Patents by Inventor Ulfar Erlingsson
Ulfar Erlingsson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160085964Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.Type: ApplicationFiled: September 22, 2015Publication date: March 24, 2016Applicant: Google Inc.Inventor: Úlfar ERLINGSSON
-
Patent number: 9246926Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: July 29, 2013Date of Patent: January 26, 2016Assignee: Google Inc.Inventors: Ulfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Publication number: 20150324242Abstract: General-purpose distributed data-parallel computing using a high-level language is disclosed. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. The distributed execution plan is then executed on large compute clusters. Thus, the developer is allowed to write the program using familiar programming constructs in the high level language. Moreover, developers without experience with distributed compute systems are able to take advantage of such systems.Type: ApplicationFiled: July 23, 2015Publication date: November 12, 2015Inventors: Yuan Yu, Dennis Fetterly, Michael Isard, Ulfar Erlingsson, Mihai Budiu
-
Patent number: 9171149Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.Type: GrantFiled: October 24, 2014Date of Patent: October 27, 2015Assignee: Google Inc.Inventor: Úlfar Erlingsson
-
Patent number: 9110706Abstract: General-purpose distributed data-parallel computing using a high-level language is disclosed. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. The distributed execution plan is then executed on large compute clusters. Thus, the developer is allowed to write the program using familiar programming constructs in the high level language. Moreover, developers without experience with distributed compute systems are able to take advantage of such systems.Type: GrantFiled: February 9, 2009Date of Patent: August 18, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Yuan Yu, Dennis Fetterly, Michael Isard, Ulfar Erlingsson, Mihai Budiu
-
Publication number: 20150052592Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: ApplicationFiled: September 26, 2014Publication date: February 19, 2015Applicant: Google Inc.Inventor: Ulfar Erlingsson
-
Publication number: 20150047030Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.Type: ApplicationFiled: October 24, 2014Publication date: February 12, 2015Applicant: Google Inc.Inventor: Úlfar Erlingsson
-
Patent number: 8935675Abstract: A method includes receiving a budget cost for monitoring a plurality of tracepoints that occur as a result of operation of a device. The method further includes organizing a plurality of tracepoints into buckets such that each of the buckets corresponds to a range of expected interarrival times, and all tracepoints in a bucket have an expected interarrival time that is within the range for that bucket. The method further includes assigning a trigger to a first plurality of the bucketed tracepoints to yield a plurality of triggered tracepoints, wherein the triggers are proportionally assigned such that a tracepoint having a low expected interarrival time is less likely to be assigned a trigger than an tracepoint having a associated expected interarrival time such that an expected cost of the triggered tracepoints does not exceed the budget cost. Additionally, the method includes monitoring tracepoint occurrence during a first period of operation.Type: GrantFiled: September 25, 2013Date of Patent: January 13, 2015Assignee: Google Inc.Inventors: Michael Daniel Vrable, Ulfar Erlingsson, Yinqian Zhang
-
Patent number: 8875281Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: GrantFiled: February 3, 2014Date of Patent: October 28, 2014Assignee: Google IncInventor: Ulfar Erlingsson
-
Patent number: 8850574Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for runtime language-independent sandboxing of software. In one aspect, a system implements an extended Software Fault Isolation (SFI) software sandboxing system configured to provide a user-mode program interface for receiving runtime requests for modifying verifiably safe executable machine code. Requests can include dynamic code creation, dynamic code deletion, and atomic modification of machine code instructions. A runtime modification of a verifiably safe executable memory region is made in response to each received runtime request, and code within the modified memory region has a guarantee of safe execution.Type: GrantFiled: February 28, 2011Date of Patent: September 30, 2014Assignee: Google Inc.Inventors: Jason Ansel, Cliff L. Biffle, Ulfar Erlingsson, David C. Sehr
-
Patent number: 8745741Abstract: A system and method is disclosed for providing security in virtual function calling. During a build process a program code is analyzed to identify one or more call sites used to facilitate a call to a subroutine associated with a declared object type. One or more trusted vtable pointers to a respective subroutine is determined, and the program is configured, via the build process, to detect, at an execution time, an initiation of a virtual call at a call site, verify whether a vtable pointer used in connection with the call site is associated with at least one of the trusted vtable pointers, and, if verified, facilitate the virtual call using the call site. If the vtable pointer cannot be verified then the virtual call is aborted.Type: GrantFiled: August 31, 2012Date of Patent: June 3, 2014Assignee: Google Inc.Inventors: Caroline Tice, Geoffrey Roeder Pike, Úlfar Erlingsson, Lawrence Alan Crowl, Cary Allen Coutant, Xinliang David Li, Sriraman Tallam, Kenneth Buchanan
-
Publication number: 20140150122Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: ApplicationFiled: February 3, 2014Publication date: May 29, 2014Applicant: Google Inc.Inventor: Ulfar ERLINGSSON
-
Patent number: 8683578Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: GrantFiled: August 2, 2012Date of Patent: March 25, 2014Assignee: Google Inc.Inventor: Ulfar Erlingsson
-
Patent number: 8677141Abstract: A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.Type: GrantFiled: November 23, 2007Date of Patent: March 18, 2014Assignee: Microsoft CorporationInventors: Ulfar Erlingsson, Yinglian Xie, Ben Livshits, Cedric Fournet
-
Publication number: 20130311782Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark hits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: ApplicationFiled: July 29, 2013Publication date: November 21, 2013Applicant: Google Inc.Inventors: Ulfar ERLINGSSON, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8522034Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: August 19, 2011Date of Patent: August 27, 2013Assignee: Google Inc.Inventors: Úlfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Publication number: 20120311698Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: ApplicationFiled: August 2, 2012Publication date: December 6, 2012Applicant: Google Inc.Inventor: Úlfar ERLINGSSON
-
Patent number: 8261095Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: GrantFiled: May 10, 2002Date of Patent: September 4, 2012Assignee: Google Inc.Inventor: Úlfar Erlingsson
-
Patent number: 8209664Abstract: General-purpose distributed data-parallel computing using high-level computing languages is described. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. A set of extensions to a sequential high-level computing language are provided to support distributed parallel computations and to facilitate generation and optimization of distributed execution plans. The extensions are fully integrated with the programming language, thereby enabling developers to write sequential language programs using known constructs while providing the ability to invoke the extensions to enable better generation and optimization of the execution plan for a distributed computing environment.Type: GrantFiled: March 18, 2009Date of Patent: June 26, 2012Assignee: Microsoft CorporationInventors: Yuan Yu, Ulfar Erlingsson, Michael A Isard, Frank McSherry
-
Patent number: 8185783Abstract: A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt.Type: GrantFiled: November 22, 2007Date of Patent: May 22, 2012Assignee: Microsoft CorporationInventors: Mingtzong Lee, Peter Wieland, Nar Ganapathy, Ulfar Erlingsson, Martin Abadi, John Richardson