan ,  Jason Flaks ,  Steve Hodges ,  Michael Isard ,  Oliver Williams ,  Paul Barham ,  Shahram Izadi ,  Otmar Hiliges ,  David Molyneaux ,  David Kim

IPC分类号： G06T19/00

CPC分类号： G06T19/006 ,  G06F3/005 ,  G06F3/0304 ,  G09G3/003 ,  G09G2340/12 ,  G09G2340/125 ,  G09G2340/14 ,  G09G2354/00

摘要： A system and method for providing an augmented reality environment in which the environmental mapping process is decoupled from the localization processes performed by one or more mobile devices is described. In some embodiments, an augmented reality system includes a mapping system with independent sensing devices for mapping a particular real-world environment and one or more mobile devices. Each of the one or more mobile devices utilizes a separate asynchronous computing pipeline for localizing the mobile device and rendering virtual objects from a point of view of the mobile device. This distributed approach provides an efficient way for supporting mapping and localization processes for a large number of mobile devices, which are typically constrained by form factor and battery life limitations.

摘要翻译： 描述了一种用于提供增强现实环境的系统和方法，其中环境映射过程与由一个或多个移动设备执行的定位处理分离。 在一些实施例中，增强现实系统包括具有用于映射特定现实世界环境和一个或多个移动设备的独立感测设备的映射系统。 一个或多个移动设备中的每一个利用单独的异步计算流水线来定位移动设备并从移动设备的角度呈现虚拟对象。 这种分布式方法提供了一种有效的方式来支持大量移动设备的映射和定位过程，这些移动设备通常受形状因素和电池寿命限制的限制。

公开(公告)号：US08352797B2

公开(公告)日：2013-01-08

申请号：US12633326

申请日：2009-12-08

申请人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

发明人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

IPC分类号： G06F11/30

CPC分类号： G06F21/53 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/54 ,  G06F21/57 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/101

摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

摘要翻译： 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的仪器会强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过将函数调用重定向到 在插页库中调用包装器。 仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。

公开(公告)号：US08327390B2

公开(公告)日：2012-12-04

申请号：US12492045

申请日：2009-06-25

申请人： Ulfar Us Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

发明人： Ulfar Us Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

IPC分类号： G06F3/00

CPC分类号： G06F9/4411 ,  G06F9/4401

摘要： Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

摘要翻译： 操作系统或软件应用程序的扩展可以托管在虚拟环境中，以隔离扩展。 由主机进程调用的通用代理扩展可以协调在虚拟进程中调用适当的扩展，该虚拟进程可以提供与主机进程相同的支持API。 此外，可以通过存储器复制或页表修改在虚拟过程中向用户模式上下文提供。 此外，可以通过克隆一致的状态来有效地启动虚拟进程，特别是在虚拟机上运行的虚拟操作系统进程。 当虚拟机启动时，或者计算设备启动并且观察并保存适当的参数时，可以创建一致的状态。 或者，操作系统可以通过相信在引导过程中有额外的CPU来创建一致的状态。

公开(公告)号：US20060114825A1

公开(公告)日：2006-06-01

申请号：US11336007

申请日：2006-01-19

申请人： Derek McAuley ,  Paul Barham ,  Peter Key ,  Koenraad Laevens

发明人： Derek McAuley ,  Paul Barham ,  Peter Key ,  Koenraad Laevens

IPC分类号： H04L12/26

CPC分类号： H04L47/33 ,  H04L45/00 ,  H04L45/24 ,  H04L45/245 ,  H04L47/10 ,  H04L47/19 ,  Y02D50/30

摘要： Network congestion avoidance within aggregated channels is disclosed. In one embodiment, a method first transmits a packet associated with a first channel of a plurality of related channels from a source protocol layer (e.g., a source IP layer) of a source through a network (e.g., the Internet). Next, the method triggers an ECN event by the packet at the network. Finally, at least one channel is determined to have decreased packets transmitted therethrough, in response to the triggering of the ECN event (e.g., based on a congestion pricing criteria).