Patents by Inventor Michael M. Swift
Michael M. Swift has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9619401Abstract: The translation of virtual guest addresses to host physical addresses in a virtualized computer system provides a compound page table that may simultaneously support nested-paging and shadow-paging for different memory regions. Memory regions with stable address mapping, for example, holding program code, may be treated using shadow-paging while memory regions with dynamic address mapping, for example, variable storage, may be treated using nested-paging thereby obtaining the benefits of both techniques.Type: GrantFiled: February 20, 2015Date of Patent: April 11, 2017Assignee: Wisconsin Alumni Research FoundationInventors: Jayneel Gandhi, Mark D Hill, Michael M Swift
-
Patent number: 9547603Abstract: A memory management unit for I/O devices uses page table entries to translate virtual addresses to physical addresses. The page table entries include removal rules allowing the I/O memory management unit to delete page table entries without CPU involvement significantly reducing the CPU overhead involved in virtualized I/O data transactions.Type: GrantFiled: August 28, 2013Date of Patent: January 17, 2017Assignee: Wisconsin Alumni Research FoundationInventors: Arkaprava Basu, Mark D. Hill, Michael M. Swift
-
Publication number: 20160246730Abstract: The translation of virtual guest addresses to host physical addresses in a virtualized computer system provides a compound page table that may simultaneously support nested-paging and shadow-paging for different memory regions. Memory regions with stable address mapping, for example, holding program code, may be treated using shadow-paging while memory regions with dynamic address mapping, for example, variable storage, may be treated using nested-paging thereby obtaining the benefits of both techniques.Type: ApplicationFiled: February 20, 2015Publication date: August 25, 2016Inventors: Jayneel Gandhi, Mark D. Hill, Michael M. Swift
-
Patent number: 9128739Abstract: A method includes the step of running a set of instances on at least one cloud for a first time interval, each of the instances comprising a bundle of virtualized resources. The method also includes the step of evaluating one or more performance characteristics of each of the instances in the set of instances over the first time interval. The method further includes the step of determining a first subset of the set of instances to maintain for a second time interval and a second subset of the set of instances to terminate for the second time interval responsive to the evaluating step. The steps are performed by at least one processing device comprising a processor coupled to a memory.Type: GrantFiled: December 31, 2012Date of Patent: September 8, 2015Assignee: EMC CorporationInventors: Ari Juels, Kevin D. Bowers, Benjamin Farley, Venkatanathan Varadarajan, Thomas Ristenpart, Michael M. Swift
-
Publication number: 20150067296Abstract: A memory management unit for 110 devices uses page table entries to translate virtual addresses to physical addresses. The page table entries include removal rules allowing the I/O memory management unit to delete page table entries without CPU involvement significantly reducing the CPU overhead involved in virtualized I/O data transactions.Type: ApplicationFiled: August 28, 2013Publication date: March 5, 2015Applicant: Wisconsin Alumni Research FoundationInventors: Arkaprava Basu, Mark D. Hill, Michael M. Swift
-
Patent number: 8510597Abstract: In general, techniques are described for enabling a restartable file system. A computing device comprising a processor that executes an operating system may implement the techniques. The processor executes kernel and file system functions of the operating system to perform an operation, where both types of functions call each other to perform the operation. The operating system stores data identifying those of the kernel functions that called the file system functions. In response to determining that one of the file system functions that was called has failed, the operating system accesses the data to identify one of the kernel functions that most recently called one of the file system functions, and returns control to the identified one of the kernel functions without executing any of the file system functions called after the identified one of the kernel functions and prior to the one of the file system functions that failed.Type: GrantFiled: February 8, 2011Date of Patent: August 13, 2013Assignee: Wisconsin Alumni Research FoundationInventors: Michael M. Swift, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Swaminathan Sundararaman, Sriram Subramanian, Abhishek Rajimwale
-
Publication number: 20120204060Abstract: In general, techniques are described for enabling a restartable file system. A computing device comprising a processor that executes an operating system may implement the techniques. The processor executes kernel and file system functions of the operating system to perform an operation, where both types of functions call each other to perform the operation. The operating system stores data identifying those of the kernel functions that called the file system functions. In response to determining that one of the file system functions that was called has failed, the operating system accesses the data to identify one of the kernel functions that most recently called one of the file system functions, and returns control to the identified one of the kernel functions without executing any of the file system functions called after the identified one of the kernel functions and prior to the one of the file system functions that failed.Type: ApplicationFiled: February 8, 2011Publication date: August 9, 2012Applicant: Wisconsin Alumni Research FoundationInventors: Michael M. Swift, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Swaminathan Sundararaman, Sriram Subramanian, Abhishek Rajimwale
-
Patent number: 8239633Abstract: A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.Type: GrantFiled: July 9, 2008Date of Patent: August 7, 2012Assignee: Wisconsin Alumni Research FoundationInventors: David A. Wood, Mark D. Hill, Michael M. Swift, Michael R. Marty, Luke Yen, Kevin E. Moore, Jayaram Bobba, Haris Volos
-
Patent number: 7716722Abstract: A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.Type: GrantFiled: June 15, 2006Date of Patent: May 11, 2010Assignee: Microsoft CorporationInventors: Michael M. Swift, Neta Amit, Richard B. Ward
-
Publication number: 20090077329Abstract: A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.Type: ApplicationFiled: July 9, 2008Publication date: March 19, 2009Inventors: David A. Wood, Mark D. Hill, Michael M. Swift, Michael R. Marty, Luke Yen, Kevin E. Moore, Jayaram Bobba, Haris Volos
-
Patent number: 7308709Abstract: A methododology is provided for facilitating authentication of a service. The methodology includes making a request to a first party for authentication of a service, the request including a first alias. A list of aliases associated with the service is then searched enabling a second party making the request to access the service if a match is found between the first alias and at least one alias of the list of aliases.Type: GrantFiled: April 27, 2000Date of Patent: December 11, 2007Assignee: Microsoft CorporationInventors: John E. Brezak, Jr., Richard B. Ward, Paul J. Leach, Michael M. Swift
-
Patent number: 7113994Abstract: A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.Type: GrantFiled: January 24, 2000Date of Patent: September 26, 2006Assignee: Microsoft CorporationInventors: Michael M. Swift, Neta Amit, Richard B. Ward
-
Patent number: 6625603Abstract: Providing object type specific access control to an object is described. In one embodiment, a computer system comprises an operating system operative to control an application and a service running on a computer. The service maintains a service object having a link to an access control entry. The access control entry contains an access right to perform an operation on an object type. The system further includes an access control module within the operating system. The access control module includes an access control interface and operates to grant or deny the access right to perform the operation on the object.Type: GrantFiled: September 21, 1998Date of Patent: September 23, 2003Assignee: Microsoft CorporationInventors: Praerit Garg, Michael M. Swift, Clifford P. Van Dyke, Richard B. Ward, Peter T. Brundrett
-
Patent number: 6505300Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.Type: GrantFiled: June 12, 1998Date of Patent: January 7, 2003Assignee: Microsoft CorporationInventors: Shannon Chan, Gregory Jensenworth, Mario C. Goertzel, Bharat Shah, Michael M. Swift, Richard B. Ward
-
Patent number: 6427209Abstract: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.Type: GrantFiled: April 14, 2000Date of Patent: July 30, 2002Assignee: Microsoft CorporationInventors: John E. Brezak, Jr., Richard B. Ward, Michael M. Swift, Paul J. Leach
-
Patent number: 6412070Abstract: A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.Type: GrantFiled: September 21, 1998Date of Patent: June 25, 2002Assignee: Microsoft CorporationInventors: Clifford P. Van Dyke, Peter T. Brundrett, Michael M. Swift, Praerit Garg, Richard B. Ward
-
Patent number: 6401211Abstract: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.Type: GrantFiled: March 15, 2000Date of Patent: June 4, 2002Assignee: Microsoft CorporationInventors: John E. Brezak, Jr., Richard B. Ward, Michael M. Swift, Paul J. Leach
-
Patent number: 6377691Abstract: The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component.Type: GrantFiled: December 9, 1996Date of Patent: April 23, 2002Assignee: Microsoft CorporationInventors: Michael M. Swift, Bharat Shah
-
Publication number: 20020019941Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.Type: ApplicationFiled: June 12, 1998Publication date: February 14, 2002Inventors: SHANNON CHAN, GREGORY JENSENWORTH, MARIO C. GOERTZEL, BHARAT SHAH, MICHAEL M. SWIFT, RICHARD B. WARD
-
Patent number: 6308274Abstract: A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application.Type: GrantFiled: June 12, 1998Date of Patent: October 23, 2001Assignee: Microsoft CorporationInventor: Michael M. Swift