Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

Abstract: The present description discloses a technique for recovering data using a timeline-based computing environment. Data items of the application are periodically saved for recovery such that the saved data items can be used to recover the application at a point in time when the items are saved. As a result, a search through a time-based computing environment is provided to recover the application at different points in time. The application with the saved data items can then be recovered at a designated point in time. Each saved data item can also be indexed with metadata, which are used to conduct a search to generate a list of data items according to a match between the indexed metadata and a user selected variable. Moreover, when the application is a communication client having multiple messages, an index data to indicate whether a message in the communication client is spam is saved. Using this index data, a search that includes or excludes the spam messages can then be conducted.

Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.

Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content.

Abstract: A secure application environment (“SAE”) may be created by using derivation transformations (“DTs”) to create a derived user account (“DUA”) based on the original user account (“OUA”). An SAE may be created by selecting for each resource whose access is controlled by the OUA a DT that provides security for that resource without, whenever possible, reducing the functionality of the system as a whole, and creating a means for accessing a version of each resource based on the selected DT that may be accessed by an insecure actor.

Abstract: Method and system are disclosed for assured denotation of application semantics (“ADAS”). In a computer system operating at least one application, a method is disclosed for providing assured denotation of application semantics associated with the application. A graphical operation is received for the application. The graphical operation includes at least one argument. The argument is intercepted for the graphical operation, and modified for the graphical operation to provide an indication of at least one application semantic associated with the application.

Abstract: An altered states engine executes in computer memory, controlling the execution of at least one software component based upon condition dependent rules. Responses to requests for system resources are modified, and code is executed such that the software components execute desired functionality, as specified by the rules.