Patents by Inventor Gregory D. Fee
Gregory D. Fee has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20130013577Abstract: In accordance with embodiments disclosed herein, there are provided mechanisms and methods for batch processing in an on-demand service environment. For example, in one embodiment, mechanisms include receiving a processing request for a multi-tenant database, in which the processing request specifies processing logic and a processing target group within the multi-tenant database. Such an embodiment further includes dividing or chunking the processing target group into a plurality of processing target sub-groups, queuing the processing request with a batch processing queue for the multi-tenant database among a plurality of previously queued processing requests, and releasing each of the plurality of processing target sub-groups for processing in the multi-tenant database via the processing logic at one or more times specified by the batch processing queue.Type: ApplicationFiled: September 14, 2012Publication date: January 10, 2013Applicant: SALESFORCE.COM, INC.Inventors: Gregory D. Fee, William J. Gallagher
-
Patent number: 8245270Abstract: Access to a resource by sandboxed code is dynamically authorized by a client security system based on a resource based policy. A sandboxed application running on a client is granted access to a resource based on a resource based policy despite denial of the access based on a static policy associated with the client security system. The granting of access coincides with the determination that the threat to a user or the user's information is not increased should the access be granted.Type: GrantFiled: September 1, 2005Date of Patent: August 14, 2012Assignee: Microsoft CorporationInventors: Jeffrey M. Cooperstein, Aaron R. Goldfeder, Gregory D. Fee, John M. Hawkins, Venkatraman Kudallur
-
Publication number: 20110264861Abstract: Execution of code in a multitenant runtime environment. A request to execute code corresponding to a tenant identifier (ID) is received in a multitenant environment. The multitenant database stores data for multiple client entities each identified by a tenant ID having one of one or more users associated with the tenant ID. Users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity. The multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities. Source code corresponding to the code to be executed is retrieved from a multitenant database. The retrieved source code is compiled. The compiled code is executed in the multitenant runtime environment. The memory used by the compiled code is freed in response to completion of the execution of the compiled code.Type: ApplicationFiled: April 21, 2011Publication date: October 27, 2011Applicant: SALESFORCE.COMInventors: Gregory D. Fee, William J. Gallagher
-
Publication number: 20110265069Abstract: A method for evaluating bytecode in an on-demand service environment. A request to compile source code is received in a multitenant database environment. One or more limit enforcement mechanisms is/are inserted into the source code to monitor utilization of one or more corresponding resources within the multitenant database environment. The source code is compiled to generate executable code. The executable code is executed within the multitenant database environment. Resource utilization is evaluated for the one or more resources in response to executing code corresponding to at least one of the limit enforcement mechanisms.Type: ApplicationFiled: April 21, 2011Publication date: October 27, 2011Applicant: SALESFORCE.COMInventors: Gregory D. Fee, William J. Gallagher
-
Publication number: 20110265066Abstract: Techniques and mechanisms for conversion of code of a first type to bytecode. Apex provides various unique characteristics. When converting to bytecode, these characteristics are handled to provide bytecode functionality. Some of the unique characteristics of Apex include Autoboxing, SOQL, Properties, Comparisons, Modifiers, Code coverage mechanisms and Sharing mechanisms.Type: ApplicationFiled: April 21, 2011Publication date: October 27, 2011Applicant: SALESFORCE.COMInventors: Gregory D. Fee, William J. Gallagher
-
Publication number: 20110258630Abstract: In accordance with embodiments disclosed herein, there are provided mechanisms and methods for batch processing in an on-demand service environment. For example, in one embodiment, mechanisms include receiving a processing request for a multi-tenant database, in which the processing request specifies processing logic and a processing target group within the multi-tenant database. Such an embodiment further includes dividing or chunking the processing target group into a plurality of processing target sub-groups, queuing the processing request with a batch processing queue for the multi-tenant database among a plurality of previously queued processing requests, and releasing each of the plurality of processing target sub-groups for processing in the multi-tenant database via the processing logic at one or more times specified by the batch processing queue.Type: ApplicationFiled: March 31, 2011Publication date: October 20, 2011Applicant: Salesforce.com, Inc.Inventors: Gregory D. Fee, William J. Gallagher
-
Patent number: 8024770Abstract: Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.Type: GrantFiled: June 21, 2006Date of Patent: September 20, 2011Assignee: Microsoft CorporationInventors: Gregory D. Fee, Brian A. LaMacchia, Blair Dillaway
-
Patent number: 7779460Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.Type: GrantFiled: April 17, 2007Date of Patent: August 17, 2010Assignee: Microsoft CorporationInventors: Gregory D. Fee, Brian Pratt, Sebastian Lange, Loren Kohnfelder
-
Patent number: 7770202Abstract: A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.Type: GrantFiled: February 3, 2004Date of Patent: August 3, 2010Assignee: Microsoft CorporationInventors: Christopher W. Brumme, Vance Morrison, Sebastian Lange, Gregory D. Fee, Dario Russi, Simon Jeremy Hall, Mahesh Prakriya, Brian F. Sullivan
-
Patent number: 7743423Abstract: All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.Type: GrantFiled: February 3, 2004Date of Patent: June 22, 2010Assignee: Microsoft CorporationInventors: Sebastian Lange, Gregory D. Fee, Aaron Goldfeder, Ivan Medvedev, Michael Gashler
-
Patent number: 7669238Abstract: Evidence-based application security may be implemented at the application and/or application group levels. A manifest may be provided defining at least one trust condition for the application or application group. A policy manager evaluates application evidence (e.g., an XrML license) for an application or group of applications relative to the manifest. The application is only granted permissions on the computer system if the application evidence indicates that the application is trusted. Similarly, a group of applications are only granted permissions on the computer system if the evidence indicates that the group of applications is trusted. If the application evidence satisfies the at least one trust condition defined by the manifest, the policy manager generates a permission grant set for each code assembly that is a member of the at least one application. Evidence may be further evaluated for code assemblies that are members of the trusted application or application group.Type: GrantFiled: November 10, 2003Date of Patent: February 23, 2010Assignee: Microsoft CorporationInventors: Gregory D. Fee, Aaron Goldfeder, John M. Hawkins, Jamie L. Cool, Sebastian Lange, Sergey Khorun
-
Patent number: 7647629Abstract: A host operating in a managed environment intercepts a call from a managed caller to a particular callee and determines whether the call is permissible according to the host's prior configuration of a plurality of callees. The particular callee, which provides access to a resource that the host can be protecting, can have been previously configured by the host to always allow the call to be made, to never allow the call to be made, or to allow the call to be made based upon the degree to which the host trusts the managed caller.Type: GrantFiled: February 3, 2004Date of Patent: January 12, 2010Assignee: Microsoft CorporationInventors: Christopher W. Brumme, Sebastian Lange, Gregory D. Fee, Michael Gashler, Mahesh Prakriya
-
Patent number: 7581231Abstract: An application program interface (API) provides a set of functions for application developers who build Web applications on Microsoft Corporation's .NET™ platform.Type: GrantFiled: February 28, 2002Date of Patent: August 25, 2009Assignee: Microsoft CorporationInventors: Adam W. Smith, Anthony J. Moore, Anders Hejlsberg, Brian A. LaMacchia, Blaine J. Dockter, Brian M. Grunkemeyer, Brian K. Pepin, Caleb L. Doise, Christopher W. Brumme, Chad W. Royal, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Dedu-Constantin, Daniel Takacs, David S. Ebbo, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Giovanni M. Della-Libera, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Jun Fang, Krzysztof J. Cwalina, Keith W. Ballinger, Lance E. Olson, Loren M. Kohnfelder, Luca Bolognese, Manu Vasandani, Mark T. Anders, Mark P. Ashton, Mark A. Boulter, Mark W. Fussell, Michael M. Magruder, Manish S. Prabhu, Neetu Rajpal, Nikhil Kothari, Nithyalakshmi Sampathkumar, Nicholas M. Kramer, Omri Gazitt, Radu Rares Palanca, Raja Krishnaswamy, Robert M. Howard, Ramasamy Krishnaswamy, Shawn P. Burke, Scott D. Guthrie, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Subhag P. Oak, Sreeram Nivarthi, Stefan H. Pharies, Suzanne M. Cook, Susan M. Warren, Tarun Anand, Travis J. Muhlestein, William A. Adams, Yan Leshinsky, Yann E. Christensen, Yung-shin Lin, Stephen J. Millet, Joseph Roxe, Alan Boshier, Henry L. Sanders, David Bau
-
Publication number: 20090193493Abstract: Software tools assist an access-policy analyst or creator to debug and/or author access policies. An access request contains a query that evaluates to either true or false depending on whether access is to be allowed. Abduction may be used to generate assumptions that, if true, would cause the access request to be true. The tool may perform analysis on the generated assumptions, such as: comparing the assumptions with tokens to detect errors in the tokens or to suggest changes to the tokens that would cause the query to be satisfied, or comparing the assumptions to a meta-policy. The tool may allow an analysis, policy author, or other person to interactively walk through assumptions in order to see the implications of the access policy.Type: ApplicationFiled: January 28, 2008Publication date: July 30, 2009Applicant: MICROSOFT CORPORATIONInventors: Moritz Y. Becker, Blair B. Dillaway, Gregory D. Fee, Jason F. Mackay, Jason Hogg, John M. Leen
-
Publication number: 20090165110Abstract: Access to a resource may be controlled by a policy, such that a request to access the resource is either granted or denied based on what assertions have been made by various principals. To find the assertions that support a grant of access to the resource, a template may be created that defines the nature of assertions that would cause access to succeed. Assertions may be stored in the form of tokens. The template may be used to search an existing token store to find assertions that have been made, and/or to generate assertions that have not been found in the token store and that would satisfy the template. The assertions in the template may be created by performing an abductive reasoning process on an access query.Type: ApplicationFiled: December 21, 2007Publication date: June 25, 2009Applicant: MICROSOFT CORPORATIONInventors: Moritz Y. Becker, Blair B. Dillaway, Gregory D. Fee, John M. Leen, Jason F. Mackay
-
Publication number: 20080066147Abstract: Composable security policies enable multiple authorization policies to be combined into a composed effective authorization policy such that policy authoring rights may be arbitrarily and flexibly delegated. In an example implementation, making an authorization decision based on a composed effective policy is described. In another example implementation, the delegation of policy authoring rights using an assertion in accordance with a security language is described. In yet another example implementation, a security authorization system is described that includes a mechanism enabling an administrator to explicitly grant all or a part of policy authoring rights to another administrator.Type: ApplicationFiled: September 11, 2006Publication date: March 13, 2008Applicant: Microsoft CorporationInventors: Blair B. Dillaway, Brian A. LaMacchia, Gregory D. Fee
-
Publication number: 20070300285Abstract: Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.Type: ApplicationFiled: June 21, 2006Publication date: December 27, 2007Applicant: Microsoft CorporationInventors: Gregory D. Fee, Brian A. LaMacchia, Blair Dillaway
-
Patent number: 7310822Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.Type: GrantFiled: November 14, 2005Date of Patent: December 18, 2007Assignee: Microsoft CorporationInventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory D. Fee, Michael J. Toutonghi
-
Patent number: 7251834Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.Type: GrantFiled: October 20, 2005Date of Patent: July 31, 2007Assignee: Microsoft CorporationInventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory D. Fee, Michael J. Toutonghi
-
Patent number: 7207064Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.Type: GrantFiled: June 5, 2002Date of Patent: April 17, 2007Assignee: Microsoft CorporationInventors: Gregory D. Fee, Brian Pratt, Sebastian Lange, Loren Kohnfelder