Patents by Inventor Gregory Darrell Fee
Gregory Darrell Fee has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8156558Abstract: Described is a mechanism for collectively evaluating security risks associated with loading an application. A hosting environment associated with loading the application invokes a trust manager to evaluate the security risks. The trust manager invokes a plurality of trust evaluators, where each trust evaluator is responsible for analyzing and assessing a different security risk. Upon completion of each security risk evaluation, results of those individual security risk evaluations are returned to the trust manager. The trust manager aggregates the variety of security risk evaluation results and makes a security determination based on the aggregated evaluation results. That determination may be to move forward with loading the application, to block the load of the application, or perhaps to prompt the user for a decision about whether to move forward with the load.Type: GrantFiled: May 17, 2003Date of Patent: April 10, 2012Assignee: Microsoft CorporationInventors: Aaron R. Goldfeder, John M. Hawkins, Sergey A. Khorun, Viresh N. Ramdatmisier, Joseph Thomas Farro, Gregory Darrell Fee, Jeremiah S. Epling, Andrew G. Bybee, Jingyang Xu, Tony Edward Schreiner, Jamie L. Cool
-
Patent number: 7814308Abstract: A system and method that allows developers to debug a component while it is restricted by any arbitrary set of specific permissions, or restricted by an existing permission set associated with a security “zone.” A security sandbox is mimicked within the development environment so that developers can study how applications perform inside the sandbox. Developers are able create any sandbox and debug inside it, where violating any bound of the artificial sandbox will throw a security exception and drop the user out on the exact line of code which generated the error, as well as provide helpful information about how to correct the error.Type: GrantFiled: August 27, 2004Date of Patent: October 12, 2010Assignee: Microsoft CorporationInventors: David Kehl Templin, Gregory Darrell Fee, Izydor Gryko, James Gordon Cantwell, Michael Eng, Sean Conway Draine, Stephanie Sweeny Saad
-
Patent number: 7131143Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies.Type: GrantFiled: June 21, 2000Date of Patent: October 31, 2006Assignee: Microsoft CorporationInventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee
-
Patent number: 7076557Abstract: A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation.Type: GrantFiled: July 10, 2000Date of Patent: July 11, 2006Assignee: Microsoft CorporationInventors: Brian A. LaMacchia, Gregory Darrell Fee, Loren M. Kohnfelder, Ashok Cholpady Kamath
-
Patent number: 7051366Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). The policy manager may comprise execution modules for parsing a security policy specification, generating a one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.Type: GrantFiled: June 21, 2000Date of Patent: May 23, 2006Assignee: Microsoft CorporationInventors: Brian A LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
-
Patent number: 6981281Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.Type: GrantFiled: June 21, 2000Date of Patent: December 27, 2005Assignee: Microsoft CorporationInventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
-
Publication number: 20040230835Abstract: Described is a mechanism for collectively evaluating security risks associated with loading an application. A hosting environment associated with loading the application invokes a trust manager to evaluate the security risks. The trust manager invokes a plurality of trust evaluators, where each trust evaluator is responsible for analyzing and assessing a different security risk. Upon completion of each security risk evaluation, results of those individual security risk evaluations are returned to the trust manager. The trust manager aggregates the variety of security risk evaluation results and makes a security determination based on the aggregated evaluation results. That determination may be to move forward with loading the application, to block the load of the application, or perhaps to prompt the user for a decision about whether to move forward with the load.Type: ApplicationFiled: May 17, 2003Publication date: November 18, 2004Inventors: Aaron R. Goldfeder, John M. Hawkins, Serge A. Khorun, Viresh N. Ramdatmisier, Joseph Thomas Farro, Gregory Darrell Fee, Jeremiah S. Epling, Andrew G. Bybee, Yingyang Xu, Tony Edward Schreiner, Jamie L. Cool