Patents by Inventor David B. Probert
David B. Probert has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10650157Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.Type: GrantFiled: April 30, 2017Date of Patent: May 12, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin M. Schultz, Kinshumann, David John Linsley, Charles Glenn Jeffries, Giridhar Viswanathan, Scott Daniel Anderson, Frederick J. Smith, Hari R. Pulapaka, JianMing Zhou, Margarit Simeonov Chenchev, David B. Probert
-
Patent number: 10628238Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: GrantFiled: May 27, 2016Date of Patent: April 21, 2020Assignee: Microsoft Technology Licensing, LLCInventors: James A. Schwartz, Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Publication number: 20180314846Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.Type: ApplicationFiled: April 30, 2017Publication date: November 1, 2018Inventors: Benjamin M. Schultz, KINSHUMANN, David John Linsley, CHARLES GLENN JEFFRIES, Giridhar Viswanathan, Scott Daniel Anderson, Frederick J. Smith, Hari R. Pulapaka, JianMing Zhou, Margarit Simeonov Chenchev, David B. Probert
-
Patent number: 9798595Abstract: Embodiments for performing cooperative user mode scheduling between user mode schedulable (UMS) threads and primary threads are disclosed. In accordance with one embodiment, privileged hardware states are transferred from a kernel portion of a UMS thread to a kernel portion of a primary thread.Type: GrantFiled: December 4, 2015Date of Patent: October 24, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ajith Jayamohan, Arun U. Kishan, David B. Probert, Pedro Teixeira
-
Patent number: 9628279Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.Type: GrantFiled: September 30, 2014Date of Patent: April 18, 2017Assignee: Microsoft Technology Licensing, LLCInventors: David B. Probert, Jeff Engel, Arsalan Ahmad, Arun U. Kishan, Jonathan E. Lange
-
Publication number: 20170031734Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: ApplicationFiled: May 27, 2016Publication date: February 2, 2017Inventors: James A. Schwartz, Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Patent number: 9361150Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).Type: GrantFiled: September 30, 2013Date of Patent: June 7, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin S. Srour, Michael H. Krause, Richard K. Neves, Arun U. Kishan, Hari Pulapaka, David B. Probert, Zinaida A. Pozen
-
Patent number: 9361136Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: GrantFiled: April 22, 2015Date of Patent: June 7, 2016Assignee: Microsoft Technology Licensing, LLCInventors: James A. Schwartz, Jr., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Publication number: 20160092678Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.Type: ApplicationFiled: September 30, 2014Publication date: March 31, 2016Inventors: David B. Probert, Jeff Engel, Arsalan Ahmad, Arun U. Kishan, Jonathan E. Lange
-
Publication number: 20160085601Abstract: Embodiments for performing cooperative user mode scheduling between user mode schedulable (UMS) threads and primary threads are disclosed. In accordance with one embodiment, privileged hardware states are transferred from a kernel portion of a UMS thread to a kernel portion of a primary thread.Type: ApplicationFiled: December 4, 2015Publication date: March 24, 2016Inventors: Ajith Jayamohan, Arun U. Kishan, David B. Probert, Pedro Teixeira
-
Publication number: 20150301835Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: ApplicationFiled: April 22, 2015Publication date: October 22, 2015Inventors: James A. Schwartz, JR., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Patent number: 9063775Abstract: Systems, methods, and apparatus for separately managing foreground work and background work. In some embodiments, an operating system may identify at least one foreground component and at least one background component of a same application or different applications, and may manage the execution of the components differently. For example, the operating system may receive a request that at least one background component of an application be executed in response to at least one event. In response to detecting an occurrence of the at least one event, the operating system may determine whether at least one first condition set by the application is satisfied and whether at least one second condition set by the operating system is satisfied, and may execute the at least one background component when it is determined that the at least one first and second conditions are satisfied following the occurrence of the at least one event.Type: GrantFiled: September 1, 2011Date of Patent: June 23, 2015Assignee: Microsoft Technology Licensing, LLCInventors: James A. Schwartz, Jr., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Patent number: 9032413Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: GrantFiled: September 1, 2011Date of Patent: May 12, 2015Assignee: Microsoft Technology Licensing, LLCInventors: James A. Schwartz, Jr., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Publication number: 20140040917Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).Type: ApplicationFiled: September 30, 2013Publication date: February 6, 2014Applicant: Microsoft CorporationInventors: Benjamin S. Srour, Michael H. Krause, Richard K. Neves, Arun U. Kishan, Hari Pulapaka, David B. Probert, Zinaida A. Pozen
-
Patent number: 8578394Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).Type: GrantFiled: September 9, 2011Date of Patent: November 5, 2013Assignee: Microsoft CorporationInventors: Benjamin Salim Srour, Michael H. Krause, Richard K. Neves, Arun U. Kishan, Hari Pulapaka, David B. Probert, Zinaida A. Pozen
-
Publication number: 20130067494Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).Type: ApplicationFiled: September 9, 2011Publication date: March 14, 2013Applicant: Microsoft CorporationInventors: Benjamin Salim Srour, Michael H. Krause, Richard K. Neves, Arun U. Kishan, Hari Pulapaka, David B. Probert, Zinaida A. Pozen
-
Publication number: 20130061249Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.Type: ApplicationFiled: September 1, 2011Publication date: March 7, 2013Applicant: Microsoft CorporationInventors: James A. Schwartz, JR., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Publication number: 20130061251Abstract: Systems, methods, and apparatus for separately managing foreground work and background work. In some embodiments, an operating system may identify at least one foreground component and at least one background component of a same application or different applications, and may manage the execution of the components differently. For example, the operating system may receive a request that at least one background component of an application be executed in response to at least one event. In response to detecting an occurrence of the at least one event, the operating system may determine whether at least one first condition set by the application is satisfied and whether at least one second condition set by the operating system is satisfied, and may execute the at least one background component when it is determined that the at least one first and second conditions are satisfied following the occurrence of the at least one event.Type: ApplicationFiled: September 1, 2011Publication date: March 7, 2013Applicant: Microsoft CorporationInventors: James A. Schwartz, JR., Arun U. Kishan, Richard K. Neves, David B. Probert, Hari Pulapaka, Alain F. Gefflaut
-
Patent number: 8091088Abstract: The present invention manages resources in a computing device to facilitate the allocation of resources amongst competing clients operating on the device. A hierarchy of budgets is constructed to encode restrictions on the aggregated use of a resource allocated by a resource provider to one or more clients. A resource manager validates and arbitrates requests to allocate resources to the one or more clients by resource providers in accordance with the budgets comprising the hierarchy. The resource manager notifies clients of availability and shortages of resources to promote compliance with the restrictions encoded in the budgets of the hierarchy.Type: GrantFiled: February 22, 2005Date of Patent: January 3, 2012Assignee: Microsoft CorporationInventors: Arun Kishan, David B Probert
-
Patent number: 7784044Abstract: A system and method for automatically updating software components on a running computer system without requiring any interruption of service. A software module is hotpatched by loading a patch into memory and modifying an instruction in the original module to jump to the patch. A coldpatching technique places a coldpatch version of the module on disk for subsequent loading by processes, after hotpatching occurred. The coldpatch has the entry points to its functions at the same relative locations within the module as the hotpatch, which facilitates subsequent hotpatching. A hotpatch and coldpatch are automatically generated by deriving differences between changed and original binary files, and establishing the point to insert the jump. Validation is performed to ensure that the hotpatch is applied to the correct version, and that the coldpatch is replacing the correct version. Version management is also provided to control the number of patches via support rules.Type: GrantFiled: December 2, 2002Date of Patent: August 24, 2010Assignee: Microsoft CorporationInventors: Garret J. Buban, Paul V. Donlan, Adrian Marinescu, Thomas D. McGuire, David B. Probert, Hoi H. Vo, Zheng Wang