Patents by Inventor Harshawardhan Vipat
Harshawardhan Vipat has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230199449Abstract: Disclosed herein are systems and methods for implementing virtualized Road-Side Units (vRSUs). Edge computing devices implementing one or more vRSU services may associate vehicles with identifiers that are based at least in part upon the locations of the vehicles. The locations may be established by location services of the edge computing devices, based upon communication received from the vehicles via wireless cellular communication links. The edge computing devices may then process infrastructure information that they receive, for distribution to the vehicles, at the vRSU services. Based upon the processing of infrastructure information at the vRSU services, messages may be generated for transmission to the vehicles (e.g., over the wireless cellular communication links), with the messages carrying information based upon the infrastructure information, such as in the form of safety messages and/or information messages.Type: ApplicationFiled: November 30, 2022Publication date: June 22, 2023Inventors: Navin Chandra Rao Katta, Harshawardhan Vipat, Sean William Mooney, Tithi Bharat Patel
-
Patent number: 10956571Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: GrantFiled: December 24, 2015Date of Patent: March 23, 2021Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Publication number: 20200250343Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: ApplicationFiled: December 27, 2019Publication date: August 6, 2020Applicant: Intel CorporationInventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat
-
Patent number: 10552638Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: GrantFiled: December 24, 2015Date of Patent: February 4, 2020Assignee: Intel CorporationInventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat
-
Patent number: 10248786Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.Type: GrantFiled: December 24, 2015Date of Patent: April 2, 2019Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
-
Patent number: 10073986Abstract: Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed.Type: GrantFiled: February 12, 2016Date of Patent: September 11, 2018Assignee: Intel CorporationInventors: Harshawardhan Vipat, Ravi L. Sahita, Roshni Chatterjee, Madhukar Tallam
-
Patent number: 9747123Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: GrantFiled: September 25, 2015Date of Patent: August 29, 2017Assignee: Intel CorporationInventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20170090963Abstract: Technologies for multi-level virtualization include a computing device having a processor that supports a root virtualization mode and a non-root virtualization mode. A non-root hypervisor determines whether it is executed under control of a root hypervisor, and if so, registers a callback handler and trigger conditions with the root hypervisor. The non-root hypervisor hosts one or more virtual machines. In response to a virtual machine exit, the root hypervisor determines whether a callback handler has been registered for the virtual machine exit reason and, if so, evaluates the trigger conditions associated with the callback handler. If the trigger conditions are satisfied, the root hypervisor invokes the callback handler. The callback handler may update a virtual virtualization support object based on changes made by the root hypervisor to a virtualization support object. The root hypervisor may invoke the callback handler in the non-root virtualization mode. Other embodiments are described and claimed.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Jun Nakajima, Asit K. Mallick, Harshawardhan Vipat, Madhukar Tallam, Manohar R. Castelino
-
Publication number: 20160335429Abstract: Systems, apparatuses and methods may provide for conducting a signature verification of a mandatory access control policy and provisioning the mandatory access control policy into kernel memory if the signature verification is successful. Additionally, the kernel memory may be protected from unauthorized write operations by one or more processes having system level privileges. In one example, the mandatory access control policy is provisioned without a system reboot.Type: ApplicationFiled: December 24, 2015Publication date: November 17, 2016Inventors: Ned M. Smith, Manohar R. Castelino, Harshawardhan Vipat
-
Publication number: 20160335436Abstract: Systems, apparatuses and methods may provide for locating operating system (OS) kernel information and user mode code in physical memory, wherein the kernel information includes kernel code and kernel read only data, and specifying permissions for the kernel information and the user code in an extended page table (EPT). Additionally, systems, apparatuses and methods may provide for switching, in accordance with the permissions, between view instances of the EPT in response to one or more hardware virtualization exceptions.Type: ApplicationFiled: December 24, 2015Publication date: November 17, 2016Inventors: Harshawardhan Vipat, Manohar R. Castelino, Dongsheng Zhang, Kuo-Lang Tseng
-
Patent number: 9495540Abstract: A method and device for monitoring calls to an application program interface (API) function includes monitoring for a memory permission violation of a computing device caused by the API function call. If a memory permission violation occurs, control of the computing device is transferred to a virtual machine monitor to intervene prior to execution of the API function. The virtual machine monitor may perform one or more actions in response to the API function call.Type: GrantFiled: October 27, 2015Date of Patent: November 15, 2016Assignee: Intel CorporationInventors: Harshawardhan Vipat, Ravi L. Sahita
-
Publication number: 20160308903Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.Type: ApplicationFiled: December 24, 2015Publication date: October 20, 2016Applicant: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
-
Patent number: 9454676Abstract: Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.Type: GrantFiled: June 27, 2014Date of Patent: September 27, 2016Assignee: Intel CorporationInventors: Harshawardhan Vipat, Manohar R. Castelino, Ravi L. Sahita, Sergio Rodriguez, Vikas Gupta
-
Publication number: 20160203317Abstract: A method and device for monitoring calls to an application program interface (API) function includes monitoring for a memory permission violation of a computing device caused by the API function call. If a memory permission violation occurs, control of the computing device is transferred to a virtual machine monitor to intervene prior to execution of the API function. The virtual machine monitor may perform one or more actions in response to the API function call.Type: ApplicationFiled: October 27, 2015Publication date: July 14, 2016Inventors: Harshawardhan Vipat, Ravi L. Sahita
-
Publication number: 20160162698Abstract: Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed.Type: ApplicationFiled: February 12, 2016Publication date: June 9, 2016Inventors: Harshawardhan Vipat, Ravi L. Sahita, Roshni Chatterjee, Madhukar Tallam
-
Patent number: 9292679Abstract: Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed.Type: GrantFiled: May 7, 2014Date of Patent: March 22, 2016Assignee: INTEL CORPORATIONInventors: Harshawardhan Vipat, Ravi L. Sahita, Roshni Chatterjee, Madhukar Tallam
-
Publication number: 20150379263Abstract: Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.Type: ApplicationFiled: June 27, 2014Publication date: December 31, 2015Inventors: Harshawardhan Vipat, Manohar R. Castelino, Ravi L. Sahita, Sergio Rodriguez, Vikas Gupta
-
Patent number: 9171146Abstract: A method and device for monitoring calls to an application program interface (API) function includes monitoring for a memory permission violation of a computing device caused by the API function call. If a memory permission violation occurs, control of the computing device is transferred to a virtual machine monitor to intervene prior to execution of the API function. The virtual machine monitor may perform one or more actions in response to the API function call.Type: GrantFiled: December 14, 2011Date of Patent: October 27, 2015Assignee: Intel CorporationInventors: Harshawardhan Vipat, Ravi Sahita
-
Patent number: 9037823Abstract: The present disclosure provides systems and methods for hardware-enforced protection from malicious software. A device may include at least a security validator module and a security initiator module. A call from a process requesting access to information stored in the device may be redirected to the security initiator module, which may cause the device to change from an unsecured view to a secured view. In the secured view the security validator module may determine whether the call came from malicious software. If the call is determined to be valid, then access to the stored information may be permitted. If the call is determined to be invalid (e.g., from malware), the security software may cause the device to return to the unsecured view without allowing the stored information to be accessed, and may take further measures to identify and/or eliminate process code associated with the process that made the invalid call.Type: GrantFiled: September 14, 2012Date of Patent: May 19, 2015Assignee: Intel CorporationInventors: Harshawardhan Vipat, Ravi L. Sahita
-
Publication number: 20140245430Abstract: Embodiments of apparatus, computer-implemented methods, systems, and computer-readable media are described herein for a virtual machine manager, wherein the virtual machine manager is configured to selectively employ different views with different permissions to map guest physical memory of a virtual machine of the apparatus to host physical memory of the apparatus, to regulate access to and protect different portions of an application of the virtual machine that resides in different portions of the physical memory. Other embodiments may be described and/or claimed.Type: ApplicationFiled: May 7, 2014Publication date: August 28, 2014Inventors: Harshawardhan Vipat, Ravi L. Sahita, Roshni Chatterjee, Madhukar Tallam