Patents by Inventor Matthew Papakipos
Matthew Papakipos has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230024083Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application.Type: ApplicationFiled: October 3, 2022Publication date: January 26, 2023Inventors: Evangelos Kokkevis, Matthew Papakipos, David C. Sehr
-
Patent number: 11514156Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application.Type: GrantFiled: October 28, 2015Date of Patent: November 29, 2022Assignee: Google LLCInventors: Evangelos Kokkevis, Matthew Papakipos, David C. Sehr
-
Publication number: 20200257804Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: ApplicationFiled: April 29, 2020Publication date: August 13, 2020Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Patent number: 10685123Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: GrantFiled: July 17, 2017Date of Patent: June 16, 2020Assignee: Google LLCInventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Patent number: 10055604Abstract: One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application.Type: GrantFiled: August 11, 2016Date of Patent: August 21, 2018Assignee: Google LLCInventors: Eric Uhrhane, Matthew Papakipos
-
Patent number: 10026147Abstract: A native code module is executed in a secure runtime environment that prevents the first code module from accessing a graphics rendering interface outside of the secure runtime environment. Rendering commands are generated using the native code module based on a scene representation, and transmitted from the native code module within the secure runtime environment to a trusted code module outside the secure runtime environment. The trusted code module is configured to communicate with the graphics rendering interface to provide graphics acceleration, and a rendered image is rendered using the trusted second code module and graphics hardware based on execution of the rendering commands outside the secure runtime environment.Type: GrantFiled: November 14, 2017Date of Patent: July 17, 2018Assignee: Google LLCInventors: Antoine Labour, Matthew Papakipos
-
Patent number: 10026211Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system writes a set of rendering commands to a command buffer using the native code module and concurrently reads the rendering commands from the command buffer. Finally, the system renders an image for use by the web application by executing the rendering commands using a graphics-processing unit (GPU).Type: GrantFiled: August 11, 2017Date of Patent: July 17, 2018Assignee: GOOGLE LLCInventors: Antoine Labour, Matthew Papakipos
-
Publication number: 20180004959Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: ApplicationFiled: July 17, 2017Publication date: January 4, 2018Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Publication number: 20170345203Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system writes a set of rendering commands to a command buffer using the native code module and concurrently reads the rendering commands from the command buffer. Finally, the system renders an image for use by the web application by executing the rendering commands using a graphics-processing unit (GPU).Type: ApplicationFiled: August 11, 2017Publication date: November 30, 2017Inventors: Antoine LABOUR, Matthew PAPAKIPOS
-
Patent number: 9824418Abstract: A first code module is loaded into a secure runtime environment that prevents the first code module from accessing a graphics-processor unit (GPU). Rendering commands are generated using the code module based on a scene representation, and transmitted from the first code module within the secure runtime environment to a second code module outside the secure runtime environment. The second code module is configured to communicate with the GPU to provide graphics hardware acceleration, and a rendered image is rendered using the second code module and the GPU based on execution of the rendering commands outside the secure runtime environment.Type: GrantFiled: March 15, 2017Date of Patent: November 21, 2017Assignee: Google LLCInventors: Antoine Labour, Matthew Papakipos
-
Patent number: 9767597Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system writes a set of rendering commands to a command buffer using the native code module and concurrently reads the rendering commands from the command buffer. Finally, the system renders an image for use by the web application by executing the rendering commands using a graphics-processing unit (GPU).Type: GrantFiled: August 1, 2014Date of Patent: September 19, 2017Assignee: Google Inc.Inventors: Antoine Labour, Matthew Papakipos
-
Patent number: 9710654Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: GrantFiled: June 3, 2016Date of Patent: July 18, 2017Assignee: Google Inc.Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Patent number: 9619858Abstract: One embodiment provides a system that facilitates the execution of a web application. During operation, the system loads a native code module that includes a scenegraph renderer into a secure runtime environment. Next, the system uses the scenegraph renderer to create a scenegraph from a graphics model associated with the web application and generate a set of rendering commands from the scenegraph. The system then writes the rendering commands to a command buffer and reads the rendering commands from the command buffer. Finally, the system uses the rendering commands to render, for the web application, an image corresponding to the graphics model by executing the rendering commands using a graphics-processing unit (GPU).Type: GrantFiled: August 1, 2014Date of Patent: April 11, 2017Assignee: Google Inc.Inventors: Antoine Labour, Matthew Papakipos
-
Publication number: 20170039382Abstract: One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application.Type: ApplicationFiled: August 11, 2016Publication date: February 9, 2017Inventors: Eric Uhrhane, Matthew Papakipos
-
Patent number: 9536079Abstract: A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.Type: GrantFiled: February 13, 2015Date of Patent: January 3, 2017Assignee: Google Inc.Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee, Gregory Dardyk
-
Patent number: 9508108Abstract: Some embodiments provide a system that renders a user interface (UI) element for a web application. During operation, the system loads the web application in a web browser and obtains a rendering request for the UI element from the web application. Next, the system generates a graphics-processing unit (GPU) command stream corresponding to the UI element based on the rendering request. Finally, the system sends the GPU command stream to a GPU, where the UI element is rendered by the GPU.Type: GrantFiled: November 7, 2008Date of Patent: November 29, 2016Assignee: Google Inc.Inventors: Gregg Tavares, Matthew Papakipos
-
Publication number: 20160283720Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: ApplicationFiled: June 3, 2016Publication date: September 29, 2016Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Patent number: 9424435Abstract: One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application.Type: GrantFiled: July 7, 2014Date of Patent: August 23, 2016Assignee: Google Inc.Inventors: Eric Uhrhane, Matthew Papakipos
-
Patent number: 9361453Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.Type: GrantFiled: August 19, 2014Date of Patent: June 7, 2016Assignee: Google Inc.Inventors: J. Bradley Chen, Matthew T. Harren, Matthew Papakipos, David C. Sehr, Bennet S. Yee
-
Publication number: 20160048677Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application.Type: ApplicationFiled: October 28, 2015Publication date: February 18, 2016Inventors: Evangelos Kokkevis, Matthew Papakipos, David C. Sehr