Patents by Inventor Alexander Moshchuk
Alexander Moshchuk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9679144Abstract: An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios.Type: GrantFiled: November 15, 2013Date of Patent: June 13, 2017Assignee: Microsoft Technology Licensing, LLCInventors: David Molnar, John Vilk, Eyal Ofek, Alexander Moshchuk, Jiahe Wang, Ran Gal, Lior Shapira, Douglas Christopher Burger, Blair MacIntyre, Benjamin Livshits
-
Patent number: 9531752Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: GrantFiled: April 22, 2015Date of Patent: December 27, 2016Assignee: University of WashingtonInventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin
-
Publication number: 20150326607Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: ApplicationFiled: April 22, 2015Publication date: November 12, 2015Inventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin
-
Patent number: 9106650Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.Type: GrantFiled: November 9, 2011Date of Patent: August 11, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang
-
Patent number: 9043913Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: GrantFiled: June 4, 2012Date of Patent: May 26, 2015Assignee: University of Washington through its Center for CommercializationInventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin
-
Publication number: 20150143459Abstract: An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios.Type: ApplicationFiled: November 15, 2013Publication date: May 21, 2015Applicant: Microsoft CorporationInventors: David Molnar, John Vilk, Eyal Ofek, Alexander Moshchuk, Jiahe Wang, Ran Gal, Lior Shapira, Douglas Christopher Burger, Blair MacIntyre, Benjamin Livshits
-
Patent number: 8990399Abstract: Resource sharing in a multi-principal browser includes managing a resource for a web entity by determining how to divide the resource for sharing among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.Type: GrantFiled: December 21, 2012Date of Patent: March 24, 2015Assignee: Microsoft CorporationInventors: Jiahe Helen Wang, Alexander Moshchuk
-
Patent number: 8893268Abstract: Methods and systems for preventing permission re-delegation among applications are disclosed herein. The method includes accepting a message requesting access to a user-controlled resource from a requester application at a deputy application and reducing a first permissions list of the deputy application to a second permissions list. The second permissions list includes an overlap of permissions between the deputy application and the requester application. Moreover, the method also includes sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource.Type: GrantFiled: November 15, 2011Date of Patent: November 18, 2014Assignee: Microsoft CorporationInventors: Adrienne Porter Felt, Helen Jiahe Wang, Alexander Moshchuk
-
Publication number: 20130205385Abstract: An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.Type: ApplicationFiled: February 8, 2012Publication date: August 8, 2013Applicant: Microsoft CorporationInventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang
-
Publication number: 20130125210Abstract: Methods and systems for preventing permission re-delegation among applications are disclosed herein. The method includes accepting a message requesting access to a user-controlled resource from a requester application at a deputy application and reducing a first permissions list of the deputy application to a second permissions list. The second permissions list includes an overlap of permissions between the deputy application and the requester application. Moreover, the method also includes sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource.Type: ApplicationFiled: November 15, 2011Publication date: May 16, 2013Applicant: Microsoft CorporationInventors: Adrienne Porter Felt, Helen Jiahe Wang, Alexander Moshchuk
-
Publication number: 20130117840Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.Type: ApplicationFiled: November 9, 2011Publication date: May 9, 2013Applicant: MICROSOFT CORPORATIONInventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang
-
Publication number: 20130014259Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: ApplicationFiled: June 4, 2012Publication date: January 10, 2013Applicant: University of Washington through its Center for CommercializationInventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin
-
Patent number: 8341268Abstract: Techniques for providing resource sharing in a multi-principal browser are described. Resource sharing includes managing a resource for web entity by determining how to divide the resource to share among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.Type: GrantFiled: August 28, 2009Date of Patent: December 25, 2012Assignee: Microsoft CorporationInventors: Helen Jiahe Wang, Alexander Moshchuk
-
Patent number: 8266714Abstract: A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.Type: GrantFiled: August 28, 2009Date of Patent: September 11, 2012Assignee: Microsoft CorporationInventors: Jiahe Helen Wang, Alexander Moshchuk
-
Patent number: 8196205Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: GrantFiled: June 26, 2006Date of Patent: June 5, 2012Assignee: University of Washington through its Center for CommercializationInventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin
-
Patent number: 8151263Abstract: Method and systems for real-time cloning of a virtual machine are described. A virtual machine is running and a clone of the virtual machine is created while the virtual machine continues to run. In one embodiment, the creation of the clone further comprises quiesceing the virtual machine, taking a snapshot S1 (excluding main memory) of the state of the virtual machine, and creating a copy S2 of the snapshot S1. The original VM continues execution off the snapshot S1. The cloned VM restores from snapshot S2. In another embodiment, the cloning of the virtual machine further comprises instructing a vmkernel associated with the virtual machine to mark all pages of main memory of the virtual machine as copy-on-write (COW). The unique ID corresponding to the main memory is provided by the vmkernel and an association between the unique ID and the main memory is made upon restoration of the clone.Type: GrantFiled: March 19, 2007Date of Patent: April 3, 2012Assignee: VMware, Inc.Inventors: Ganesh Venkitachalam, Alexander Moshchuk
-
Publication number: 20110055395Abstract: Techniques for providing resource sharing in a multi-principal browser are described. Resource sharing includes managing a resource for web entity by determining how to divide the resource to share among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.Type: ApplicationFiled: August 28, 2009Publication date: March 3, 2011Applicant: Microsoft CorporationInventors: Jiahe Helen Wang, Alexander Moshchuk
-
Publication number: 20110055892Abstract: A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.Type: ApplicationFiled: August 28, 2009Publication date: March 3, 2011Applicant: Microsoft CorporationInventors: Jiahe Helen Wang, Alexander Moshchuk
-
Publication number: 20070174915Abstract: A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.Type: ApplicationFiled: June 26, 2006Publication date: July 26, 2007Applicant: University of WashingtonInventors: Steven Gribble, Henry Levy, Alexander Moshchuk, Tanya Bragin