Patents by Inventor Xiaoxue Ma
Xiaoxue Ma has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8156230Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.Type: GrantFiled: March 22, 2011Date of Patent: April 10, 2012Assignee: Cisco Technology, Inc.Inventors: Mark Bakke, Timothy Kuik, David Thompson, Paul Gleichauf, Xiaoxue Ma
-
Patent number: 8127412Abstract: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vType: GrantFiled: March 30, 2007Date of Patent: March 6, 2012Assignee: Cisco Technology, Inc.Inventors: Paul Gleichauf, Mark Bakke, Timothy Kuik, David Thompson, Xiaoxue Ma
-
Patent number: 8121043Abstract: An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.Type: GrantFiled: August 19, 2005Date of Patent: February 21, 2012Assignee: Cisco Technology, Inc.Inventors: Xiaoxue Ma, Paul Gleichauf, Ganesh Sadasivan, Sunil Khaunte, Paul Aitken
-
Publication number: 20110173295Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.Type: ApplicationFiled: March 22, 2011Publication date: July 14, 2011Inventors: Mark Bakke, Timothy Kuik, David Thompson, Paul Gleichauf, Xiaoxue Ma
-
Patent number: 7949766Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.Type: GrantFiled: June 21, 2006Date of Patent: May 24, 2011Assignee: Cisco Technology, Inc.Inventors: Mark Bakke, Timothy Kuik, David Thompson, Paul Gleichauf, Xiaoxue Ma
-
Patent number: 7496035Abstract: Methods and apparatus are disclosed for defining flow types and instances thereof such as for identifying packets corresponding to instances of the flow types. A flow type is defined and includes a set of properties including at least one of the possible properties selectable when defining a flow type. An instance of the flow type is defined and a set of corresponding associative memory entries is generated. A lookup word generator of a packet processing engine is typically notified of the use of the flow type, and one or more lookup words are generated typically by extracting fields from a received packet and/or from other sources. Based on a result of lookup operations on the set of associative memories entries using the generated one or more lookup words, the received packet can be identified as whether it matches or does not match the instance of the flow type.Type: GrantFiled: January 31, 2003Date of Patent: February 24, 2009Assignee: Cisco Technology, Inc.Inventors: Ganesh Sadasivan, Rengabashyam Srinivas, William N. Eatherton, Xiaoxue Ma, Peram Marimuthu
-
Publication number: 20080244747Abstract: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vType: ApplicationFiled: March 30, 2007Publication date: October 2, 2008Inventors: Paul Gleichauf, Mark Bakke, Timothy Kuik, David Thompson, Xiaoxue Ma
-
Publication number: 20070041331Abstract: An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.Type: ApplicationFiled: August 19, 2005Publication date: February 22, 2007Inventors: Xiaoxue Ma, Paul Gleichauf, Ganesh Sadasivan, Sunil Khaunte, Paul Aitken
-
Publication number: 20070011272Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.Type: ApplicationFiled: June 21, 2006Publication date: January 11, 2007Inventors: Mark Bakke, Timothy Kuik, David Thompson, Paul Gleichauf, Xiaoxue Ma
-
Patent number: 7143006Abstract: A policy-based approach for managing the export of network flow statistical data uses constraints and prioritization to select flow data to be exported by flow monitoring processes. According to the approach, a flow monitoring process monitors a plurality of flows at an observation point. The flow monitoring process generates flow statistical data for the plurality of flows. Policy data is made available to the flow monitoring process and includes constraint data and priority data. The constraint data indicates usage constraints for one or more resources available to the flow monitoring process. The priority data indicates a desired priority of flow attributes. The flow monitoring process uses the policy data to select one or more flows from the plurality of flows, such that the resource usage constraints are satisfied. The flow monitoring process exports a portion of the flow statistical data that corresponds to the selected one or more flows.Type: GrantFiled: March 23, 2005Date of Patent: November 28, 2006Assignee: Cisco Technology, Inc.Inventors: Xiaoxue Ma, Paul Harry Gleichauf, Paul Atkins
-
Publication number: 20060217923Abstract: A policy-based approach for managing the export of network flow statistical data uses constraints and prioritization to select flow data to be exported by flow monitoring processes. According to the approach, a flow monitoring process monitors a plurality of flows at an observation point. The flow monitoring process generates flow statistical data for the plurality of flows. Policy data is made available to the flow monitoring process and includes constraint data and priority data. The constraint data indicates usage constraints for one or more resources available to the flow monitoring process. The priority data indicates a desired priority of flow attributes. The flow monitoring process uses the policy data to select one or more flows from the plurality of flows, such that the resource usage constraints are satisfied. The flow monitoring process exports a portion of the flow statistical data that corresponds to the selected one or more flows.Type: ApplicationFiled: March 23, 2005Publication date: September 28, 2006Inventors: Xiaoxue Ma, Paul Gleichauf, Paul Atkins