Abstract: Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.

Abstract: A virtual machine monitor (VMM) is configured to enforce deterministic execution of virtual machines in a multiprocessor machine. The VMM is configured to ensure that any communication by physical processors via shared memory is deterministic. When such VMMs are implemented in a distributed environment of multiprocessor machines coupled via a logical communication link, non-deterministic server applications running on virtual machines using the VMM may be replicated.

Abstract: Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.

Abstract: Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.

Abstract: A Metadata server described herein is configured to generate a metadata table optimized for data durability and recovery. In generating the metadata table, the metadata server associates each possible combination of servers with one of the indices of the table, thereby ensuring that each server participates in recovery in the event of a server failure. In addition, the metadata server may also associate one or more additional servers with each index to provide added data durability. Upon generating the metadata table, the metadata server provides the metadata table to clients or servers. Alternatively, the metadata server may provide rules and parameters to clients to enable those clients to identify servers storing data items. The clients may use these parameters and an index as inputs to the rules to determine the identities of servers storing or designated to store data items corresponding to the index.

Abstract: Techniques for utilizing trusted hardware components for mitigating the effects of equivocation amongst participant computing devices of a distributed system are described herein. For instance, a distributed system employing a byzantine-fault-resilient protocol—that is, a protocol intended to mitigate (e.g., tolerate, detect, isolate, etc.) the effects of byzantine faults—may employ the techniques. To do so, the techniques may utilize a trusted hardware component comprising a non-decreasing counter and a key. This hardware component may be “trusted” in that the respective participant computing device cannot modify or observe the contents of the component in any manner other than according to the prescribed procedures, as described herein. Furthermore, the trusted hardware component may couple to the participant computing device in any suitable manner, such as via a universal serial bus (USB) connection or the like.

Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.

Abstract: A system and method for mitigating memory errors in a computer system. Faulty memory is identified and tested by a memory manager of an operating system. The memory manager may perform diagnostic tests while the operating system is executing on the computer system. Regions of memory that are being used by software components of the computer system may also be tested. The memory manager maintains a stored information about faulty memory regions. Regions are added to the stored information when they are determined to be faulty by a diagnostic test tool. Memory regions are allocated to software components by the memory manager after checking the stored information about faulty memory regions. This ensures a faulty memory region is never allocated to a software component of the computer system.

Abstract: Partitioned artificial intelligence (AI) for networked gaming. An exemplary system splits the AI into a computationally lightweight server-side component and a computationally intensive client-side component to harness the aggregate computational power of numerous gaming clients. Aggregating resources of many, even thousands of client machines enhances game realism in a manner that would be prohibitively expensive on the central server. The system is tolerant of latency between server and clients. Deterministic and stateless client-side components enable rapid handoff, preemptive migration, and replication of the client-side AI to address problems of client failure and game exploitation. The partitioned AI can support tactical gaming navigation, a challenging task to offload because of sensitivity to latency. The tactical navigation AI calculates influence fields partitioned into server-side and client-side components by means of a Taylor-series approximation.

Abstract: Digital maps can be composed of a series of image tiles that are selected based on the context of the map to be presented. Independently hosted tiles can comprise additional details that can be added to the map. A manifest can be created that describes the layers of map details composed of such independently hosted tiles. Externally referable mechanisms can, based on the manifest and map context, select tiles, from among the independently hosted tiles, that correspond to map tiles being displayed to a user. Subsequently, the mechanisms can instruct a browser, as specified in the manifest, to combine the map tiles and the independently hosted tiles to generate a more detailed map. Alternatively, customized mechanisms can generate map detail tiles in real-time, based on an exported map context. Also, controls instantiated by the browser can render three-dimensional images based on the combined map tiles.

Abstract: A system and method for mitigating memory errors in a computer system. Faulty memory is identified and tested by a memory manager of an operating system. The memory manager may perform diagnostic tests while the operating system is executing on the computer system. Regions of memory that are being used by software components of the computer system may also be tested. The memory manager maintains a stored information about faulty memory regions. Regions are added to the stored information when they are determined to be faulty by a diagnostic test tool. Memory regions are allocated to software components by the memory manager after checking the stored information about faulty memory regions. This ensures a faulty memory region is never allocated to a software component of the computer system.

Abstract: A system and method for mitigating memory errors in a computer system. Faulty memory is identified and tested by a memory manager of an operating system. The memory manager may perform diagnostic tests while the operating system is executing on the computer system. Regions of memory that are being used by software components of the computer system may also be tested. The memory manager maintains a stored information about faulty memory regions. Regions are added to the stored information when they are determined to be faulty by a diagnostic test tool. Memory regions are allocated to software components by the memory manager after checking the stored information about faulty memory regions. This ensures a faulty memory region is never allocated to a software component of the computer system.

Abstract: Techniques for implementing mutual-exclusion algorithms that are also fault-resistant are described herein. For instance, this document describes systems that implement fault-resistant, mutual-exclusion algorithms that at least prevent simultaneous access of a shared resource by multiple threads when (i) one of the multiple threads is in its critical section, and (ii) the other thread(s) are waiting in a loop to enter their respective critical sections. In some instances, these algorithms are fault-tolerant to prevent simultaneous access of the shared resource regardless of a state of the multiple threads executing on the system. In some instances, these algorithms may resist (e.g., tolerate entirely) transient memory faults (or “soft errors”).

Abstract: This document describes techniques for allowing a computing device that provides a minimal execution environment to execute legacy applications that rely on rich functionality that the computing device does not natively provide. For instance, a device may initially receive a request to execute an application and may determine whether the application is directly executable. In response to determining that the application is not directly executable, the computing device may determine whether the application specifies another application to provide the functionality. If the application specifies another application to provide this functionality, then the computing device retrieves the specified application and executes the specified application on the client computing device. If the application does not specify such an application, then the computing device may execute a default application for providing the functionality.

Abstract: Techniques for providing fast, non-write-cycle-limited persistent memory within secure containers, while maintaining the security of the secure containers, are described herein. The secure containers may reside within respective computing devices (e.g., desktop computers, laptop computers, etc.) and may include both volatile storage (e.g., Random Access Memory (RAM), etc.) and non-volatile storage (NVRAM, etc.). In addition, the secure containers may couple to auxiliary power supplies that are located externally thereto and that power the secure containers at least temporarily in the event of a power failure. These auxiliary power supplies may be implemented as short-term power sources, such as capacitors, batteries, or any other suitable power supplies.

Abstract: A system and method for mitigating memory errors in a computer system. Faulty memory is identified and tested by a memory manager of an operating system. The memory manager may perform diagnostic tests while the operating system is executing on the computer system. Regions of memory that are being used by software components of the computer system may also be tested. The memory manager maintains a stored information about faulty memory regions. Regions are added to the stored information when they are determined to be faulty by a diagnostic test tool. Memory regions are allocated to software components by the memory manager after checking the stored information about faulty memory regions. This ensures a faulty memory region is never allocated to a software component of the computer system.

Abstract: Digital maps can be composed of a series of image tiles that are selected based on the context of the map to be presented. Independently hosted tiles can comprise additional details that can be added to the map. A manifest can be created that describes the layers of map details composed of such independently hosted tiles. Externally referable mechanisms can, based on the manifest and map context, select tiles, from among the independently hosted tiles, that correspond to map tiles being displayed to a user. Subsequently, the mechanisms can instruct a browser, as specified in the manifest, to combine the map tiles and the independently hosted tiles to generate a more detailed map. Alternatively, customized mechanisms can generate map detail tiles in real-time, based on an exported map context. Also, controls instantiated by the browser can render three-dimensional images based on the combined map tiles.

Abstract: The subject disclosure relates to a method and apparatus for routing data in a network-based computer game via proxy computers. The method and system includes a set of techniques that utilizes the proxy computers to thwart traffic analysis in high-speed games while continuing to satisfy the games' latency requirements. The method and apparatus facilitates thwarting multiple classes of traffic analysis, including inspection of unencrypted header fields, observation of packet size, correlation of packet timing, and collusion among players. A matchmaking system for matching players in a network-based computer game in a manner that resists traffic analysis is also provided.

Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.

Abstract: A system and method for mitigating memory errors in a computer system. Faulty memory is identified and tested by a memory manager of an operating system. The memory manager may perform diagnostic tests while the operating system is executing on the computer system. Regions of memory that are being used by software components of the computer system may also be tested. The memory manager maintains a stored information about faulty memory regions. Regions are added to the stored information when they are determined to be faulty by a diagnostic test tool. Memory regions are allocated to software components by the memory manager after checking the stored information about faulty memory regions. This ensures a faulty memory region is never allocated to a software component of the computer system.