Patents by Inventor Eric R. Northup
Eric R. Northup has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9576129Abstract: Among other disclosed subject matter, a computer-implemented method includes changing access permission level associated with a descriptor table responsive to request to update the descriptor table. In some implementation, before receiving the request to update, the descriptor table is maintained in a read-only state; and changing the access permission level comprises: allowing write access to the descriptor table responsive to determining that the update request is authorized.Type: GrantFiled: August 28, 2015Date of Patent: February 21, 2017Assignee: Google Inc.Inventor: Eric R. Northup
-
Patent number: 9448830Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service bridges. In one aspect, a method includes a host operating system performs operations comprising: receiving, using one or more service bridges that execute in the host operating system, a plurality of requests from the one or more virtual machines, wherein each service bridge is associated with a different virtual machine of the one or more virtual machines, and wherein each request is a request to interface with one or more external services; modifying, using a respective service bridge, each request to be processed by the one or more external services; and providing each modified request from the respective service bridge to the one or more external services, where the respective service bridge communicates with the one or more external services over a network.Type: GrantFiled: March 14, 2013Date of Patent: September 20, 2016Assignee: Google Inc.Inventors: Evan K. Anderson, Alexander Mohr, Joseph S. Beda, III, Michael H. Waychison, Cory T. Maccarrone, Eric R. Northup, Sanjeet Singh Mehat
-
Patent number: 9251341Abstract: Among other disclosed subject matter, a computer-implemented method includes executing a plurality of virtual machines on a physical machine, wherein a first virtual machine of the plurality of virtual machines executes an encryption process. Execution of a hostile process that is configured to compromise the encryption process is detected, wherein the hostile process executes in a second virtual machine of the plurality of virtual machines. Migrating at least the second virtual machine to a different second physical machine based on the detection of the execution of the hostile process.Type: GrantFiled: July 15, 2014Date of Patent: February 2, 2016Assignee: Google Inc.Inventor: Eric R. Northup
-
Publication number: 20150371041Abstract: Among other disclosed subject matter, a computer-implemented method includes changing access permission level associated with a descriptor table responsive to request to update the descriptor table. In some implementation, before receiving the request to update, the descriptor table is maintained in a read-only state; and changing the access permission level comprises: allowing write access to the descriptor table responsive to determining that the update request is authorized.Type: ApplicationFiled: August 28, 2015Publication date: December 24, 2015Applicant: Google Inc.Inventor: Eric R. Northup
-
Patent number: 9195827Abstract: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.Type: GrantFiled: August 29, 2014Date of Patent: November 24, 2015Assignee: Google Inc.Inventor: Eric R. Northup
-
Patent number: 9015838Abstract: Among other disclosed subject matter, a computer-implemented method includes executing a virtual machine on a physical machine, wherein the virtual machine comprises a hardware virtualization of a data processing apparatus. Access to a clock is monitored, wherein the clock is associated with the physical machine. A determination is made that the virtual machine is executing a malicious process based on the count. Access to the clock is limited by the virtual machine based on the determination that the virtual machine is executing a malicious process.Type: GrantFiled: May 30, 2012Date of Patent: April 21, 2015Assignee: Google Inc.Inventor: Eric R. Northup
-
Publication number: 20140373154Abstract: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.Type: ApplicationFiled: August 29, 2014Publication date: December 18, 2014Inventor: Eric R. Northup
-
Publication number: 20140282510Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service bridges. In one aspect, a method includes a host operating system performs operations comprising: receiving, using one or more service bridges that execute in the host operating system, a plurality of requests from the one or more virtual machines, wherein each service bridge is associated with a different virtual machine of the one or more virtual machines, and wherein each request is a request to interface with one or more external services; modifying, using a respective service bridge, each request to be processed by the one or more external services; and providing each modified request from the respective service bridge to the one or more external services, where the respective service bridge communicates with the one or more external services over a network.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Inventors: Evan K. Anderson, Alexander Mohr, Joseph S. Beda, III, Michael H. Waychison, Cory T. Maccarrone, Eric R. Northup, Sanjeet Singh Mehat
-
Patent number: 8826440Abstract: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.Type: GrantFiled: October 19, 2011Date of Patent: September 2, 2014Assignee: Google Inc.Inventor: Eric R. Northup
-
Patent number: 8813240Abstract: Among other disclosed subject matter, a computer-implemented method includes executing a plurality of virtual machines on a physical machine, wherein a first virtual machine of the plurality of virtual machines executes an encryption process. Execution of a hostile process that is configured to compromise the encryption process is detected, wherein the hostile process executes in a second virtual machine of the plurality of virtual machines. Migrating at least the second virtual machine to a different second physical machine based on the detection of the execution of the hostile process.Type: GrantFiled: May 30, 2012Date of Patent: August 19, 2014Assignee: Google Inc.Inventor: Eric R. Northup
-
Publication number: 20130104234Abstract: Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.Type: ApplicationFiled: October 19, 2011Publication date: April 25, 2013Applicant: GOOGLE INC.Inventor: Eric R. Northup