Patents by Inventor Geoffrey Pike
Geoffrey Pike has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8819822Abstract: Mechanisms have been developed for securing computational systems against certain forms of attack. In particular, it has been discovered that, by scanning an input string for subsequences contained therein and configuring the computational system to generate a fault (or other triggered event) coincident with access to a memory location corresponding to one or more possible interpretations of data contained in the input string, it is possible to detect and/or interdict many forms of attack. For example, some realizations may scan for subsequences susceptible to interpretation as valid, canonical addresses, or as addresses in ranges that contain code, the stack, the heap, and/or system data structures such as the global offset table. Some realizations may scan for subsequences susceptible to interpretation as format strings or as machine code or code (source or otherwise) that could be executed in an execution environment (such as a Java™ virtual machine) or compiled for execution.Type: GrantFiled: March 30, 2006Date of Patent: August 26, 2014Assignee: VMware, Inc.Inventors: Geoffrey Pike, Edward N. Leake
-
Patent number: 8775748Abstract: One embodiment is a method for tracking data correspondences in a computer system including a host hardware platform, virtualization software running on the host hardware platform, and a virtual machine running on the virtualization software, the method including: (a) monitoring one or more data movement operations of the computer system; and (b) storing information regarding the one or more data movement operations in a data correspondence structure, which information provides a correspondence between data before one of the one or more data movement operations and data after the one of the one or more data movement operations. The “monitoring” may comprise monitoring data movement at one or more of an interface between the host hardware platform and the virtualization software, and an interface between the virtual machine and the virtualization software.Type: GrantFiled: May 21, 2013Date of Patent: July 8, 2014Assignee: VMware, Inc.Inventors: Osten Kit Colbert, Geoffrey Pike
-
Publication number: 20140033309Abstract: A system that includes a memory and processor is provided. The processor is programmed to receive input data, determine that the input data is tainted, store the tainted input data in a location in the memory, and based on storing the tainted input data in the location, label the location as a tainted location. The processor is further programmed to assign a triggering event to the tainted location such that an action is initiated when the triggering event has occurred.Type: ApplicationFiled: June 10, 2013Publication date: January 30, 2014Applicant: VMWARE, INC.Inventors: Edward N. LEAKE, Geoffrey PIKE
-
Patent number: 8621607Abstract: Mechanisms have been developed for securing computational systems against certain forms of attack. Taint status for data accessible by processes is selectively maintained and propagated in correspondence with information flows of instructions executed by a computing system, so that a security (or other appropriate) response can be provided if and when a control transfer (or other restricted use) is attempted based on tainted data. One response that may be triggered is a change in the privilege level (root and guest) that is used to process code executing in a virtual environment, so as to allow remediation to be performed. The triggering events may be specified in a control block.Type: GrantFiled: April 9, 2008Date of Patent: December 31, 2013Assignee: VMware, Inc.Inventor: Geoffrey Pike
-
Publication number: 20130263132Abstract: One embodiment is a method for tracking data correspondences in a computer system including a host hardware platform, virtualization software running on the host hardware platform, and a virtual machine running on the virtualization software, the method including: (a) monitoring one or more data movement operations of the computer system; and (b) storing information regarding the one or more data movement operations in a data correspondence structure, which information provides a correspondence between data before one of the one or more data movement operations and data after the one of the one or more data movement operations.Type: ApplicationFiled: May 21, 2013Publication date: October 3, 2013Applicant: VMware, Inc.Inventors: Osten Kit COLBERT, Geoffrey PIKE
-
Patent number: 8510827Abstract: Mechanisms have been developed for securing computational systems against certain forms of attack. In particular, it has been discovered that, by maintaining and propagating taint status for memory locations in correspondence with information flows of instructions executed by a computing system, it is possible to provide a security response if and when a control transfer (or other restricted use) is attempted based on tainted data. In some embodiments, memory management facilities and related exception handlers can be exploited to facilitate taint status propagation and/or security responses. Taint tracking through registers of a processor (or through other storage for which access is not conveniently mediated using a memory management facility) may be provided using an instrumented execution mode of operation. For example, the instrumented mode may be triggered by an attempt to propagate tainted information to a register. In some embodiments, an instrumented mode of operation may be more generally employed.Type: GrantFiled: September 29, 2006Date of Patent: August 13, 2013Assignee: VMware, Inc.Inventors: Edward N. Leake, Geoffrey Pike
-
Patent number: 8468310Abstract: One embodiment is a method for tracking data correspondences in a computer system including a host hardware platform, virtualization software running on the host hardware platform, and a virtual machine running on the virtualization software, the method including: (a) monitoring one or more data movement operations of the computer system; and (b) storing information regarding the one or more data movement operations in a data correspondence structure, which information provides a correspondence between data before one of the one or more data movement operations and data after the one of the one or more data movement operations.Type: GrantFiled: July 30, 2008Date of Patent: June 18, 2013Assignee: VMware, Inc.Inventors: Osten Kit Colbert, Geoffrey Pike
-
Patent number: 8141163Abstract: In a system where an indirect control flow instruction requires a CPU to consult a first memory address, in addition to what is encoded in the instruction itself, for program execution, a method is provided to determine if the first memory address contains a valid or plausible value. The first memory address is compared to an expected or predicted memory address. A difference between the expected or predicted memory address and the first memory address causes an evaluation of any program code about to be executed. The evaluation of code determines whether or not a malicious attack is occurring, or being attempted, that might affect proper operation of the system or program.Type: GrantFiled: May 21, 2008Date of Patent: March 20, 2012Assignee: VMware, Inc.Inventor: Geoffrey Pike
-
Patent number: 7958558Abstract: Mechanisms have been developed for securing computational systems against certain forms of attack. In particular, it has been discovered that, by maintaining and selectively propagating taint status for storage locations in correspondence with information flows of instructions executed by a computing system, it is possible to provide a security (or other appropriate) response if and when a control transfer (or other restricted use) is attempted based on tainted data. By employing aging in decisions to propagate, it is possible limit overheads associated with such tracking. In some embodiments, a decay oriented metric is applied and further propagation of taints is interrupted once aging reaches a predetermined decay threshold. In some embodiments, more generalized labels may be maintained and selectively propagated based on an aging metric. For example, in some embodiments, labels may be employed to code source designation or classification, aging, popularity/frequency of access or taint.Type: GrantFiled: November 14, 2006Date of Patent: June 7, 2011Assignee: VMware, Inc.Inventors: Edward N. Leake, Geoffrey Pike
-
Publication number: 20090038008Abstract: In a system where an indirect control flow instruction requires a CPU to consult a first memory address, in addition to what is encoded in the instruction itself, for program execution, a method is provided to determine if the first memory address contains a valid or plausible value. The first memory address is compared to an expected or predicted memory address. A difference between the expected or predicted memory address and the first memory address causes an evaluation of any program code about to be executed. The evaluation of code determines whether or not a malicious attack is occurring, or being attempted, that might affect proper operation of the system or program.Type: ApplicationFiled: May 21, 2008Publication date: February 5, 2009Applicant: VMware, Inc.Inventor: Geoffrey Pike
-
Publication number: 20090037672Abstract: One embodiment is a method for tracking data correspondences in a computer system including a host hardware platform, virtualization software running on the host hardware platform, and a virtual machine running on the virtualization software, the method including: (a) monitoring one or more data movement operations of the computer system; and (b) storing information regarding the one or more data movement operations in a data correspondence structure, which information provides a correspondence between data before one of the one or more data movement operations and data after the one of the one or more data movement operations.Type: ApplicationFiled: July 30, 2008Publication date: February 5, 2009Applicant: VMWARE, INC.Inventors: Osten Kit COLBERT, Geoffrey PIKE
-
Publication number: 20080216175Abstract: Mechanisms have been developed for securing computational systems against certain forms of attack. Taint status for data accessible by processes is selectively maintained and propagated in correspondence with information flows of instructions executed by a computing system, so that a security (or other appropriate) response can be provided if and when a control transfer (or other restricted use) is attempted based on tainted data. One response that may be triggered is a change in the privilege level (root and guest) that is used to process code executing in a virtual environment, so as to allow remediation to be performed. The triggering events may be specified in a control block.Type: ApplicationFiled: April 9, 2008Publication date: September 4, 2008Applicant: VMWARE, INC.Inventor: Geoffrey PIKE
-
Patent number: D322822Type: GrantFiled: December 15, 1988Date of Patent: December 31, 1991Inventors: David Yardley, Geoffrey Pike