Patents by Inventor Casper H. Dik
Casper H. Dik has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8892878Abstract: In one embodiment, the present invention provides techniques for managing activities of processes using a fine grained privilege model in an operating system environment partitioned into a global zone and one or more non-global zones for isolating processes from processes executing in association with other non-global zones under control of a single operating kernel instance.Type: GrantFiled: January 30, 2004Date of Patent: November 18, 2014Assignee: Oracle America, Inc.Inventors: Andrew G. Tucker, Casper H. Dik
-
Patent number: 8856938Abstract: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.Type: GrantFiled: July 30, 2008Date of Patent: October 7, 2014Assignee: Oracle America, Inc.Inventors: Casper H. Dik, John E. Zolnowsky, Scott A. Rotondo, Joep J Vesseur
-
Patent number: 8108686Abstract: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.Type: GrantFiled: September 18, 2008Date of Patent: January 31, 2012Assignee: Oracle America, Inc.Inventors: Casper H. Dik, Scott A. Rotondo, Joep J. Vesseur, William Young, John E. Zolnowsky
-
Patent number: 7853780Abstract: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.Type: GrantFiled: July 31, 2008Date of Patent: December 14, 2010Assignee: Oracle America, Inc.Inventors: Scott A. Rotondo, Casper H. Dik, Joep J. Vesseur
-
Publication number: 20100070775Abstract: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.Type: ApplicationFiled: September 18, 2008Publication date: March 18, 2010Applicant: SUN MICROSYSTEMS, INC.Inventors: Casper H. Dik, Scott A. Rotondo, Joep J. Vesseur, William Young, John E. Zolnowsky
-
Publication number: 20100031012Abstract: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.Type: ApplicationFiled: July 31, 2008Publication date: February 4, 2010Applicant: Sun Microsystems Inc.Inventors: Scott A. Rotondo, Casper H. Dik, Joep J. Vesseur
-
Publication number: 20100031355Abstract: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.Type: ApplicationFiled: July 30, 2008Publication date: February 4, 2010Applicant: SUN MICROSYSTEMS, INC.Inventors: Casper H. Dik, John E. Zolnowsky, Scott A. Rotondo, Joep J. Vesseur
-
Patent number: 7249260Abstract: One embodiment of the present invention provides a system that implements a pluggable password obscuring mechanism. During operation, the system receives a request to obscure a password to produce an obscured version of the password. If the request specifies a customized technique for obscuring the password, the system loads a dynamic library that performs the customized technique, and then uses the dynamic library to obscure the password. If the request does not specify a customized technique, the system uses a default technique to obscure the password. In this way, the customized technique for obscuring the password can be used without having to modify source code.Type: GrantFiled: June 12, 2003Date of Patent: July 24, 2007Assignee: SUN Microsystems, Inc.Inventors: Darren J. Moffat, Casper H. Dik, Alec Muffett
-
Publication number: 20040226019Abstract: In one embodiment, the present invention provides techniques for managing activities of processes using a fine grained privilege model in an operating system environment partitioned into a global zone and one or more non-global zones for isolating processes from processes executing in association with other non-global zones under control of a single operating kernel instance.Type: ApplicationFiled: January 30, 2004Publication date: November 11, 2004Inventors: Andrew G. Tucker, Casper H. Dik