Abstract: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.

Abstract: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.

Abstract: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.

Abstract: Techniques for implementing an atomic FIFO queue and system for processing queue elements are described herein. According to one embodiment, in a first thread of execution, new data is atomically merged with existing data of an object via an atomic instruction associated with hardware that executes the first thread. An attempt is made to acquire ownership of the object (exclusive access). If successful, the object is enqueued on an atomic FIFO queue as a continuation element for further processing. Otherwise, another thread of execution is safely assumed to have acquired ownership and taken responsibility to enqueue the object. A second thread of execution processes the atomic FIFO queue and assumes ownership of the continuation elements. The second thread invokes a function member of the continuation element with a data member of the continuation element, the data member including the newly merged data. Other methods and apparatuses are also described.

Abstract: Techniques for implementing an atomic FIFO queue and system for processing queue elements are described herein. According to one embodiment, in a first thread of execution, new data is atomically merged with existing data of an object via an atomic instruction associated with hardware that executes the first thread. An attempt is made to acquire ownership of the object (exclusive access). If successful, the object is enqueued on an atomic FIFO queue as a continuation element for further processing. Otherwise, another thread of execution is safely assumed to have acquired ownership and taken responsibility to enqueue the object. A second thread of execution processes the atomic FIFO queue and assumes ownership of the continuation elements. The second thread invokes a function member of the continuation element with a data member of the continuation element, the data member including the newly merged data. Other methods and apparatuses are also described.

Abstract: This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system.

Abstract: Methods and apparatus for operating a secondary sense amplifier according to different timings. Embodiments of the invention generally provide a secondary sense amplifier configured to dynamically adjust its timing according to a need for data in an output buffer. In one embodiment, the secondary sense amplifier is set (causing data to be driven out) by a signal, SSA_SET, the timing of which is adjusted on the basis of a predefined delay and a need for data at the output buffer.

Abstract: Methods and apparatus for operating a secondary sense amplifier according to different timings. Embodiments of the invention generally provide a secondary sense amplifier configured to dynamically adjust its timing according to a need for data in an output buffer. In one embodiment, the secondary sense amplifier is set (causing data to be driven out) by a signal, SSA_SET, the timing of which is adjusted on the basis of a predefined delay and a need for data at the output buffer.

Abstract: A probing router is used at a source site of a virtual private network. In-band probing operations are performed by components within the probing router, using processing resources available from a router engine portion of the probing router. In this way, changes in the network and service level agreement statistic collection processes may be quickly and easily accommodated within the probing router. Furthermore, the probing router communicates the probe message through an in-band communication channel so as to provide a direct measurement of service level data for the channel used for communicating information between the source site and a destination site.

Abstract: A probing router is used at a source site of a virtual private network. In-band probing operations are performed by components within the probing router, using processing resources available from a router engine portion of the probing router. In this way, changes in the network and service level agreement statistic collection processes may be quickly and easily accommodated within the probing router. Furthermore, the probing router communicates the probe message through an in-band communication channel so as to provide a direct measurement of service level data for the channel used for communicating information between the source site and a destination site.