Patents by Inventor Carl A. Waldspurger

Carl A. Waldspurger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240039960
    Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.
    Type: Application
    Filed: October 9, 2023
    Publication date: February 1, 2024
    Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
  • Patent number: 11818175
    Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: November 14, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shaun Applegate-Swanson, Carl Waldspurger, Balaji Parimi, Naveen Jangalapalli, Maya Neelakandhan, Venkata Adusumilli, Parag Bajaria
  • Patent number: 11631039
    Abstract: System trains machine learning model to determine content data, metadata, and context data for support ticket communications, in response to receiving support ticket communications. Machine learning model receives communication associated with support ticket, and determines content data, metadata, and context data for communication. System converts content data, metadata, and context data for communication into first impulse for first channel and second impulse for second channel. System determines first channel value based on first type of conversion of first impulse and any impulses for first channel that are converted from data that is determined for support ticket event. System determines second channel value based on second type of conversion of second impulse and any impulses for second channel that are converted from data that is determined for support ticket event. System uses first channel value and second channel value to generate priority associated with support ticket, and outputs priority.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: April 18, 2023
    Assignee: SupportLogic, Inc.
    Inventors: Charles Monnett, Carl Waldspurger, Lawrence Spracklen, Krishna Raj Raja
  • Publication number: 20220035543
    Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.
    Type: Application
    Filed: June 25, 2021
    Publication date: February 3, 2022
    Inventor: Carl A. WALDSPURGER
  • Publication number: 20210281610
    Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.
    Type: Application
    Filed: February 25, 2021
    Publication date: September 9, 2021
    Applicant: CloudKnox Security, Inc.
    Inventors: Shaun APPLEGATE-SWANSON, Carl WALDSPURGER, Balaji PARIMI, Naveen JANGALAPALLI, Maya NEELAKANDHAN, Venkata ADUSUMILLI, Parag BAJARIA
  • Patent number: 11048418
    Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: June 29, 2021
    Assignee: VMware, Inc.
    Inventor: Carl A. Waldspurger
  • Patent number: 10977074
    Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
    Type: Grant
    Filed: August 13, 2018
    Date of Patent: April 13, 2021
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
  • Patent number: 10859289
    Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: December 8, 2020
    Assignee: VMware, Inc.
    Inventors: Carl A. Waldspurger, Michael Nelson, Daniel J. Scales, Pratap Subrahmanyam
  • Publication number: 20200258013
    Abstract: System trains machine learning model to determine content data, metadata, and context data for support ticket communications, in response to receiving support ticket communications. Machine learning model receives communication associated with support ticket, and determines content data, metadata, and context data for communication. System converts content data, metadata, and context data for communication into first impulse for first channel and second impulse for second channel. System determines first channel value based on first type of conversion of first impulse and any impulses for first channel that are converted from data that is determined for support ticket event. System determines second channel value based on second type of conversion of second impulse and any impulses for second channel that are converted from data that is determined for support ticket event. System uses first channel value and second channel value to generate priority associated with support ticket, and outputs priority.
    Type: Application
    Filed: February 11, 2020
    Publication date: August 13, 2020
    Inventors: Charles Monnett, Carl Waldspurger, Lawrence Spracklen, Krishna Raj Raja
  • Publication number: 20200104066
    Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.
    Type: Application
    Filed: September 30, 2019
    Publication date: April 2, 2020
    Inventor: Carl A. WALDSPURGER
  • Patent number: 10572282
    Abstract: Techniques for implicit coscheduling of CPUs to improve corun performance of scheduled contexts are described. One technique minimizes skew by implementing corun migrations, and another technique minimizes skew by implementing a corun bonus mechanism. Skew between schedulable contexts may be calculated based on guest progress, where guest progress represents time spent executing guest operating system and guest application code. A non-linear skew catch-up algorithm is described that adjusts the progress of a context when the progress falls far behind its sibling contexts.
    Type: Grant
    Filed: April 21, 2017
    Date of Patent: February 25, 2020
    Assignee: VMware, Inc.
    Inventors: Haoqiang Zheng, Carl A. Waldspurger
  • Patent number: 10474369
    Abstract: In a virtualized computer system, guest memory pages are mapped to disk blocks that contain identical contents and the mapping is used to improve management processes performed on virtual machines, such as live migration and snapshots. These processes are performed with less data being transferred because the mapping data of those guest memory pages that have identical content stored on disk are transmitted instead of the their contents. As a result, live migration and snapshots can be carried out more quickly. The mapping of the guest memory pages to disk blocks can also be used to optimize other tasks, such as page swaps and memory error corrections.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: November 12, 2019
    Assignee: VMware, Inc.
    Inventors: Kiran Tati, Rajesh Venkatasubramanian, Carl A. Waldspurger, Alexander Thomas Garthwaite, Tongping Liu
  • Patent number: 10430094
    Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: October 1, 2019
    Assignee: VMware, Inc.
    Inventor: Carl A. Waldspurger
  • Patent number: 10417048
    Abstract: A thread scheduling mechanism is provided that flexibly enforces performance isolation of multiple threads to alleviate the effect of anti-cooperative execution behavior with respect to a shared resource, for example, hoarding a cache or pipeline, using the hardware capabilities of simultaneous multi-threaded (SMT) or multi-core processors. Given a plurality of threads running on at least two processors in at least one functional processor group, the occurrence of a rescheduling condition indicating anti-cooperative execution behavior is sensed, and, if present, at least one of the threads is rescheduled such that the first and second threads no longer execute in the same functional processor group at the same time.
    Type: Grant
    Filed: May 16, 2012
    Date of Patent: September 17, 2019
    Assignee: VMware, Inc.
    Inventors: John R. Zedlewski, Carl A. Waldspurger
  • Patent number: 10241819
    Abstract: Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: March 26, 2019
    Assignee: VMware, Inc.
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
  • Publication number: 20190004850
    Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
    Type: Application
    Filed: August 13, 2018
    Publication date: January 3, 2019
    Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM
  • Patent number: 10169253
    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: January 1, 2019
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
  • Patent number: 10069753
    Abstract: Contention for a resource in a computer system resource is managed by measuring a resource performance metric and, for each of a selected plurality of clients (for example, virtual machines), a client performance metric. For each of the selected clients, a relationship measure, such as correlation, is determined as a function of the resource performance metric and the respective client performance metric. A degree of resource contention effect is determined for each of the selected clients as a function of the respective relationship measure, and a resource-related action is taken according to the respective relationship measures. Clients may include virtualized components contending for storage. Example metrics include functions of I/O operation counts, latency or throughput measurements, pending I/O request counts, I/O throughput relative to I/O latency, a degree of change of the respective clients' I/O behavior, etc.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: September 4, 2018
    Assignee: Cloud Physics, Inc.
    Inventors: Nohhyun Park, Carl A. Waldspurger
  • Patent number: 10048982
    Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: August 14, 2018
    Assignee: VMware, Inc.
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam
  • Patent number: 10049048
    Abstract: A processor cache is logically partitioned into a main partition, located in the cache itself, and an enclave partition, located within an enclave, that is, a hardware-enforced protected region of an address space of a memory. This extends the secure address space usable by and for an application such as a software cryptoprocessor that is to execute only in secure regions of cache or memory.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: August 14, 2018
    Assignee: Facebook, Inc.
    Inventors: Oded Horovitz, Stephen A. Weis, Sahil Rihan, Carl A. Waldspurger