Patents by Inventor Jonathan E. Lange

Jonathan E. Lange has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240168888
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Application
    Filed: January 3, 2024
    Publication date: May 23, 2024
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy BAK, Mehmet IYIGUN, Jonathan E. LANGE
  • Patent number: 11907135
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Grant
    Filed: February 6, 2023
    Date of Patent: February 20, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy Bak, Mehmet Iyigun, Jonathan E. Lange
  • Publication number: 20230185729
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table’s entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Application
    Filed: February 6, 2023
    Publication date: June 15, 2023
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy BAK, Mehmet IYIGUN, Jonathan E. LANGE
  • Patent number: 11573906
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Grant
    Filed: January 25, 2021
    Date of Patent: February 7, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy Bak, Mehmet Iyigun, Jonathan E. Lange
  • Publication number: 20210173931
    Abstract: Preventing the observation of the side effects of mispredicted speculative execution flows using speculation buffering. A microprocessor comprises one or more speculation buffers that are separated from and correspond to one or more conventional buffers. The microprocessor records first effects of one or more speculatively-executed instructions to the one or more speculation buffers, and records second effects of non-speculatively-executed instructions to the one or more conventional buffers. The microprocessor commits the first effects from the one or more speculation buffers to the one or more conventional buffers when the one or more speculatively-executed instructions that generated the first effects are committed, and discards the first effects from the one or more speculation buffers when the one or more speculatively-executed instructions are cancelled.
    Type: Application
    Filed: February 22, 2021
    Publication date: June 10, 2021
    Inventors: Kenneth D. JOHNSON, Jonathan E. LANGE
  • Publication number: 20210149816
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Application
    Filed: January 25, 2021
    Publication date: May 20, 2021
    Inventors: Yevgeniy BAK, Mehmet IYIGUN, Jonathan E. LANGE
  • Patent number: 10963567
    Abstract: Preventing the observation of the side effects of mispredicted speculative execution flows using restricted speculation. In an embodiment a microprocessor comprises a register file including a plurality of entries, each entry comprising a value and a flag. The microprocessor (i) sets the flag corresponding to any entry whose value results from a memory load operation that has not yet been retired or cancelled, or results from a calculation that was derived from a register file entry whose corresponding flag was set, and (ii) clears the flag corresponding to any entry when the operation that generated the entry's value is retired. The microprocessor also comprises a memory unit that is configured to hold any memory load operation that uses an address whose value is calculated based on a register file entry whose flag is set, unless all previous instructions have been retired or cancelled.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: March 30, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Kenneth D. Johnson, Jonathan E. Lange
  • Patent number: 10901911
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: January 26, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy Bak, Mehmet Iyigun, Jonathan E. Lange
  • Publication number: 20200159667
    Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.
    Type: Application
    Filed: November 21, 2018
    Publication date: May 21, 2020
    Inventors: Yevgeniy BAK, Mehmet IYIGUN, Jonathan E. LANGE
  • Patent number: 10439803
    Abstract: A protected machine. The machine includes an enclave. An enclave includes a protected area of an application address space for which access is prevented for any application code not resident in the enclave itself, except that keys can be provided by one or more management enclaves into the enclave. The machine further includes a management enclave coupled to the enclave. The management enclave is configured to provide a key to the enclave. The management enclave is a protected area of an application address space for which access is prevented for any application code not resident in the management enclave itself.
    Type: Grant
    Filed: March 14, 2017
    Date of Patent: October 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Jonathan E. Lange
  • Publication number: 20190251256
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Application
    Filed: December 20, 2018
    Publication date: August 15, 2019
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20190114422
    Abstract: Preventing the observation of the side effects of mispredicted speculative execution flows using restricted speculation. In an embodiment a microprocessor comprises a register file including a plurality of entries, each entry comprising a value and a flag. The microprocessor (i) sets the flag corresponding to any entry whose value results from a memory load operation that has not yet been retired or cancelled, or results from a calculation that was derived from a register file entry whose corresponding flag was set, and (ii) clears the flag corresponding to any entry when the operation that generated the entry's value is retired. The microprocessor also comprises a memory unit that is configured to hold any memory load operation that uses an address whose value is calculated based on a register file entry whose flag is set, unless all previous instructions have been retired or cancelled.
    Type: Application
    Filed: May 25, 2018
    Publication date: April 18, 2019
    Inventors: Kenneth D. JOHNSON, Jonathan E. LANGE
  • Patent number: 10198578
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: February 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20180139044
    Abstract: A protected machine. The machine includes an enclave. An enclave includes a protected area of an application address space for which access is prevented for any application code not resident in the enclave itself, except that keys can be provided by one or more management enclaves into the enclave. The machine further includes a management enclave coupled to the enclave. The management enclave is configured to provide a key to the enclave. The management enclave is a protected area of an application address space for which access is prevented for any application code not resident in the management enclave itself.
    Type: Application
    Filed: March 14, 2017
    Publication date: May 17, 2018
    Inventor: Jonathan E. Lange
  • Publication number: 20180004531
    Abstract: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.
    Type: Application
    Filed: June 30, 2016
    Publication date: January 4, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Kenneth D. Johnson, Jonathan E. Lange, Kinshumann, Matthew Miller, Neeraj Singh
  • Publication number: 20170193226
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Application
    Filed: December 5, 2016
    Publication date: July 6, 2017
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Patent number: 9646154
    Abstract: Return oriented programming (ROP) attack prevention techniques are described. In one or more examples, a method is described of protecting against return oriented programming attacks. The method includes initiating a compute signature hardware instruction of a computing device to compute a signature for a return address and the associated location on the stack the return address is stored and causing storage of the computed signature along with the return address in the stack. The method also includes enforcing that before executing the return instruction using the return address on the stack, initiating a verify signature hardware instruction of the computing device to verify the signature matches the target return address on the stack and responding to successful verification of the signature through execution of the verify signature hardware instruction by the computing device, executing the return instruction to the return address.
    Type: Grant
    Filed: January 20, 2015
    Date of Patent: May 9, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Jonathan E. Lange, Greg M. Zaverucha
  • Patent number: 9628279
    Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: April 18, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David B. Probert, Jeff Engel, Arsalan Ahmad, Arun U. Kishan, Jonathan E. Lange
  • Patent number: 9530000
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Grant
    Filed: June 14, 2013
    Date of Patent: December 27, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20160171211
    Abstract: Return oriented programming (ROP) attack prevention techniques are described. In one or more examples, a method is described of protecting against return oriented programming attacks. The method includes initiating a compute signature hardware instruction of a computing device to compute a signature for a return address and the associated location on the stack the return address is stored and causing storage of the computed signature along with the return address in the stack. The method also includes enforcing that before executing the return instruction using the return address on the stack, initiating a verify signature hardware instruction of the computing device to verify the signature matches the target return address on the stack and responding to successful verification of the signature through execution of the verify signature hardware instruction by the computing device, executing the return instruction to the return address.
    Type: Application
    Filed: January 20, 2015
    Publication date: June 16, 2016
    Inventors: Ling Tony Chen, Jonathan E. Lange, Greg M. Zaverucha