Patents by Inventor Michael Bishop Ebersol
Michael Bishop Ebersol has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126580Abstract: Transparently providing a virtualization feature to an unenlightened guest operating system (OS). A guest partition, corresponding to a virtual machine, is divided into a first guest privilege context and a second guest privilege context. A compatibility component executes within the first guest privilege context, while a guest OS executes within the second guest privilege context. The compatibility component is configured to intercept input/output (I/O) operations associated with the guest operating OS. Based on the compatibility component intercepting an I/O operation associated with the guest OS, the compatibility component processes the I/O operation using a virtualization feature that is unsupported by the guest OS. Examples of the virtualization feature include accelerated access to a hardware device and virtual machine guest confidentiality.Type: ApplicationFiled: December 22, 2022Publication date: April 18, 2024Inventors: Jin LIN, David Alan HEPKIN, Michael Bishop EBERSOL, Matthew David KURJANOWICZ, Aditya BHANDARI, Attilio MAINETTI, Amy Anthony PARISH
-
Publication number: 20240104193Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.Type: ApplicationFiled: September 26, 2022Publication date: March 28, 2024Inventors: Jin LIN, Jason Stewart WOHLGEMUTH, Michael Bishop EBERSOL, Aditya BHANDARI, Steven Adrian WEST, Emily Cara CLEMENS, Michael Halstead KELLEY, Dexuan CUI, Attilio MAINETTI, Sarah Elizabeth STEPHENSON, Carolina Cecilia PEREZ-VARGAS, Antoine Jean Denis DELIGNAT-LAVAUD, Kapil VASWANI, Alexander Daniel GREST, Steve Michel PRONOVOST, David Alan HEPKIN
-
Publication number: 20240069943Abstract: Data-at-rest protection for virtual machines includes operating a data protection component within a first privilege context of a guest partition, and operating a guest operating system (OS) within a second privilege context of the guest partition. The data protection component participates in data input/output operations of the guest OS. Based on a data output operation of the guest OS, the data protection component applies a first data protection operation to first data associated with the data output operation; and initiates storage of a first result of the first data protection operation to a data storage device. Based a data input operation of the guest OS, the data protection component applies a second data protection operation to second data associated with the data input operation; and, based on applying the second data protection operation to the second data, communicates an outcome of the data input operation to the guest OS.Type: ApplicationFiled: August 29, 2022Publication date: February 29, 2024Inventors: Jin LIN, David Alan HEPKIN, Michael Bishop EBERSOL, Matthew David KURJANOWICZ, Taylor Alan HOPE
-
Publication number: 20230401081Abstract: Isolating resources of a virtual machine (VM) guest from a host operating system. A computer system receives an acceptance request from a guest partition corresponding to an isolated VM. The acceptance request identifies a guest memory page that is mapped into a guest physical address space of the guest partition, and a memory page visibility class. The computer system determines whether a physical memory page that is mapped to the guest memory page meets the memory page visibility class. The computer system sets a page acceptance indication for the guest memory page from an unaccepted state to an accepted state based on the physical memory page meeting the memory page visibility class.Type: ApplicationFiled: June 10, 2022Publication date: December 14, 2023Inventors: Jin LIN, David Alan HEPKIN, Michael Bishop EBERSOL, Stephanie Sumyi LUCK, Jonathan Edward LANGE, Bruce J. SHERWIN, JR., Kevin Michael BROAS, Wen Jia LIU, Xin David ZHANG, Alexander Daniel GREST
-
Publication number: 20230334144Abstract: The techniques disclosed herein enable a system to configure a confidential virtual resource unit by provisioning a security component to a tenant's virtual resource unit. The system creates multiple different virtual trust layers within the confidential virtual resource unit. This creation effectively defines security boundaries between the virtual trust layers. The virtual trust layers are associated with different privileges, such that a higher privileged virtual trust layer is provided with more privileges compared to a lower privileged virtual trust layer. In one example, a lower privileged virtual trust layer may include basic virtual resource components (e.g., drivers, applications, processes, functions, workloads executing within a guest operating system) and a higher privileged virtual trust layer is the location to which a virtual security component is provisioned by the system.Type: ApplicationFiled: May 27, 2022Publication date: October 19, 2023Inventors: Jin LIN, Michael Bishop EBERSOL, David Kimler ALTOBELLI, Jingbo WU, Qiang WANG
-
Publication number: 20220224726Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: March 28, 2022Publication date: July 14, 2022Inventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11363067Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: June 12, 2019Date of Patent: June 14, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11290488Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: February 15, 2019Date of Patent: March 29, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Publication number: 20190297116Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: June 12, 2019Publication date: September 26, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 10333985Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: March 16, 2017Date of Patent: June 25, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Publication number: 20190182295Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: February 15, 2019Publication date: June 13, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Publication number: 20180198824Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: March 16, 2017Publication date: July 12, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol