Patents by Inventor Martin Abadi

Martin Abadi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190171929
    Abstract: Systems, methods, devices, and other techniques are described herein for training and using neural networks to encode inputs and to process encoded inputs, e.g., to reconstruct inputs from the encoded inputs. A neural network system can include an encoder neural network, a trusted decoder neural network, and an adversary decoder neural network. The encoder neural network processes a primary neural network input and a key input to generate an encoded representation of the primary neural network input. The trusted decoder neural network processes the encoded representation and the key input to generate a first estimated reconstruction of the primary neural network input. The adversary decoder neural network processes the encoded representation without the key input to generate a second estimated reconstruction of the primary neural network input. The encoder and trusted decoder neural networks can be trained jointly, and these networks trained adversarially to the adversary decoder neural network.
    Type: Application
    Filed: August 3, 2017
    Publication date: June 6, 2019
    Applicant: Google LLC
    Inventors: Martin Abadi, David Godbe Andersen
  • Patent number: 10044718
    Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: August 7, 2018
    Assignee: Google LLC
    Inventors: Michael Burrows, Martin Abadi, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
  • Publication number: 20160352744
    Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.
    Type: Application
    Filed: August 12, 2015
    Publication date: December 1, 2016
    Inventors: Michael Burrows, Martin Abadi, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
  • Patent number: 9319469
    Abstract: A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.
    Type: Grant
    Filed: December 19, 2011
    Date of Patent: April 19, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Matthew James Ruhlen, Kenneth John Yuhas, Jr., Mark T. Fields, Martin Abadi
  • Patent number: 8997220
    Abstract: Search result poisoning attacks may be automatically detected by identifying groups of suspicious uniform resource locators (URLs) containing multiple keywords and exhibiting patterns that deviate from other URLs in the same domain without crawling and evaluating the actual contents of each web page. Suspicious websites are identified and lexical features are extracted for each such website. The websites are clustered based on their lexical features, and group analysis is performed on each group to identify at least one suspicious group. Other implementations are directed to detecting a search engine optimization (SEO) attack by processing a large population of URLs to identify suspicious URLs based on the presence of a subset of keywords in each URL and the relative newness of each URL.
    Type: Grant
    Filed: May 26, 2011
    Date of Patent: March 31, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Fang Yu, Yinglian Xie, Martin Abadi, John P. John, Arvind Krishnamurthy
  • Patent number: 8745738
    Abstract: Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph.
    Type: Grant
    Filed: January 15, 2012
    Date of Patent: June 3, 2014
    Assignee: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot C. Gillum, Krishna Vitaldevara, Jason D. Walter
  • Patent number: 8615605
    Abstract: A system to automatically classify types of IP addresses associated with a user. Information, such as user names, machine information, IP address, etc., may be obtained from logs. For each user or host in the logs, home IP addresses are identified from IP addresses where the user or host shows a predetermined level of activity. Travel IP addresses are identified, which are IP addresses at locations greater than a predetermined distance from the home IP addresses, as determined from geolocation data. A pattern analysis may be performed to determine which of the home IP addresses are work IP addresses associated with the user or host. The system may thus provide a classification of a user's or host's associated IP addresses as being one of travel, home, and work IP addresses. From this classification, mobility patterns may be derived, as well as applications to enhance security, advertising, search and network management.
    Type: Grant
    Filed: October 22, 2010
    Date of Patent: December 24, 2013
    Assignee: Microsoft Corporation
    Inventors: Fang Yu, Yinglian Xie, Martin Abadi, Stefan Roberts Savage, Geoffrey Michael Voelker, Andreas Pitsillidis
  • Patent number: 8505065
    Abstract: A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
    Type: Grant
    Filed: June 20, 2007
    Date of Patent: August 6, 2013
    Assignee: Microsoft Corporation
    Inventors: Edward P. Wobber, Martin Abadi, Thomas L. Rodeheffer
  • Patent number: 8495742
    Abstract: A framework identifies malicious queries contained in search logs to uncover relationships between the malicious queries and the potential attacks launched by attackers submitting the malicious queries. A small seed set of malicious queries may be used to identify an IP address in the search logs that submitted the malicious queries. The seed set may be expanded by examining all queries in the search logs submitted by the identified IP address. Regular expressions may be generated from the expanded set of queries and used for detecting yet new malicious queries. Upon identifying the malicious queries, the framework may be used to detect attacks on vulnerable websites, spamming attacks, and phishing attacks.
    Type: Grant
    Filed: May 17, 2010
    Date of Patent: July 23, 2013
    Assignee: Microsoft Corporation
    Inventors: Martin Abadi, Yinglian Xie, Fang Yu, John Payyappillil John
  • Publication number: 20130185791
    Abstract: Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph.
    Type: Application
    Filed: January 15, 2012
    Publication date: July 18, 2013
    Applicant: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot C. Gillum, Krishna Vitaldevara, Jason D. Walter
  • Patent number: 8434098
    Abstract: A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant direct memory access DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module.
    Type: Grant
    Filed: February 7, 2008
    Date of Patent: April 30, 2013
    Assignee: Microsoft Corporation
    Inventors: Mingtzong Lee, Peter Wieland, Nar Ganapathy, Ulfar Erlingson, Martin Abadi, John Richardson
  • Patent number: 8434150
    Abstract: Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.
    Type: Grant
    Filed: March 24, 2011
    Date of Patent: April 30, 2013
    Assignee: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Martin Abadi, Eliot C. Gillum, Junxian Huang, Zhuoqing Morley Mao, Jason D. Walter, Krishna Vitaldevara
  • Publication number: 20130080785
    Abstract: A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.
    Type: Application
    Filed: December 19, 2011
    Publication date: March 28, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Matthew James Ruhlen, Kenneth John Yuhas, JR., Mark T. Fields, Martin Abadi
  • Patent number: 8387145
    Abstract: An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e.g., network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. This can enable host-based blacklisting instead of the traditional IP address based blacklisting. Host tracking results can be leveraged for forensic analysis to understand an attacker's traces and identify malicious activities in a postmortem fashion. The host tracking information may be used to build a tracklist which can block future attacks.
    Type: Grant
    Filed: June 8, 2009
    Date of Patent: February 26, 2013
    Assignee: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Martin Abadi
  • Publication number: 20120304287
    Abstract: Search result poisoning attacks may be automatically detected by identifying groups of suspicious uniform resource locators (URLs) containing multiple keywords and exhibiting patterns that deviate from other URLs in the same domain without crawling and evaluating the actual contents of each web page. Suspicious websites are identified and lexical features are extracted for each such website. The websites are clustered based on their lexical features, and group analysis is performed on each group to identify at least one suspicious group. Other implementations are directed to detecting a search engine optimization (SEO) attack by processing a large population of URLs to identify suspicious URLs based on the presence of a subset of keywords in each URL and the relative newness of each URL.
    Type: Application
    Filed: May 26, 2011
    Publication date: November 29, 2012
    Applicant: Microsoft Corporation
    Inventors: Fang Yu, Yinglian Xie, Martin Abadi, John P. John, Arvind Krishnamurthy
  • Publication number: 20120246720
    Abstract: Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.
    Type: Application
    Filed: March 24, 2011
    Publication date: September 27, 2012
    Applicant: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Martin Abadi, Eliot C. Gillum, Junxian Huang, Zhuoqing Morley Mao, Jason D. Walter, Krishna Vitaldevara
  • Patent number: 8266604
    Abstract: Transactional memory compatibility type attributes are associated with intermediate language code to specify, for example, that intermediate language code must be run within a transaction, or must not be run within a transaction, or may be run within a transaction. Attributes are automatically produced while generating intermediate language code from annotated source code. Default rules also generate attributes. Tools use attributes to statically or dynamically check for incompatibility between intermediate language code and a transactional memory implementation.
    Type: Grant
    Filed: January 26, 2009
    Date of Patent: September 11, 2012
    Assignee: Microsoft Corporation
    Inventors: Dana Groff, Yosseff Levanoni, Stephen Toub, Michael McKenzie Magruder, Weirong Zhu, Timothy Lawrence Harris, Christopher William Dern, John Joseph Duffy, David Detlefs, Martin Abadi, Sukhdeep Singh Sodhi, Lingli Zhang, Alexander Dadiomov, Vinod Grover
  • Patent number: 8239954
    Abstract: A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.
    Type: Grant
    Filed: May 7, 2007
    Date of Patent: August 7, 2012
    Assignee: Microsoft Corporation
    Inventors: Edward P. Wobber, Andrew Birrell, Martin Abadi
  • Patent number: 8185613
    Abstract: An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e.g., network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. To generate a host tracking graph, a host is represented. Host representations may be application-dependent. In an implementation, application-level identifiers (IDs) such as user email IDs, messenger login IDs, social network IDs, or cookies may be used. Each identifier may be associated with a human user. These unreliable IDs can be used to track the activity of the corresponding hosts.
    Type: Grant
    Filed: June 8, 2009
    Date of Patent: May 22, 2012
    Assignee: Microsoft Corporation
    Inventors: Yinglian Xie, Fang Yu, Martin Abadi
  • Patent number: 8185783
    Abstract: A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt.
    Type: Grant
    Filed: November 22, 2007
    Date of Patent: May 22, 2012
    Assignee: Microsoft Corporation
    Inventors: Mingtzong Lee, Peter Wieland, Nar Ganapathy, Ulfar Erlingsson, Martin Abadi, John Richardson