Patents by Inventor André DeHon
André DeHon has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200089500Abstract: A method of and system for performing metadata tag compression in security policy enforcement system may comprise conveying a set of data elements, each with an associated metadata tag, from a first processor subsystem to a second processor subsystem. The first processor subsystem may be configured to process conventional tasks, the second processor configured to apply one or more policy decisions to the data element. The conveying may further comprise sending the set of data elements along with an index element that identifies one or more metadata tags, and sending one or more of the metadata tags identified by the index element.Type: ApplicationFiled: November 14, 2019Publication date: March 19, 2020Inventor: Andre' DeHon
-
Patent number: 10545760Abstract: A method of enforcing a set of security policies may comprise executing, by a first processor, a first set of processor instructions directed to conventional tasks, and executing, by a second processor, a second set of processor instructions directed to manipulating metadata. The executing by the second processor may comprise (i) evaluating a current instruction being executed by the first processor, along with a metadata tag associated with the current instruction, (ii) identifying a rule in a rule cache that is applicable to the current instruction and the associated metadata tag, and (iii) applying a policy decision to the current instruction according to the rule.Type: GrantFiled: June 7, 2018Date of Patent: January 28, 2020Assignee: The Charles Stark Draper Laboratory, Inc.Inventor: Andre' DeHon
-
Patent number: 10521230Abstract: A method of and system for performing metadata tag compression in security policy enforcement system may comprise conveying a set of data elements, each with an associated metadata tag, from a first processor subsystem to a second processor subsystem. The first processor subsystem may be configured to process conventional tasks, the second processor configured to apply one or more policy decisions to the data element. The conveying may further comprise sending the set of data elements along with an index element that identifies one or more metadata tags, and sending one or more of the metadata tags identified by the index element.Type: GrantFiled: June 7, 2018Date of Patent: December 31, 2019Assignee: The Charles Stark Draper Laboratory, Inc.Inventor: Andre′ DeHon
-
Publication number: 20190384604Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: December 12, 2016Publication date: December 19, 2019Applicants: THE CHARLES STARK DRAPER LABORATORY, INC., The Trustees of the University of Pennsylvania, THE NATIONAL INSTITUTE FOR RESEARCH IN DATA PROCESSING AND AUTOMATION, The Trustees of the University of PennsylvaniaInventors: André Dehon, Catalin Hritcu, Udit Dhawan
-
Publication number: 20190243655Abstract: A system and method of processing instructions may comprise an application processing domain (APD) and a metadata processing domain (MTD). The APD may comprise an application processor executing instructions and providing related information to the MTD. The MTD may comprise a tag processing unit (TPU) having a cache of policy-based rules enforced by the MTD. The TPU may determine, based on policies being enforced and metadata tags and operands associated with the instructions, that the instructions are allowed to execute (i.e., are valid). The TPU may write, if the instructions are valid, the metadata tags to a queue. The queue may (i) receive operation output information from the application processing domain, (ii) receive, from the TPU, the metadata tags, (iii) output, responsive to receiving the metadata tags, resulting information indicative of the operation output information and the metadata tags; and (iv) permit the resulting information to be written to memory.Type: ApplicationFiled: February 1, 2019Publication date: August 8, 2019Inventors: Steve E. Milburn, Eli Boling, Andre' DeHon, Andrew B. Sutherland, Gregory T. Sullivan
-
Publication number: 20190213322Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, satiety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: December 12, 2016Publication date: July 11, 2019Inventors: André Dehon, Eli Boling
-
Publication number: 20190171457Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: January 24, 2019Publication date: June 6, 2019Inventors: Andre' DeHon, Eli Boling
-
Patent number: 10261794Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: GrantFiled: September 5, 2017Date of Patent: April 16, 2019Assignee: The Charles Stark Draper Laboratory, Inc.Inventor: Andre′ DeHon
-
Patent number: 10235176Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: GrantFiled: May 31, 2016Date of Patent: March 19, 2019Assignees: The Charles Stark Draper Laboratory, Inc., The National Institute for Research in Data Processing and AutomationInventors: Andre′ DeHon, Eli Boling, Catalin Hritcu
-
Publication number: 20190034665Abstract: A system and method for metadata processing that can be used to encode an arbitrary number of security policies for code running on a stored-program processor. This disclosure adds metadata to every word in the system and adds a metadata processing unit that works in parallel with data flow to enforce an arbitrary set of policies, such that metadata is unbounded and software programmable to be applicable to a wide range of metadata processing policies. This instant disclosure is applicable to a wide range of uses including safety, security, and synchronization.Type: ApplicationFiled: September 18, 2018Publication date: January 31, 2019Inventors: Silviu S. Chiricescu, Andre DeHon, Udit Dhawan
-
Publication number: 20180341490Abstract: A method of and system for performing metadata tag compression in security policy enforcement system may comprise conveying a set of data elements, each with an associated metadata tag, from a first processor subsystem to a second processor subsystem. The first processor subsystem may be configured to process conventional tasks, the second processor configured to apply one or more policy decisions to the data element. The conveying may further comprise sending the set of data elements along with an index element that identifies one or more metadata tags, and sending one or more of the metadata tags identified by the index element.Type: ApplicationFiled: June 7, 2018Publication date: November 29, 2018Inventors: Andre' DeHon, Eli Boling
-
Publication number: 20180336033Abstract: A method of enforcing a set of security policies may comprise executing, by a first processor, a first set of processor instructions directed to conventional tasks, and executing, by a second processor, a second set of processor instructions directed to manipulating metadata. The executing by the second processor may comprise (i) evaluating a current instruction being executed by the first processor, along with a metadata tag associated with the current instruction, (ii) identifying a rule in a rule cache that is applicable to the current instruction and the associated metadata tag, and (iii) applying a policy decision to the current instruction according to the rule.Type: ApplicationFiled: June 7, 2018Publication date: November 22, 2018Inventors: Andre' DeHon, Eli Boling
-
Publication number: 20180336032Abstract: In an embodiment, a method includes, in a hardware processor, determining, for a processor instruction, a rule for matching a predicted memory tag. The method further includes determining a predicted memory tag based on applying the rule for matching the predicted memory tag. The method further includes determining an R tag based on applying the rule. The method further includes obtaining an actual memory tag from memory based on an operand of the processor instruction. The method further includes determining whether the predicted memory tag and the actual memory tag match. The method further includes, if the predicted memory tag and actual memory tag match, using the R tag as the R tag output.Type: ApplicationFiled: June 7, 2018Publication date: November 22, 2018Inventors: Andre' DeHon, Eli Boling
-
Publication number: 20180336031Abstract: A method includes receiving, for metadata processing, a current instruction with a associated metadata tags. The metadata processing is performed in a metadata processing domain isolated from a code execution domain including the current instruction. Each respective associated metadata tag representing a respective policy of the composite policy. The associated metadata tags further including pointers to tags of a component policy of the composite policy. For each respective metadata tag, the method includes determining, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction. The rule cache including rules on metadata used by said metadata processing to define allowed instructions. The determination of whether a rule exists resulting in a respective output.Type: ApplicationFiled: June 7, 2018Publication date: November 22, 2018Inventors: Andre' DeHon, Eli Boling
-
Patent number: 10078763Abstract: A system and method for metadata processing that can be used to encode an arbitrary number of security policies for code running on a stored-program processor. This disclosure adds metadata to every word in the system and adds a metadata processing unit that works in parallel with data flow to enforce an arbitrary set of policies, such that metadata is unbounded and software programmable to be applicable to a wide range of metadata processing policies. This instant disclosure is applicable to a wide range of uses including safety, security, and synchronization.Type: GrantFiled: November 19, 2015Date of Patent: September 18, 2018Assignees: BAE Systems Information and Electronic Systems Integration Incc, The Trustees of the University of PennsylvaniaInventors: Silviu Chiricescu, Andre DeHon, Udit Dhawan
-
Publication number: 20180011708Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: September 5, 2017Publication date: January 11, 2018Inventor: Andre' DeHon
-
Publication number: 20170293563Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: June 16, 2017Publication date: October 12, 2017Inventors: Andre' DeHon, Udit Dhawan
-
Patent number: 9785440Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: GrantFiled: February 7, 2017Date of Patent: October 10, 2017Assignee: The Charles Stark Draper Laboratory, Inc.Inventor: Andre' DeHon
-
Publication number: 20170177368Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: May 31, 2016Publication date: June 22, 2017Inventors: Andre' DeHon, Eli Boling, Catalin Hritcu
-
Publication number: 20170177367Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: ApplicationFiled: February 7, 2017Publication date: June 22, 2017Inventor: Andre' DeHon