Patents by Inventor Carl A. Waldspurger
Carl A. Waldspurger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240039960Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: ApplicationFiled: October 9, 2023Publication date: February 1, 2024Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
-
Patent number: 11818175Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: GrantFiled: February 25, 2021Date of Patent: November 14, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shaun Applegate-Swanson, Carl Waldspurger, Balaji Parimi, Naveen Jangalapalli, Maya Neelakandhan, Venkata Adusumilli, Parag Bajaria
-
Patent number: 11631039Abstract: System trains machine learning model to determine content data, metadata, and context data for support ticket communications, in response to receiving support ticket communications. Machine learning model receives communication associated with support ticket, and determines content data, metadata, and context data for communication. System converts content data, metadata, and context data for communication into first impulse for first channel and second impulse for second channel. System determines first channel value based on first type of conversion of first impulse and any impulses for first channel that are converted from data that is determined for support ticket event. System determines second channel value based on second type of conversion of second impulse and any impulses for second channel that are converted from data that is determined for support ticket event. System uses first channel value and second channel value to generate priority associated with support ticket, and outputs priority.Type: GrantFiled: February 11, 2020Date of Patent: April 18, 2023Assignee: SupportLogic, Inc.Inventors: Charles Monnett, Carl Waldspurger, Lawrence Spracklen, Krishna Raj Raja
-
Publication number: 20220035543Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.Type: ApplicationFiled: June 25, 2021Publication date: February 3, 2022Inventor: Carl A. WALDSPURGER
-
Publication number: 20210281610Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.Type: ApplicationFiled: February 25, 2021Publication date: September 9, 2021Applicant: CloudKnox Security, Inc.Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
-
Patent number: 11048418Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.Type: GrantFiled: September 30, 2019Date of Patent: June 29, 2021Assignee: VMware, Inc.Inventor: Carl A. Waldspurger
-
Patent number: 10977074Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.Type: GrantFiled: August 13, 2018Date of Patent: April 13, 2021Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
-
Patent number: 10859289Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.Type: GrantFiled: July 27, 2017Date of Patent: December 8, 2020Assignee: VMware, Inc.Inventors: Carl A. Waldspurger, Michael Nelson, Daniel J. Scales, Pratap Subrahmanyam
-
Publication number: 20200258013Abstract: System trains machine learning model to determine content data, metadata, and context data for support ticket communications, in response to receiving support ticket communications. Machine learning model receives communication associated with support ticket, and determines content data, metadata, and context data for communication. System converts content data, metadata, and context data for communication into first impulse for first channel and second impulse for second channel. System determines first channel value based on first type of conversion of first impulse and any impulses for first channel that are converted from data that is determined for support ticket event. System determines second channel value based on second type of conversion of second impulse and any impulses for second channel that are converted from data that is determined for support ticket event. System uses first channel value and second channel value to generate priority associated with support ticket, and outputs priority.Type: ApplicationFiled: February 11, 2020Publication date: August 13, 2020Inventors: Charles Monnett, Carl Waldspurger, Lawrence Spracklen, Krishna Raj Raja
-
Publication number: 20200104066Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.Type: ApplicationFiled: September 30, 2019Publication date: April 2, 2020Inventor: Carl A. WALDSPURGER
-
Patent number: 10572282Abstract: Techniques for implicit coscheduling of CPUs to improve corun performance of scheduled contexts are described. One technique minimizes skew by implementing corun migrations, and another technique minimizes skew by implementing a corun bonus mechanism. Skew between schedulable contexts may be calculated based on guest progress, where guest progress represents time spent executing guest operating system and guest application code. A non-linear skew catch-up algorithm is described that adjusts the progress of a context when the progress falls far behind its sibling contexts.Type: GrantFiled: April 21, 2017Date of Patent: February 25, 2020Assignee: VMware, Inc.Inventors: Haoqiang Zheng, Carl A. Waldspurger
-
Patent number: 10474369Abstract: In a virtualized computer system, guest memory pages are mapped to disk blocks that contain identical contents and the mapping is used to improve management processes performed on virtual machines, such as live migration and snapshots. These processes are performed with less data being transferred because the mapping data of those guest memory pages that have identical content stored on disk are transmitted instead of the their contents. As a result, live migration and snapshots can be carried out more quickly. The mapping of the guest memory pages to disk blocks can also be used to optimize other tasks, such as page swaps and memory error corrections.Type: GrantFiled: February 6, 2013Date of Patent: November 12, 2019Assignee: VMware, Inc.Inventors: Kiran Tati, Rajesh Venkatasubramanian, Carl A. Waldspurger, Alexander Thomas Garthwaite, Tongping Liu
-
Patent number: 10430094Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.Type: GrantFiled: March 12, 2018Date of Patent: October 1, 2019Assignee: VMware, Inc.Inventor: Carl A. Waldspurger
-
Patent number: 10417048Abstract: A thread scheduling mechanism is provided that flexibly enforces performance isolation of multiple threads to alleviate the effect of anti-cooperative execution behavior with respect to a shared resource, for example, hoarding a cache or pipeline, using the hardware capabilities of simultaneous multi-threaded (SMT) or multi-core processors. Given a plurality of threads running on at least two processors in at least one functional processor group, the occurrence of a rescheduling condition indicating anti-cooperative execution behavior is sensed, and, if present, at least one of the threads is rescheduled such that the first and second threads no longer execute in the same functional processor group at the same time.Type: GrantFiled: May 16, 2012Date of Patent: September 17, 2019Assignee: VMware, Inc.Inventors: John R. Zedlewski, Carl A. Waldspurger
-
Patent number: 10241819Abstract: Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.Type: GrantFiled: February 26, 2016Date of Patent: March 26, 2019Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
-
Publication number: 20190004850Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.Type: ApplicationFiled: August 13, 2018Publication date: January 3, 2019Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM
-
Patent number: 10169253Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: GrantFiled: August 21, 2017Date of Patent: January 1, 2019Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
-
Patent number: 10069753Abstract: Contention for a resource in a computer system resource is managed by measuring a resource performance metric and, for each of a selected plurality of clients (for example, virtual machines), a client performance metric. For each of the selected clients, a relationship measure, such as correlation, is determined as a function of the resource performance metric and the respective client performance metric. A degree of resource contention effect is determined for each of the selected clients as a function of the respective relationship measure, and a resource-related action is taken according to the respective relationship measures. Clients may include virtualized components contending for storage. Example metrics include functions of I/O operation counts, latency or throughput measurements, pending I/O request counts, I/O throughput relative to I/O latency, a degree of change of the respective clients' I/O behavior, etc.Type: GrantFiled: March 17, 2015Date of Patent: September 4, 2018Assignee: Cloud Physics, Inc.Inventors: Nohhyun Park, Carl A. Waldspurger
-
Patent number: 10048982Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.Type: GrantFiled: April 25, 2016Date of Patent: August 14, 2018Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
-
Patent number: 10049048Abstract: A processor cache is logically partitioned into a main partition, located in the cache itself, and an enclave partition, located within an enclave, that is, a hardware-enforced protected region of an address space of a memory. This extends the secure address space usable by and for an application such as a software cryptoprocessor that is to execute only in secure regions of cache or memory.Type: GrantFiled: October 1, 2014Date of Patent: August 14, 2018Assignee: Facebook, Inc.Inventors: Oded Horovitz, Stephen A. Weis, Sahil Rihan, Carl A. Waldspurger