Patents by Inventor Tal Garfinkel
Tal Garfinkel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10255159Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed.Type: GrantFiled: November 20, 2017Date of Patent: April 9, 2019Assignee: VMware, Inc.Inventors: James E. Chow, Tal Garfinkel, Peter M. Chen
-
Patent number: 10169253Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: GrantFiled: August 21, 2017Date of Patent: January 1, 2019Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
-
Publication number: 20180165176Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed.Type: ApplicationFiled: November 20, 2017Publication date: June 14, 2018Inventors: James E. CHOW, Tal GARFINKEL, Peter M. CHEN
-
Publication number: 20170344496Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: ApplicationFiled: August 21, 2017Publication date: November 30, 2017Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL, Dan BONEH
-
Patent number: 9823992Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed.Type: GrantFiled: September 26, 2008Date of Patent: November 21, 2017Assignee: VMware, Inc.Inventors: James Chow, Tal Garfinkel, Peter M. Chen
-
Patent number: 9740637Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: GrantFiled: October 8, 2013Date of Patent: August 22, 2017Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
-
Publication number: 20170185531Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: ApplicationFiled: October 8, 2013Publication date: June 29, 2017Applicant: VMware, Inc.Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL, Dan BONEH
-
Patent number: 9658878Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.Type: GrantFiled: August 25, 2014Date of Patent: May 23, 2017Assignee: VMware, Inc.Inventors: Daniel R. K. Ports, Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel
-
Patent number: 9063766Abstract: Execution behavior for processes within a virtual machine is recorded for subsequent replay. The execution behavior comprises a detailed, low-level recording of state changes for processes within the virtual machine. The low-level recording is processed via replay to produce a sliced recording that conforms to time, abstraction, and security requirements for a specific replay scenario. Multiple stages of replay may be arbitrarily stacked to generate different crosscut versions of a common low-level recording.Type: GrantFiled: March 16, 2011Date of Patent: June 23, 2015Assignee: VMware, Inc.Inventors: James Eugene Chow, Tal Garfinkel, Dominic Lucchetti
-
Patent number: 9058420Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments and is carried out synchronously with program execution. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed. Synchronous decoupled program analysis is enabled by suspending execution or data outputs of the program until a confirmation is received that the analysis is in sync with the program execution.Type: GrantFiled: September 26, 2008Date of Patent: June 16, 2015Assignee: VMware, Inc.Inventors: Jim Chow, Tal Garfinkel, Peter M. Chen
-
Publication number: 20150100791Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: ApplicationFiled: October 8, 2013Publication date: April 9, 2015Applicant: VMware, Inc.Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL, Dan BONEH
-
Publication number: 20150046924Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.Type: ApplicationFiled: August 25, 2014Publication date: February 12, 2015Inventors: Daniel R.K. PORTS, Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL
-
Patent number: 8819676Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.Type: GrantFiled: October 30, 2008Date of Patent: August 26, 2014Assignee: VMware, Inc.Inventors: Daniel R. K. Ports, Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel
-
Patent number: 8719823Abstract: A component manages and minimizes latency introduced by virtualization. The virtualization component determines that a currently scheduled guest process has executed functionality responsive to which the virtualization component is to execute a virtualization based operation, wherein the virtualization based operation is one that is not visible to the guest operating system. The virtualization component causes the guest operating system to de-schedule the currently scheduled guest process and schedule at least one separate guest process. The virtualization component then executes the virtualization based operation concurrently with the execution of the at least one separate guest process. Responsive to completing the execution of the virtualization based operation, the virtualization component causes the guest operating system to re-schedule the de-scheduled guest process.Type: GrantFiled: March 4, 2009Date of Patent: May 6, 2014Assignee: VMware, Inc.Inventors: Pratap Subrahmanyam, Carl A. Waldspurger, Vyacheslav Malyugin, Tal Garfinkel
-
Patent number: 8719800Abstract: A virtual machine system decouples dynamic program analysis from program execution. Program analysis is decoupled from program execution through the use of a virtual machine to record program execution and an analysis platform to replay and analyze the program execution. Optimization techniques are applied to prevent the analysis platform from falling too far behind the program execution platform during replay.Type: GrantFiled: September 26, 2008Date of Patent: May 6, 2014Assignee: VMware, Inc.Inventors: James Chow, Tal Garfinkel, Peter M. Chen
-
Patent number: 8656222Abstract: The execution behavior of a selected application is recorded for subsequent replay. During recording, only those portions of memory that are accessed by the selected application are stored. As a result, the amount of data that is stored during the recording session is reduced and data that is not necessary for replaying the selected application, which may include possible sensitive and personal information, are not stored.Type: GrantFiled: July 30, 2009Date of Patent: February 18, 2014Assignee: VMware, Inc.Inventors: James Chow, Tal Garfinkel, Dominic Lucchetti
-
Patent number: 8555081Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: GrantFiled: October 30, 2008Date of Patent: October 8, 2013Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
-
Patent number: 8352240Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed. Recording and analysis are carried out on heterogeneous systems so that they can be separately optimized.Type: GrantFiled: September 26, 2008Date of Patent: January 8, 2013Assignee: VMware, Inc.Inventors: James Chow, Tal Garfinkel, Peter M. Chen
-
Publication number: 20120239987Abstract: Execution behavior for processes within a virtual machine is recorded for subsequent replay. The execution behavior comprises a detailed, low-level recording of state changes for processes within the virtual machine. The low-level recording is processed via replay to produce a sliced recording that conforms to time, abstraction, and security requirements for a specific replay scenario. Multiple stages of replay may be arbitrarily stacked to generate different crosscut versions of a common low-level recording.Type: ApplicationFiled: March 16, 2011Publication date: September 20, 2012Applicant: VMWARE, INC.Inventors: James Eugene CHOW, Tal GARFINKEL, Dominic LUCCHETTI
-
Patent number: 8261265Abstract: A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system.Type: GrantFiled: October 30, 2008Date of Patent: September 4, 2012Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Daniel R. K. Ports