Patents by Inventor Vladimir L. Kiriansky
Vladimir L. Kiriansky has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10318256Abstract: Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory.Type: GrantFiled: November 27, 2012Date of Patent: June 11, 2019Assignee: VMware, Inc.Inventors: Derek Bruening, Vladimir L. Kiriansky
-
Patent number: 9665498Abstract: Memory space is managed to release storage area occupied by pages similar to stored reference pages. The memory is examined to find two similar pages, and a transformation is obtained. The transformation enables reconstructing one page from the other. The transformation is then stored and one of the pages is discarded to release its memory space. When the discarded page is needed, the remaining page is fetched, and the transformation is applied to the page to regenerate the discarded page.Type: GrantFiled: July 30, 2008Date of Patent: May 30, 2017Assignee: VMware, Inc.Inventor: Vladimir L. Kiriansky
-
Patent number: 8402224Abstract: A runtime system using thread-shared code caches is provided which avoids brute-force all-thread-suspension and monolithic global locks. In one embodiment, medium-grained runtime system synchronization reduces lock contention. The system includes trace building that combines efficient private construction with shared results, in-cache lock-free lookup table access in the presence of entry invalidations, and a delayed deletion algorithm based on timestamps and reference counts. These enable reductions in memory usage and performance overhead.Type: GrantFiled: September 20, 2006Date of Patent: March 19, 2013Assignee: VMware, Inc.Inventors: Derek L. Bruening, Vladimir L. Kiriansky, Tim Garnett, Sanjeev Banerji
-
Patent number: 8321850Abstract: Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory.Type: GrantFiled: June 6, 2008Date of Patent: November 27, 2012Assignee: VMware, Inc.Inventors: Derek Bruening, Vladimir L. Kiriansky
-
Publication number: 20110185433Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: ApplicationFiled: April 1, 2011Publication date: July 28, 2011Applicant: VMWARE, INC.Inventors: Saman P. AMARASINGHE, Bharath CHANDRAMOHAN, Charles RENERT, Derek L. BRUENING, Vladimir L. KIRIANSKY, Tim GARNETT, Sandy WILBOURN, Warren Wu
-
Patent number: 7945958Abstract: A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.Type: GrantFiled: June 6, 2006Date of Patent: May 17, 2011Assignee: VMware, Inc.Inventors: Saman P. Amarasinghe, Bharath Chandramohan, Charles Renert, Derek L. Bruening, Vladimir L. Kiriansky, Tim Garnett, Sandy Wilbourn, Warren Wu
-
Patent number: 7886148Abstract: Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.Type: GrantFiled: September 21, 2009Date of Patent: February 8, 2011Assignee: Massachusetts Institute of TechnologyInventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20100030998Abstract: Memory space is managed to release storage area occupied by pages similar to stored reference pages. The memory is examined to find two similar pages, and a transformation is obtained. The transformation enables reconstructing one page from the other. The transformation is then stored and one of the pages is discarded to release its memory space. When the discarded page is needed, the remaining page is fetched, and the transformation is applied to the page to regenerate the discarded page.Type: ApplicationFiled: July 30, 2008Publication date: February 4, 2010Applicant: VMWARE, INC.Inventor: Vladimir L. KIRIANSKY
-
Publication number: 20100011209Abstract: Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.Type: ApplicationFiled: September 21, 2009Publication date: January 14, 2010Applicant: VMWARE, INC.Inventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20090307430Abstract: Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory.Type: ApplicationFiled: June 6, 2008Publication date: December 10, 2009Applicant: VMWARE, INC.Inventors: Derek BRUENING, Vladimir L. Kiriansky
-
Patent number: 7603704Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: GrantFiled: December 18, 2003Date of Patent: October 13, 2009Assignee: Massachusetts Institute of TechnologyInventors: Derek L. Bruening, Vladimir L. Kiriansky, Saman P. Amarasinghe
-
Patent number: 7594111Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: GrantFiled: December 18, 2003Date of Patent: September 22, 2009Assignee: Massachusetts Institute of TechnologyInventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe
-
Publication number: 20040133777Abstract: Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.Type: ApplicationFiled: December 18, 2003Publication date: July 8, 2004Inventors: Vladimir L. Kiriansky, Derek L. Bruening, Saman P. Amarasinghe