Abstract: A system and method for providing an augmented reality environment in which the environmental mapping process is decoupled from the localization processes performed by one or more mobile devices is described. In some embodiments, an augmented reality system includes a mapping system with independent sensing devices for mapping a particular real-world environment and one or more mobile devices. Each of the one or more mobile devices utilizes a separate asynchronous computing pipeline for localizing the mobile device and rendering virtual objects from a point of view of the mobile device. This distributed approach provides an efficient way for supporting mapping and localization processes for a large number of mobile devices, which are typically constrained by form factor and battery life limitations.

Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

Abstract: A data transfer system is described herein that allows data to be sent directly between two computing devices at the request of a third party client computer. The system allows a third party to initiate data transfers between computers in a network file system. This results in a significant speed increase because little to no data travels over the third party's potentially slower connection. The data transfer system provides a mechanism to determine if the direct transfer would be more efficient than two separate read and write operations, based on measurements of bandwidth and latency between each computing device. The data transfer system provides support for the source server to compress the data and the destination server to decompress the data at the direction of a third party client to further save network bandwidth.

Abstract: A secure location system is described herein that leverages location-based services and hardware to make access decisions. Many mobile computers have location devices, such as GPS. They also have a trusted platform module (TPM) or other security device. Currently GPS location data is made directly accessible to untrusted application code using a simple protocol. The secure location system provides a secure mechanism whereby the GPS location of a computer at a specific time can be certified by the operating system kernel and TPM. The secure location system logs user activity with a label indicating the geographic location of the computing device at the time of the activity. The secure location system can provide a difficult to forge, time-stamped location through a combination of kernel-mode GPS access and TPM security hardware. Thus, the secure location system incorporates secure location information into authorization and other operating system decisions.

Abstract: A personal datacenter system is described herein that provides a framework for leveraging multiple heterogeneous computers in a dynamically changing environment together as an ad-hoc cluster for performing parallel processing of various tasks. A home environment is much more heterogeneous and dynamic than a typical datacenter, and typical datacenter scheduling strategies do not work well for these types of small clusters. Machines in a home are likely to be powered on and off, be removed and taken elsewhere, and be connected by an ad-hoc network topology with a mix of wired and wireless technologies. The personal data center system provides components to overcome these differences. The system identifies a dynamically available set of machines, characterizes their performance, discovers the network topology, and monitors the available communications bandwidth between machines.

Abstract: A performance monitoring system is described herein that works with a hypervisor to reserve resources outside of a virtual machine to monitor performance of an application running within the virtual machine. The application receives the guaranteed amount of resources specified by the virtual machine's specifications, and the monitoring consumes resources not associated with the virtual machine. The application running in the virtual machine is already isolated by the hypervisor from the physical machine, and thus additional burdens on the physical machine that allow the hypervisor to continue meeting guarantees to the virtual machine will not impact application performance. The performance monitoring system provides instrumentation of deployed applications that information technology (IT) personnel can dynamically turn on and off without affecting the performance of the deployed application.

Abstract: Hosts or end-systems residing at the edges of a network gather data about the traffic they transmit into and receive from the network. The network's routing protocol (typically a link-state protocol such as OSPF) is monitored and routing data or packets are used to recover the network's current status and topology. This data can be collected, fused, and maintained and a platform, preferably distributed, can be provided to query the data, thus enabling a variety of network management applications.

Abstract: Hosts or end-systems residing at the edges of a network gather data about the traffic they transmit into and receive from the network. The network's routing protocol (typically a link-state protocol such as OSPF) is monitored and routing data or packets are used to recover the network's current status and topology. This data can be collected, fused, and maintained and a platform, preferably distributed, can be provided to query the data, thus enabling a variety of network management applications.

Abstract: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

Abstract: An activity model is generated at a computer. The activity model may be generated by monitoring incoming and outgoing data in the computer. The collected data is analyzed to form a graph that describes and predicts what output is generated in response to received input. Later, a window of input and output data is collected from the computer. This collected window of data is used to query the activity model. The graph in the activity model is then used to give the probability that the collected window of data was collected from the computer used to generate the activity model. A high probability indicates that the computer is performing normally, while a low probability indicates that the computer may behaving erratically and there may be a problem with the computer.

Abstract: An activity model is generated at a computer. The activity model may be generated by monitoring incoming and outgoing channels for packets for a predetermined window of time. To generate an activity model, an input and an output channel are selected. A probability distribution function describing the observed waiting time between packet arrivals on the selected input channel and the selected output channel is generated by mining the data collected during the selected window of time. A probability distribution function describing the observed waiting time between a randomly chosen instant and receiving a packet on the selected input channel is also generated. The distance between the two generated probability distribution functions is computed. If the computed distance is greater than a predefined confidence level, then the two selected channels are deemed to be related. Otherwise, the selected channels are deemed to be unrelated.

Abstract: A computing system for determining performance factors for using in performance modeling of a deployed subject system, is presented. The computing system includes a plurality of software components comprising the subject system. Each of the components is susceptible to event tracing while executing on the computing system. The computing system includes a tracing component. The tracing component is configured to trace events of the components of the subject system as they execute. The computing system includes a transaction identification table. The transaction identification table comprises starting and ending actions for transactions performed by the subject system. The computing system also includes a transaction identification component that identifies actions from traced events, identifies related actions corresponding to a transaction according to the starting and ending actions in the transaction identification table, and stores the related actions in the transaction workflow data store.

Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. The virtual environment in which extensions designed to control hardware devices can safely execute can be efficiently created during an initial startup sequence of a host environment by indicating to the host environment that a second processing unit is present in the computing system allowing the host environment to create a coherent state. A virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by the created coherent state. A coherent state can be created when an operating system starts up and the appropriate parameters are observed and saved. Alternatively, an operating system of the host environment can create the coherent state by receiving indication of the second processing unit during the boot process.

Abstract: An activity model is generated at a computer. The activity model may be generated by monitoring incoming and outgoing channels for packets for a predetermined window of time. To generate an activity model, an input and an output channel are selected. A probability distribution function describing the observed waiting time between packet arrivals on the selected input channel and the selected output channel is generated by mining the data collected during the selected window of time. A probability distribution function describing the observed waiting time between a randomly chosen instant and receiving a packet on the selected input channel is also generated. The distance between the two generated probability distribution functions is computed. If the computed distance is greater than a predefined confidence level, then the two selected channels are deemed to be related. Otherwise, the selected channels are deemed to be unrelated.

Abstract: Activity models are maintained on a plurality of computers on a network. When a user or a particular activity model at a computer discovers an error, it may query its own activity model to determine a possible source of the error. If it is determined to not be the likely source of the error, the activity model queries the activity models of those computers on the network that it depends on. These activity models may then query the activity models of the computers that their particular host computer depends on and so forth. Ultimately the results of these activity model queries may be used to diagnose the likely source of the error and may be presented to the requesting user as a report.

Abstract: An activity model is generated at a computer. The activity model may be generated by monitoring incoming and outgoing data in the computer. The collected data is analyzed to form a graph that describes and predicts what output is generated in response to received input. Later, a window of input and output data is collected from the computer. This collected window of data is used to query the activity model. The graph in the activity model is then used to give the probability that the collected window of data was collected from the computer used to generate the activity model. A high probability indicates that the computer is performing normally, while a low probability indicates that the computer may behaving erratically and there may be a problem with the computer.

Abstract: A method and system are presented for determining the loading and capacity on a variable capacity channel by measuring the times at which packets are enqueued for transmission, and have their transmission completed, or by measuring these times in addition to the arrival times of the packets. The times may be measured using a device driver or other operating system component. The measurement may be performed in a centralized or distributed fashion for multi-access or point to point channels.

Abstract: A method and system for avoiding network congestion by measuring network load to adjust a rate at each source. The load (e.g., as a price value) is provided to network traffic sources, which adjust their flows based on a per-flow weight (willingness to pay). The load may be determined in-band by routers or out-of-band by an observer node. A load value (e.g., as a price) is increased or decreased based on the actual load or an estimate based on the actual load. The sources obtain the load value and control the output rates per flow based on each flow's associated weight (willingness to pay), e.g., as set by an administrator. Further, two classes of applications are enabled by allowing certain applications to ignore price.

Abstract: Described herein are one or more implementations of an operating system that provides for statically verifiable inter-process communication between isolated processes. Also, described herein are one or more implementations of programming tools that facilitate the development of statically verifiable isolated processes having inter-process communication.