Patents by Inventor Saman P. Amarasinghe
Saman P. Amarasinghe has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11163598Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: GrantFiled: June 28, 2018Date of Patent: November 2, 2021Assignee: VMware, Inc.Inventors: Matthew Aasted, Meera Shah, Saman P. Amarasinghe, Timothy Garnett
-
Publication number: 20180349169Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: ApplicationFiled: June 28, 2018Publication date: December 6, 2018Inventors: Matthew AASTED, Meera SHAH, Saman P. AMARASINGHE, Timothy GARNETT
-
Patent number: 10013272Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: GrantFiled: December 28, 2015Date of Patent: July 3, 2018Assignee: VMware, Inc.Inventors: Matthew Aasted, Meera Shah, Saman P. Amarasinghe, Timothy Garnett
-
Publication number: 20160147557Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: ApplicationFiled: December 28, 2015Publication date: May 26, 2016Inventors: Matthew AASTED, Meera SHAH, Saman P. AMARASINGHE, Timothy GARNETT
-
Patent number: 9235577Abstract: Instead of transferring a large original file from a source system to a target system, the original file is encoded to define a recipe. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: GrantFiled: March 6, 2009Date of Patent: January 12, 2016Assignee: VMware, Inc.Inventors: Matthew Aasted, Meera Shah, Saman P. Amarasinghe, Timothy Garnett
-
Patent number: 8656497Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: GrantFiled: April 1, 2011Date of Patent: February 18, 2014Assignee: VMware, Inc.Inventors: Saman P. Amarasinghe, Bharath Chandramohan, Charles Renert, Derek L. Bruening, Vladimir Kiriansky, Timothy Garnett, Sandy Wilbourn, Warren Wu
-
Patent number: 8171548Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: GrantFiled: April 21, 2010Date of Patent: May 1, 2012Assignee: VMware, Inc.Inventors: Srinivas Mantripragada, Timothy Garnett, Derek L. Bruening, Vladimir Kiriansky, Bharath Chandramohan, James Brink, Saman P. Amarasinghe, Sandy Wilbourn
-
Publication number: 20110185433Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: ApplicationFiled: April 1, 2011Publication date: July 28, 2011Applicant: VMWARE, INC.Inventors: Saman P. AMARASINGHE, Bharath CHANDRAMOHAN, Charles RENERT, Derek L. BRUENING, Vladimir L. KIRIANSKY, Tim GARNETT, Sandy WILBOURN, Warren Wu
-
Patent number: 7945958Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: GrantFiled: June 6, 2006Date of Patent: May 17, 2011Assignee: VMware, Inc.Inventors: Saman P. Amarasinghe, Bharath Chandramohan, Charles Renert, Derek L. Bruening, Vladimir L. Kiriansky, Tim Garnett, Sandy Wilbourn, Warren Wu
-
Patent number: 7886148Abstract: Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.Type: GrantFiled: September 21, 2009Date of Patent: February 8, 2011Assignee: Massachusetts Institute of TechnologyInventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Patent number: 7856531Abstract: A runtime code manipulation system is provided that supports code transformations on a program while it executes. The runtime code manipulation system uses code caching technology to provide efficient and comprehensive manipulation of an application running on an operating system and hardware. The code cache includes a system for automatically keeping the code cache at an appropriate size for the current working set of an application running.Type: GrantFiled: December 30, 2008Date of Patent: December 21, 2010Assignee: Massachusetts Institute of TechnologyInventors: Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20100205669Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: ApplicationFiled: April 21, 2010Publication date: August 12, 2010Applicant: VMWARE, INC.Inventors: Srinivas MANTRIPRAGADA, Tim GARNETT, Derek BRUENING, Vladimir KIRIANSKY, Bharath CHANDRAMOHAN, James BRINK, Saman P. AMARASINGHE, Sandy WILBOURN
-
Patent number: 7735136Abstract: Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.Type: GrantFiled: April 18, 2006Date of Patent: June 8, 2010Assignee: VMware, Inc.Inventors: Srinivas Mantripragada, Tim Garnett, Derek Bruening, Vladimir Kiriansky, Bharath Chandramohan, James Brink, Saman P. Amarasinghe, Sandy Wilbourn
-
Publication number: 20100057750Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.Type: ApplicationFiled: March 6, 2009Publication date: March 4, 2010Applicant: VMWARE, INC.Inventors: Matthew AASTED, Meera SHAH, Saman P. AMARASINGHE, Timothy GARNETT
-
Publication number: 20100011209Abstract: Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.Type: ApplicationFiled: September 21, 2009Publication date: January 14, 2010Applicant: VMWARE, INC.Inventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Patent number: 7603704Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: GrantFiled: December 18, 2003Date of Patent: October 13, 2009Assignee: Massachusetts Institute of TechnologyInventors: Derek L. Bruening, Vladimir L. Kiriansky, Saman P. Amarasinghe
-
Patent number: 7594111Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: GrantFiled: December 18, 2003Date of Patent: September 22, 2009Assignee: Massachusetts Institute of TechnologyInventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20090204768Abstract: A runtime code manipulation system is provided that supports code transformations on a program while it executes. The runtime code manipulation system uses code caching technology to provide efficient and comprehensive manipulation of an application running on an operating system and hardware. The code cache includes a system for automatically keeping the code cache at an appropriate size for the current working set of an application running.Type: ApplicationFiled: December 30, 2008Publication date: August 13, 2009Inventors: Derek L. Bruening, Saman P. Amarasinghe
-
Patent number: 7478218Abstract: A runtime code manipulation system is provided that supports code transformations on a program while it executes. The runtime code manipulation system uses code caching technology to provide efficient and comprehensive manipulation of an application running on an operating system and hardware. The code cache includes a system for automatically keeping the code cache at an appropriate size for the current working set of an application running.Type: GrantFiled: February 17, 2006Date of Patent: January 13, 2009Assignee: VMware, Inc.Inventors: Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20040133777Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: ApplicationFiled: December 18, 2003Publication date: July 8, 2004Inventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe