| Patent application number | Description | Published |
|---|
| 20080282354 | ACCESS CONTROL BASED ON PROGRAM PROPERTIES - A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access. | 11-13-2008 |
| 20080320299 | ACCESS CONTROL POLICY IN A WEAKLY-COHERENT DISTRIBUTED COLLECTION - A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority. | 12-25-2008 |
| 20090083832 | Modal and linear techniques for access control logic - Access control logic may use logical constructs such as “says” and “speaks for”, and may be translated to modal logic. The modal logic may be used to determine the truth or falsehood of formulas in access control logic, which may be used in access control decisions. The modal logic may be S | 03-26-2009 |
| 20090138625 | SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE - A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt. | 05-28-2009 |
| 20090204969 | TRANSACTIONAL MEMORY WITH DYNAMIC SEPARATION - Strong semantics are provided to programs that are correctly synchronized in their use of transactions by using dynamic separation of objects that are accessed in transactions from those accessed outside transactions. At run-time, operations are performed to identify transitions between these protected and unprotected modes of access. Dynamic separation permits a range of hardware-based and software-based implementations which allow non-conflicting transactions to execute and commit in parallel. A run-time checking tool, analogous to a data-race detector, may be provided to test dynamic separation of transacted data and non-transacted data. Dynamic separation may be used in an asynchronous I/O library. | 08-13-2009 |
| 20090204978 | SYNCHRONIZING SPLIT USER-MODE/KERNEL-MODE DEVICE DRIVER ARCHITECTURE - A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module. | 08-13-2009 |
| 20090210457 | TRANSACTIONAL MEMORY WITH DYNAMIC SEPARATION - Strong semantics are provided to programs that are correctly synchronized in their use of transactions by using dynamic separation of objects that are accessed in transactions from those accessed outside transactions. At run-time, operations are performed to identify transitions between these protected and unprotected modes of access. Dynamic separation permits a range of hardware-based and software-based implementations which allow non-conflicting transactions to execute and commit in parallel. A run-time checking tool, analogous to a data-race detector, may be provided to test dynamic separation of transacted data and non-transacted data. Dynamic separation may be used in an asynchronous I/O library. | 08-20-2009 |
| 20090210888 | SOFTWARE ISOLATED DEVICE DRIVER ARCHITECTURE - A device driver includes a hypervisor stub and a virtual machine driver module. The device driver may access device registers while operating within a virtual machine to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the hypervisor stub may run an interrupt service routine and write information to shared memory. Control is passed to the virtual machine driver module by a reflector. The virtual machine driver module may then read the information from the shared memory to continue servicing the interrupt. | 08-20-2009 |
| 20100191930 | TRANSACTIONAL MEMORY COMPATIBILITY MANAGEMENT - Transactional memory compatibility type attributes are associated with intermediate language code to specify, for example, that intermediate language code must be run within a transaction, or must not be run within a transaction, or may be run within a transaction. Attributes are automatically produced while generating intermediate language code from annotated source code. Default rules also generate attributes. Tools use attributes to statically or dynamically check for incompatibility between intermediate language code and a transactional memory implementation. | 07-29-2010 |
| 20100192026 | IMPLEMENTATIONS OF PROGRAM RUNTIME CHECKS - Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways. | 07-29-2010 |
| 20100312877 | HOST ACCOUNTABILITY USING UNRELIABLE IDENTIFIERS - An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e.g., network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. To generate a host tracking graph, a host is represented. Host representations may be application-dependent. In an implementation, application-level identifiers (IDs) such as user email IDs, messenger login IDs, social network IDs, or cookies may be used. Each identifier may be associated with a human user. These unreliable IDs can be used to track the activity of the corresponding hosts. | 12-09-2010 |
