Patents Assigned to Dover Microsystems, Inc.
-
Publication number: 20240045932Abstract: A system including at least one processor programmed to identify, based on a policy to be enforced, one or more metadata symbols corresponding to an entity name; identify, from a target description describing a target system, an entity description matching the entity name, wherein the entity description describes an entity of the target system; and apply a metadata label to the entity of the target system, wherein the metadata label is based on the one or more metadata symbols corresponding to the entity name, as identified based on the policy.Type: ApplicationFiled: July 7, 2023Publication date: February 8, 2024Applicant: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland
-
Patent number: 11875180Abstract: Systems and methods for stalling a host processor. In some embodiments, the host processor may be caused to initiate one or more selected transactions, wherein the one or more selected transactions comprise a bus transaction. The host processor may be prevented from completing the one or more selected transactions, to thereby stall the host processor.Type: GrantFiled: August 3, 2022Date of Patent: January 16, 2024Assignee: Dover Microsystems, Inc.Inventors: Steven Milburn, Gregory T. Sullivan
-
Patent number: 11841956Abstract: Systems and methods for metadata processing. The method comprises acts of associating, in a first system, metadata with application data processed by a host processor, wherein the application data is protected within the first system by one or more first policies using the metadata, and transferring the application data and its associated metadata to a second system in which the application data is unprotected using metadata processing or is protected by one or more second policies different from the one or more first policies.Type: GrantFiled: December 18, 2019Date of Patent: December 12, 2023Assignee: Dover Microsystems, Inc.Inventors: Gregory T. Sullivan, Jonathan B. Rosenberg
-
Patent number: 11797398Abstract: In some embodiments, a system is provided, comprising enforcement hardware configured to execute, at run time, a state machine in parallel with application code. Executing the state machine may include maintaining metadata that corresponds to one or more state variables of the state machine; matching instructions in the application code to transitions in the state machine; and, in response to determining that an instruction in the application code does not match any transition from a current state of the state machine, causing an error handling routine to be executed. In some embodiments, a description of a state machine may be translated into at least one policy to be enforced at run time based on metadata labels associated with application code and/or data manipulated by the application code.Type: GrantFiled: April 30, 2019Date of Patent: October 24, 2023Assignee: Dover Microsystems, Inc.Inventors: Andrew Sutherland, Jonathan B. Rosenberg, Gregory T. Sullivan
-
Patent number: 11748457Abstract: A system including at least one processor programmed to identify, based on a policy to be enforced, one or more metadata symbols corresponding to an entity name; identify, from a target description describing a target system, an entity description matching the entity name, wherein the entity description describes an entity of the target system; and apply a metadata label to the entity of the target system, wherein the metadata label is based on the one or more metadata symbols corresponding to the entity name, as identified based on the policy.Type: GrantFiled: April 1, 2022Date of Patent: September 5, 2023Assignee: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland
-
Publication number: 20230054942Abstract: Systems and methods for stalling a host processor. In some embodiments, the host processor may be caused to initiate one or more selected transactions, wherein the one or more selected transactions comprise a bus transaction. The host processor may be prevented from completing the one or more selected transactions, to thereby stall the host processor.Type: ApplicationFiled: August 3, 2022Publication date: February 23, 2023Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Gregory T. Sullivan
-
Publication number: 20220398312Abstract: Systems and methods for efficient metadata processing, for example, by resolving input patterns into binary representations ahead of time. In some embodiments, a plurality of input patterns may be identified, wherein an input pattern of the plurality of input patterns comprises a metadata label. A plurality of respective values may be selected for a plurality of variables, wherein the plurality of variables comprise a variable corresponding to the metadata label of the input pattern. A binary representation of the metadata label may be obtained based on the respective value of the variable.Type: ApplicationFiled: November 5, 2020Publication date: December 15, 2022Applicant: Dover Microsystems, Inc.Inventors: Andrew Sutherland, Steven Milburn
-
Publication number: 20220374415Abstract: Systems and methods for updating metadata. In some embodiments, in response to detecting an instruction executed by a hardware system, a source location of the instruction may be identified. First metadata associated with the instruction may be used to determine whether the instruction is allowed. In response to determining that the instruction is allowed, the source location of the instruction may be associated with second metadata.Type: ApplicationFiled: October 16, 2020Publication date: November 24, 2022Applicant: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland
-
Publication number: 20220309134Abstract: A system including at least one processor programmed to translate a policy into policy code, wherein: the policy is provided in a policy language; the policy code is in a programming language that is different from the policy language; and the policy includes a statement that maps an entity name to one or more metadata symbols to be associated with an entity in a target system against which the policy is to be enforcedType: ApplicationFiled: April 13, 2022Publication date: September 29, 2022Applicants: Dover Microsystems, Inc., The Charles Stark Draper Laboratory, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland, Christopher J. Casinghino
-
Publication number: 20220300583Abstract: A system including at least one processor programmed to identify, based on a policy to be enforced, one or more metadata symbols corresponding to an entity name; identify, from a target description describing a target system, an entity description matching the entity name, wherein the entity description describes an entity of the target system; and apply a metadata label to the entity of the target system, wherein the metadata label is based on the one or more metadata symbols corresponding to the entity name, as identified based on the policy.Type: ApplicationFiled: April 1, 2022Publication date: September 22, 2022Applicant: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland
-
Publication number: 20220198014Abstract: Systems and methods for violation processing. In some embodiments, in response to detecting a policy violation, tag processing hardware may enter a violation processing mode, and may cause a host processor to begin executing violation processing code. The tag processing hardware may continue checking one or more instructions in an instruction queue. In response to encountering, in the instruction queue, an instruction of the violation processing code, the tag processing hardware may exit the violation processing mode.Type: ApplicationFiled: December 23, 2021Publication date: June 23, 2022Applicant: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn
-
Publication number: 20220129343Abstract: Systems and methods for reducing exception latency. In some embodiments, trace information regarding one or more instructions executed by a processor may be received. The trace information may indicate that the processor is entering an exception handling routine. A type of exception signal being handled by the processor may be determined based on the trace information. The type of exception signal being handled by the processor may then be used to determine whether to deactivate metadata processing. In response to determining that metadata processing is to be deactivated, state information may be updated to indicate that metadata processing is being deactivated.Type: ApplicationFiled: October 21, 2021Publication date: April 28, 2022Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Gregory T. Sullivan
-
Publication number: 20220092173Abstract: Systems and methods for metadata processing. In some embodiments, one or more metadata inputs may be processed to determine whether to allow an instruction. For instance, one or more classification bits may be identified from a metadata input of the one or more metadata inputs, and the metadata input may be processed based on the one or more classification bits.Type: ApplicationFiled: January 15, 2020Publication date: March 24, 2022Applicant: Dover Microsystems, Inc.Inventors: Andrew Sutherland, Steven Milburn, Gregory T. Sullivan, Eli Boling
-
Publication number: 20220050904Abstract: Systems and methods for metadata processing. The method comprises acts of associating, in a first system, metadata with application data processed by a host processor, wherein the application data is protected within the first system by one or more first policies using the metadata, and transferring the application data and its associated metadata to a second system in which the application data is unprotected using metadata processing or is protected by one or more second policies different from the one or more first policies.Type: ApplicationFiled: December 18, 2019Publication date: February 17, 2022Applicant: Dover Microsystems, Inc.Inventors: Gregory T. Sullivan, Jonathan B. Rosenberg
-
Publication number: 20220012329Abstract: Systems and methods for metadata processing. In some embodiments, a target address may be received from a host processor. The target address may be used to access mapping information and decoding information, the mapping information and the decoding information being associated with the target address. The mapping information may be used to map the target address to a metadata address. The metadata address may be used to retrieve metadata, and the decoding information may be used to decode the retrieved metadata.Type: ApplicationFiled: November 11, 2019Publication date: January 13, 2022Applicant: Dover Microsystems, Inc.Inventors: Eli Boling, Steven Milburn, Gregory T. Sullivan, Andrew Sutherland
-
Publication number: 20210406137Abstract: In some embodiments, a system is provided, comprising enforcement hardware configured to execute, at run time, a state machine in parallel with application code. Executing the state machine may include maintaining metadata that corresponds to one or more state variables of the state machine; matching instructions in the application code to transitions in the state machine; and, in response to determining that an instruction in the application code does not match any transition from a current state of the state machine, causing an error handling routine to be executed. In some embodiments, a description of a state machine may be translated into at least one policy to be enforced at run time based on metadata labels associated with application code and/or data manipulated by the application code.Type: ApplicationFiled: April 30, 2019Publication date: December 30, 2021Applicant: Dover Microsystems, Inc.Inventors: Andrew Sutherland, Jonathan B. Rosenberg, Gregory T. Sullivan
-
Publication number: 20210357497Abstract: According to at least one aspect, a hardware system include a host processor, a policy engine, and an interlock is provided. These components can interoperate to enforce security policies. The host processor can execute an instruction and provide instruction information to the policy engine and the result of the executed instruction to the interlock. The policy engine can determine whether the executed instruction is allowable according to one or more security policies using the instruction information. The interlock can buffer the result of the executed instruction until an indication is received from the policy engine that the instruction was allowable. The interlock can then release the result of the executed instruction. The policy engine can be configured to transform instructions received from the host processor or add inserted instructions to the policy evaluation pipeline to increase the flexibility of the policy engine and enable enforcement of the security policies.Type: ApplicationFiled: February 1, 2019Publication date: November 18, 2021Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Eli Boling
-
Publication number: 20210255890Abstract: Systems and methods for stalling a host processor. In some embodiments, the host processor may be caused to initiate one or more selected transactions, wherein the one or more selected transactions comprise a bus transaction. The host processor may be prevented from completing the one or more selected transactions, to thereby stall the host processor.Type: ApplicationFiled: May 5, 2021Publication date: August 19, 2021Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Gregory T. Sullivan
-
Publication number: 20210073375Abstract: According to at least one aspect, a hardware system include a host processor, a policy engine, and an interlock is provided. These components can interoperate to enforce security policies. The host processor can execute an instruction and provide instruction information to the policy engine and the result of the executed instruction to the interlock. The policy engine can determine whether the executed instruction is allowable according to one or more security policies using the instruction information. The interlock can buffer the result of the executed instruction until an indication is received from the policy engine that the instruction was allowable. The interlock can then release the result of the executed instruction. The policy engine can be configured to transform instructions received from the host processor or add inserted instructions to the policy evaluation pipeline to increase the flexibility of the policy engine and enable enforcement of the security policies.Type: ApplicationFiled: February 1, 2019Publication date: March 11, 2021Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Eli Boling
-
Publication number: 20210055954Abstract: Systems and methods for a write interlock configured to perform first processing and second processing, decoupled from the first processing. In some aspects, the first processing comprises receiving, from a processor, a store instruction including a target address, storing, in a data structure, a first entry corresponding to the store instruction, initiating a check of the store instruction against at least one policy, and in response to successful completion of the check, removing the first entry from the data structure. The second processing comprises receiving, from the processor, a write transaction including a target address, determining whether any entry in the data structure relates to the target address of the write transaction, and in response to determining that no entry in the data structure relates to the target address of the write transaction, causing the data to be written to the target address of the write transaction.Type: ApplicationFiled: February 1, 2019Publication date: February 25, 2021Applicant: Dover Microsystems, Inc.Inventors: Steven Milburn, Nirmal Nepal