Patents by Inventor Bharath Chandramohan
Bharath Chandramohan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8966623Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.Type: GrantFiled: March 8, 2011Date of Patent: February 24, 2015Assignee: VMware, Inc.Inventors: Oded Horovitz, Samuel Larsen, Gilad Arie Wolff, Marios Leventopoulos, Bharath Chandramohan
-
Patent number: 8656497Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: GrantFiled: April 1, 2011Date of Patent: February 18, 2014Assignee: VMware, Inc.Inventors: Saman P. Amarasinghe, Bharath Chandramohan, Charles Renert, Derek L. Bruening, Vladimir Kiriansky, Timothy Garnett, Sandy Wilbourn, Warren Wu
-
Patent number: 8171548Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: GrantFiled: April 21, 2010Date of Patent: May 1, 2012Assignee: VMware, Inc.Inventors: Srinivas Mantripragada, Timothy Garnett, Derek L. Bruening, Vladimir Kiriansky, Bharath Chandramohan, James Brink, Saman P. Amarasinghe, Sandy Wilbourn
-
Publication number: 20110219447Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.Type: ApplicationFiled: March 8, 2011Publication date: September 8, 2011Applicant: VMWARE, INC.Inventors: Oded HOROVITZ, Samuel LARSEN, Gilad Arie WOLFF, Marios LEVENTOPOULOS, Bharath CHANDRAMOHAN
-
Publication number: 20110185433Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: ApplicationFiled: April 1, 2011Publication date: July 28, 2011Applicant: VMWARE, INC.Inventors: Saman P. AMARASINGHE, Bharath CHANDRAMOHAN, Charles RENERT, Derek L. BRUENING, Vladimir L. KIRIANSKY, Tim GARNETT, Sandy WILBOURN, Warren Wu
-
Patent number: 7945958Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: GrantFiled: June 6, 2006Date of Patent: May 17, 2011Assignee: VMware, Inc.Inventors: Saman P. Amarasinghe, Bharath Chandramohan, Charles Renert, Derek L. Bruening, Vladimir L. Kiriansky, Tim Garnett, Sandy Wilbourn, Warren Wu
-
Publication number: 20100205669Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: ApplicationFiled: April 21, 2010Publication date: August 12, 2010Applicant: VMWARE, INC.Inventors: Srinivas MANTRIPRAGADA, Tim GARNETT, Derek BRUENING, Vladimir KIRIANSKY, Bharath CHANDRAMOHAN, James BRINK, Saman P. AMARASINGHE, Sandy WILBOURN
-
Patent number: 7735136Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: GrantFiled: April 18, 2006Date of Patent: June 8, 2010Assignee: VMware, Inc.Inventors: Srinivas Mantripragada, Tim Garnett, Derek Bruening, Vladimir Kiriansky, Bharath Chandramohan, James Brink, Saman P. Amarasinghe, Sandy Wilbourn
-
Publication number: 20060288420Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: ApplicationFiled: April 18, 2006Publication date: December 21, 2006Inventors: Srinivas Mantripragada, Tim Garnett, Derek Bruening, Vladimir Kiriansky, Bharath Chandramohan, James Brink, Saman Amarasinghe, Sandy Wilbourn
-
Publication number: 20060277539Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: ApplicationFiled: June 6, 2006Publication date: December 7, 2006Applicant: MASSACHUSETTS INSTITUTE OF TECHNOLOGYInventors: Saman Amarasinghe, Bharath Chandramohan, Charles Renert, Derek Bruening, Vladimir Kiriansky, Tim Garnett, Sandy Wilbourn, Warren Wu
-
Patent number: 6711619Abstract: A method, system, and apparatus for distributing and using portions of a computer-based application over a network, such as the internet. The present embodiment executes streamed chunks of code associated with an application on demand by binary emulation. Therefore the present invention enables execution of applications on network-based computer systems thereby enabling flexible distribution and use of executable code over a network. By streaming the transmission of non-sequentially ordered code chunks the present embodiment enables overlapping of streaming and execution of code chunks and reduces network latency effects of the past. The present embodiment may also speculatively stream the code chunks associated with the application to further reduce network latency effects associated with transmission of the code chunks.Type: GrantFiled: December 15, 1999Date of Patent: March 23, 2004Assignee: Hewlett-Packard Development Company, L.P.Inventors: Bharath Chandramohan, Mahesh Ramachandran
-
Patent number: 6421635Abstract: The invention determines whether any asynchronous signals are pending and then delivers any such pending signals to the emulated application before the control is transferred to the operating system. A first mechanism sets a global flag, and checks to determine if any signals are pending. If there are pending signals, the emulator halts the emulation of the system call, and delivers the signal to the emulated application. A second mechanism handles signals that arrive after the first mechanism has performed its check. This mechanism checks to see if the global flag is set when a signal arrives. If the flag is set, then the signal is delivered immediately. If the flag is not set, then the signal is deferred. A third mechanism establishes a watch state at the beginning of the emulation, which would be changed by any action of the operating system. When a signal comes in, the emulator checks the watch state. If it does not exist, then the emulator defers the system call.Type: GrantFiled: November 2, 1998Date of Patent: July 16, 2002Assignee: Hewlett-Packard CompanyInventors: Bharath Chandramohan, Rupert Brauch, David A. Dunn