Abstract: A system is provided for reading and writing sectors which may be realized as either a disk device to the local operating system, or as a virtual disk device to a virtual machine. A user's computing environment is stored in the network in the form of a disk image, which may be a virtual disk image, for example. The virtual disk is realized on host computers through host-resident virtual machine monitors such as MICROSOFT VIRTUAL PC®. Portable memory devices, such as flash devices, buffer virtual disk writes and cache reads, greatly reducing the performance degradation associated with remote disk access. The cache is mobile so that it can be travel with the user. The flash device remembers commonly used virtual disk content fingerprints so that the host machine's local disk can be used to satisfy many common disk reads when ubiquitous static content is involved. Standard, frequently used software images might be distributed in advance to host machines.

Abstract: Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.

Abstract: Method and system are disclosed for assured denotation of application semantics (“ADAS”). In a computer system operating at least one application, a method is disclosed for providing assured denotation of application semantics associated with the application. A graphical operation is received for the application. The graphical operation includes at least one argument. The argument is intercepted for the graphical operation, and modified for the graphical operation to provide an indication of at least one application semantic associated with the application.

Abstract: A lifting and shaping system for a bra is disclosed. The system uses lift platforms shaped to fit into the cups of the bra and formed from thin material such as plastic. The lift platforms are attached to the bra toward the center of the bra. Connectors having one end attached to the lift platform and the other end attached to a slide on the shoulder strap adjust the lift of the lift platform when the slide is moved. Flexible shaping members distribute the lift of the lift platforms and maintain the natural shape of the breasts as they are lifted. Smoothing shields ease the movement of the lift platforms and connectors within the cloth confines of the breast cups. The flexible shaping members may also perform some of the functions of a smoothing shield.

Abstract: A system is provided for reading and writing sectors which may be realized as either a disk device to the local operating system, or as a virtual disk device to a virtual machine. A user's computing environment is stored in the network in the form of a disk image, which may be a virtual disk image, for example. The virtual disk is realized on host computers through host-resident virtual machine monitors such as MICROSOFT VIRTUAL PC®. Portable memory devices, such as flash devices, buffer virtual disk writes and cache reads, greatly reducing the performance degradation associated with remote disk access. The cache is mobile so that it can be travel with the user. The flash device remembers commonly used virtual disk content fingerprints so that the host machine's local disk can be used to satisfy many common disk reads when ubiquitous static content is involved. Standard, frequently used software images might be distributed in advance to host machines.

Abstract: Unobservable memory regions, referred to as stealth memory regions, are allocated or otherwise provided to store data whose secrecy is to be protected. The stealth memory is prevented from exposing information about its usage pattern to an attacker or adversary. In particular, the usage patterns may not be deduced via the side-channels.

Abstract: The present description discloses a technique for recovering data using a timeline-based computing environment. Data items of the application are periodically saved for recovery such that the saved data items can be used to recover the application at a point in time when the items are saved. As a result, a search through a time-based computing environment is provided to recover the application at different points in time. The application with the saved data items can then be recovered at a designated point in time. Each saved data item can also be indexed with metadata, which are used to conduct a search to generate a list of data items according to a match between the indexed metadata and a user selected variable. Moreover, when the application is a communication client having multiple messages, an index data to indicate whether a message in the communication client is spam is saved. Using this index data, a search that includes or excludes the spam messages can then be conducted.

Abstract: Software memory access control is provided by associating instruction areas with memory areas such that instruction areas are not permitted to access memory areas with which they are not associated. Checks may be inserted in the instruction areas to ensure that data provided by a memory group is provided by an associated memory area. Additionally, control flow integrity for the instruction areas may be provided by embedding identifying bit patterns within computed control flow instructions contained in the instruction groups. In this way, control flow of the instruction areas may be provided, thus preventing diversion of control flow and minimizing required checks.

Abstract: A verifier performs static checks of machine code to ensure that the code will execute safely. After verification is performed, the code is executed. The code modules generated by the rewriter and verified by the verifier prevent runtime code modifications so that properties established by the verifier cannot be invalidated during execution. Guards ensure that control flows only as expected. Stack data that must be shared within a code module, and which may therefore be corrupted during execution, is placed on a separate data stack. Other stack data remains on the regular execution stack, called the control stack. Multiple memory accesses can be checked by a single memory-range guard, optimized for fast access to the most-frequently used memory.

Abstract: Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.

Abstract: Hash tables comprising load factors of up to and above 97% are disclosed. The hash tables may be associated with three or more hash functions, each hash function being applied to a key to identify a location in a hash table. The load factor of a hash table may be increased, obviating any need to increase the size of the hash table to accommodate more insertions. Such increase in load factor may be accomplished by a combination of increasing the number of cells per bucket in a hash table and increasing the number of hash functions associated with the hash table.

Abstract: An improved entity naming scheme employs the use of two sets of names: local names and global names. The local and global naming scheme may be applied to entities that are assigned to a number of different global compartments. Local entities are entities that are assigned to the same compartment, while non-local entities are entities that are assigned to different compartments. Each entity is assigned a local name that is unique among all local entities. Additionally, a number of global entities are identified. Global entities are entities that are referenced by one or more non-local entities. Each global entity is assigned a global name that is unique among all global entities.

Abstract: A secure application environment (“SAE”) may be created by using derivation transformations (“DTs”) to create a derived user account (“DUA”) based on the original user account (“OUA”). An SAE may be created by selecting for each resource whose access is controlled by the OUA a DT that provides security for that resource without, whenever possible, reducing the functionality of the system as a whole, and creating a means for accessing a version of each resource based on the selected DT that may be accessed by an insecure actor.

Abstract: A system is provided for reading and writing sectors which may be realized as either a disk device to the local operating system, or as a virtual disk device to a virtual machine. A user's computing environment is stored in the network in the form of a disk image, which may be a virtual disk image, for example. The virtual disk is realized on host computers through host-resident virtual machine monitors such as MICROSOFT VIRTUAL PC®. Portable memory devices, such as flash devices, buffer virtual disk writes and cache reads, greatly reducing the performance degradation associated with remote disk access. The cache is mobile so that it can be travel with the user. The flash device remembers commonly used virtual disk content fingerprints so that the host machine's local disk can be used to satisfy many common disk reads when ubiquitous static content is involved. Standard, frequently used software images might be distributed in advance to host machines.

Abstract: Software memory access control is provided by associating instruction areas with memory areas such that instruction areas are not permitted to access memory areas with which they are not associated. Checks may be inserted in the instruction areas to ensure that data provided by a memory group is provided by an associated memory area. Additionally, control flow integrity for the instruction areas may be provided by embedding identifying bit patterns within computed control flow instructions contained in the instruction groups. In this way, control flow of the instruction areas may be provided, thus preventing diversion of control flow and minimizing required checks.

Abstract: Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.

Abstract: A lifting and shaping system for a bra is disclosed. The system uses lift platforms shaped to fit into the cups of the bra and formed from thin material such as plastic. The lift platforms are attached to the bra toward the center of the bra. Connectors having one end attached to the lift platform and the other end attached to a slide on the shoulder strap adjust the lift of the lift platform when the slide is moved. Flexible shaping members distribute the lift of the lift platforms and maintain the natural shape of the breasts as they are lifted. Smoothing shields ease the movement of the lift platforms and connectors within the cloth confines of the breast cups. The flexible shaping members may also perform some of the functions of a smoothing shield.

Abstract: A system is provided for reading and writing sectors which may be realized as either a disk device to the local operating system, or as a virtual disk device to a virtual machine. A user's computing environment is stored in the network in the form of a disk image, which may be a virtual disk image, for example. The virtual disk is realized on host computers through host-resident virtual machine monitors such as MICROSOFT VIRTUAL PC®. Portable memory devices, such as flash devices, buffer virtual disk writes and cache reads, greatly reducing the performance degradation associated with remote disk access. The cache is mobile so that it can be travel with the user. The flash device remembers commonly used virtual disk content fingerprints so that the host machine's local disk can be used to satisfy many common disk reads when ubiquitous static content is involved. Standard, frequently used software images might be distributed in advance to host machines.

Abstract: Systems and methods for trustworthy enforcement of privacy enhancing technologies within a data processing system enable data processing systems to communicate a believable statement that privacy is being protected in a trustworthy fashion. The invention includes providing for trustworthy enforcement of privacy enhancing technologies by establishing a standardized scheme for a privacy certification and routine inspection of data processing systems implementing privacy enhancing technologies. The regime of certification and inspection may be coupled with other technologies such as cryptography, tamper-evident computing, and runtime security enforcement.

Abstract: Extensions or other software applications can have direct access to hardware from within a virtual machine environment. The physical addresses of hardware can be mapped into the process space of the virtual machine environment. Similarly, I/O ports can be allowed to pass through into the virtual environment. The virtual machine can detect an upcoming Direct Memory Access (DMA), and can provide the correct addresses for the DMA, while the necessary memory can be pinned. If the virtual machine is executing when a hardware interrupt arrives, it can emulate the interrupt line inside its process. Conversely, if the host operating system is executing, it can disable interrupts and track temporary interrupts, and subsequently transfer control to the virtual machine process, emulate the temporary interrupts and reenable interrupts. Alternatively, the host operating system can immediately transfer control, or it can execute the interrupt servicing routines in its own process.