Patents by Inventor Michael Bursell
Michael Bursell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11886899Abstract: A system includes a memory, a processor in communication with the memory, a hypervisor, and a trusted execution environment (TEE). The TEE is provisioned with a workload and includes an introspection module. The introspection module is configured to execute an introspection command according to an introspection policy. The introspection command is configured to validate at least one memory access associated with the workload. The introspection module is also configured to determine a status of a result of the introspection commands, wherein the status is one of a failure status and a success status.Type: GrantFiled: April 30, 2020Date of Patent: January 30, 2024Assignee: RED HAT, INC.Inventors: Michael Bursell, Michael Tsirkin
-
Patent number: 11789763Abstract: Methods and systems for storing and injecting bytecode are provided. In one embodiment, a method is provided that includes receiving, at a first time, a first function for execution within a serverless computing environment; generating, by an interpreter, a first bytecode based on the first function; storing the first bytecode in association with an identifier of the first function; receiving, at a second time after the first time, a second function for execution within the serverless computing environment; identifying the second function as corresponding to the first function; injecting the first bytecode into a container for execution of the second function; receiving performance metrics regarding execution of the second function; and determining, based on the performance metrics, whether to allow or prevent future injection of the first bytecode.Type: GrantFiled: July 29, 2022Date of Patent: October 17, 2023Assignee: Red Hat, Inc.Inventors: Huamin Chen, Michael Bursell
-
Patent number: 11792070Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: GrantFiled: September 7, 2021Date of Patent: October 17, 2023Inventor: Michael Bursell
-
Patent number: 11783070Abstract: Sensitive information can be managed using a trusted platform module. For example, a system can encrypt target information using a cryptographic key to generate encrypted data. The system can also receive an encrypted key from a trusted platform module, where the encrypted key is a version of the cryptographic key that is encrypted using a public key stored in the trusted platform module. The system can then transmit the encrypted data and the encrypted key to a remote computing system, for example to store the encrypted data and the encrypted key on the remote computing system. Using these techniques, the target information may be secured and stored in remote locations.Type: GrantFiled: April 19, 2021Date of Patent: October 10, 2023Assignee: Red Hat, Inc.Inventors: Ricardo Noriega De Soto, Michael Bursell, Huamin Chen
-
Publication number: 20220365800Abstract: Methods and systems for storing and injecting bytecode are provided. In one embodiment, a method is provided that includes receiving, at a first time, a first function for execution within a serverless computing environment; generating, by an interpreter, a first bytecode based on the first function; storing the first bytecode in association with an identifier of the first function; receiving, at a second time after the first time, a second function for execution within the serverless computing environment; identifying the second function as corresponding to the first function; injecting the first bytecode into a container for execution of the second function; receiving performance metrics regarding execution of the second function; and determining, based on the performance metrics, whether to allow or prevent future injection of the first bytecode.Type: ApplicationFiled: July 29, 2022Publication date: November 17, 2022Inventors: Huamin Chen, Michael Bursell
-
Publication number: 20220335142Abstract: Sensitive information can be managed using a trusted platform module. For example, a system can encrypt target information using a cryptographic key to generate encrypted data. The system can also receive an encrypted key from a trusted platform module, where the encrypted key is a version of the cryptographic key that is encrypted using a public key stored in the trusted platform module. The system can then transmit the encrypted data and the encrypted key to a remote computing system, for example to store the encrypted data and the encrypted key on the remote computing system. Using these techniques, the target information may be secured and stored in remote locations.Type: ApplicationFiled: April 19, 2021Publication date: October 20, 2022Inventors: Ricardo Noriega De Soto, Michael Bursell, Huamin Chen
-
Patent number: 11455404Abstract: Aspects and features of the present disclosure can provide a trusted, privacy-preserved deduplication process by executing deduplication functions in a trusted execution environment (TEE). In some examples, encrypted, incoming user data blocks are decrypted in the TEE to produce unencrypted user data blocks. An incoming digital fingerprint or each unencrypted user data block is produced. A processing device can compare the incoming digital fingerprint to existing digital fingerprints stored in the TEE to determine a presence of the incoming digital fingerprint and hence the presence of a copy of the data block in the storage platform, and writes the encrypted. Incoming data blocks are written to storage only when necessary. The technique allows public mass storage systems to meet cybersecurity objectives while achieving the storage space efficiency that deduplication provides.Type: GrantFiled: May 28, 2020Date of Patent: September 27, 2022Assignee: RED HAT, INC.Inventors: Huamin Chen, Michael Bursell
-
Patent number: 11416273Abstract: Methods and systems for storing and injecting bytecode are provided. In one embodiment, a method is provided that includes receiving a first function for execution at a first time and generating a first bytecode based on the first function for use in executing the first function. The first bytecode may then be stored with an identifier of the first function. At a second time after the first time, a second function may be received for execution. The second function may be identified as corresponding to the first function and the first bytecode may be received. The first bytecode may then be injected into a container for execution of the second function.Type: GrantFiled: January 16, 2020Date of Patent: August 16, 2022Assignee: RED HAT, INC.Inventors: Huamin Chen, Michael Bursell
-
Patent number: 11356367Abstract: According to one example, a method includes, with a serverless function infrastructure, associated a routing secret with a function sequence. The method further includes, with a sequence controller of the serverless function infrastructure, appending the routing secret to a header of a request to invoke a first function of the function sequence. The method further includes, with the serverless function infrastructure invoking the first function of the function sequence, in response to authenticating the routing secret in the header of the request. The method further includes, after the first function has been invoked and before the first function completes execution, with a serving controller of the serverless function infrastructure, preloading subsequent functions of the function sequence.Type: GrantFiled: November 22, 2019Date of Patent: June 7, 2022Assignee: RED HAT, INC.Inventors: Huamin Chen, Michael Bursell
-
Publication number: 20220129593Abstract: A system includes a memory, a processor in communication with the memory, a supervisor, and a trusted execution environment (“TEE”). The TEE includes an introspection module and is configured to execute the introspection module on a workload according to an introspection security policy. Additionally, the TEE is configured to generate an introspection result for the workload. The introspection security policy specifies at least one of (i) a portion of the TEE that is exposed to the introspection module and (ii) at least one of an accelerator and a device the introspection module has access to. Additionally, the introspection module is configured to validate the workload. The introspection result is one of a passing result and a failing result.Type: ApplicationFiled: October 28, 2020Publication date: April 28, 2022Inventors: Michael Tsirkin, Michael Bursell
-
Publication number: 20210409270Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: ApplicationFiled: September 7, 2021Publication date: December 30, 2021Inventor: Michael Bursell
-
Publication number: 20210374253Abstract: Aspects and features of the present disclosure can provide a trusted, privacy-preserved deduplication process by executing deduplication functions in a trusted execution environment (TEE). In some examples, encrypted, incoming user data blocks are decrypted in the TEE to produce unencrypted user data blocks. An incoming digital fingerprint or each unencrypted user data block is produced. A processing device can compare the incoming digital fingerprint to existing digital fingerprints stored in the TEE to determine a presence of the incoming digital fingerprint and hence the presence of a copy of the data block in the storage platform, and writes the encrypted. Incoming data blocks are written to storage only when necessary. The technique allows public mass storage systems to meet cybersecurity objectives while achieving the storage space efficiency that deduplication provides.Type: ApplicationFiled: May 28, 2020Publication date: December 2, 2021Inventors: HUAMIN CHEN, MICHAEL BURSELL
-
Publication number: 20210342174Abstract: A system includes a memory, a processor in communication with the memory, a hypervisor, and a trusted execution environment (TEE). The TEE is provisioned with a workload and includes an introspection module. The introspection module is configured to execute an introspection command according to an introspection policy. The introspection command is configured to validate at least one memory access associated with the workload. The introspection module is also configured to determine a status of a result of the introspection commands, wherein the status is one of a failure status and a success status.Type: ApplicationFiled: April 30, 2020Publication date: November 4, 2021Inventors: Michael Bursell, Michael Tsirkin
-
Patent number: 11140030Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: GrantFiled: February 27, 2019Date of Patent: October 5, 2021Assignee: Citrix Systems, Inc.Inventor: Michael Bursell
-
Publication number: 20210224087Abstract: Methods and systems for storing and injecting bytecode are provided. In one embodiment, a method is provided that includes receiving a first function for execution at a first time and generating a first bytecode based on the first function for use in executing the first function. The first bytecode may then be stored with an identifier of the first function. At a second time after the first time, a second function may be received for execution. The second function may be identified as corresponding to the first function and the first bytecode may be received. The first bytecode may then be injected into a container for execution of the second function.Type: ApplicationFiled: January 16, 2020Publication date: July 22, 2021Inventors: Huamin Chen, Michael Bursell
-
Publication number: 20210160180Abstract: According to one example, a method includes, with a serverless function infrastructure, associated a routing secret with a function sequence. The method further includes, with a sequence controller of the serverless function infrastructure, appending the routing secret to a header of a request to invoke a first function of the function sequence. The method further includes, with the serverless function infrastructure invoking the first function of the function sequence, in response to authenticating the routing secret in the header of the request. The method further includes, after the first function has been invoked and before the first function completes execution, with a serving controller of the serverless function infrastructure, preloading subsequent functions of the function sequence.Type: ApplicationFiled: November 22, 2019Publication date: May 27, 2021Inventors: Huamin Chen, Michael Bursell
-
Publication number: 20190199590Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: ApplicationFiled: February 27, 2019Publication date: June 27, 2019Inventor: Michael Bursell
-
Patent number: 10263842Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: GrantFiled: January 12, 2016Date of Patent: April 16, 2019Assignee: Citrix Systems, Inc.Inventor: Michael Bursell
-
Patent number: 9509501Abstract: Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.Type: GrantFiled: April 6, 2015Date of Patent: November 29, 2016Assignee: Citrix Systems, Inc.Inventor: Michael Bursell
-
Publication number: 20160127184Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.Type: ApplicationFiled: January 12, 2016Publication date: May 5, 2016Inventor: Michael Bursell