Patents by Inventor Yi-Min Wang
Yi-Min Wang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20080127341Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.Type: ApplicationFiled: June 29, 2007Publication date: May 29, 2008Applicant: Microsoft CorporationInventors: Shuo Chen, Jiahe Helen Wang, Yi-Min Wang
-
Patent number: 7337092Abstract: System events preceding occurrence of a problem are likely to be similar to events preceding occurrence of the same problem at other times or on other systems. Thus, the cause of a problem may be identified by comparing a trace of events preceding occurrence of the problem with previously diagnosed traces. Traces of events preceding occurrences of a problem arising from a known cause are reduced to a series of descriptive elements. These elements are aligned to correlate differently timed but otherwise similar traces of events, converted into symbolic representations, and archived. A trace of events leading to an undiagnosed a problem similarly is converted to a symbolic representation. The representation of the undiagnosed trace is then compared to the archived representations to identify a similar archived representation. The cause of the similar archived representation is presented as a diagnosis of the problem.Type: GrantFiled: November 3, 2006Date of Patent: February 26, 2008Assignee: Microsoft CorporationInventors: Chun Yuan, Ji-Rong Wen, Wei-Ying Ma, Yi-Min Wang, Zheng Zhang
-
Publication number: 20070208822Abstract: A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.Type: ApplicationFiled: March 1, 2006Publication date: September 6, 2007Applicant: Microsoft CorporationInventors: Yi-Min Wang, Douglas Beck
-
Publication number: 20070168550Abstract: A system arid method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription.Type: ApplicationFiled: February 6, 2007Publication date: July 19, 2007Inventors: Yi-Min Wang, Lili Qiu, Chad Verbowski, Demetrios Achlioptas, Gautam Das, Per-Ake Larson
-
Patent number: 7200675Abstract: A system and method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription.Type: GrantFiled: March 14, 2003Date of Patent: April 3, 2007Assignee: Microsoft CorporationInventors: Yi-Min Wang, Lili Qiu, Chad E. Verbowski, Demetrios Achlioptas, Gautam Das, Per-Ake Larson
-
Publication number: 20070061623Abstract: System events preceding occurrence of a problem are likely to be similar to events preceding occurrence of the same problem at other times or on other systems. Thus, the cause of a problem may be identified by comparing a trace of events preceding occurrence of the problem with previously diagnosed traces. Traces of events preceding occurrences of a problem arising from a known cause are reduced to a series of descriptive elements. These elements are aligned to correlate differently timed but otherwise similar traces of events, converted into symbolic representations, and archived. A trace of events leading to an undiagnosed a problem similarly is converted to a symbolic representation. The representation of the undiagnosed trace is then compared to the archived representations to identify a similar archived representation. The cause of the similar archived representation is presented as a diagnosis of the problem.Type: ApplicationFiled: November 3, 2006Publication date: March 15, 2007Applicant: Microsoft CorporationInventors: Chun Yuan, Ji-Rong Wen, Wei-Ying Ma, Yi-Min Wang, Zheng Zhang
-
Patent number: 7171337Abstract: System events preceding occurrence of a problem are likely to be similar to events preceding occurrence of the same problem at other times or on other systems. Thus, the cause of a problem may be identified by comparing a trace of events preceding occurrence of the problem with previously diagnosed traces. Traces of events preceding occurrences of a problem arising from a known cause are reduced to a series of descriptive elements. These elements are aligned to correlate differently timed but otherwise similar traces of events, converted into symbolic representations, and archived. A trace of events leading to an undiagnosed a problem similarly is converted to a symbolic representation. The representation of the undiagnosed trace is then compared to the archived representations to identify a similar archived representation. The cause of the similar archived representation is presented as a diagnosis of the problem.Type: GrantFiled: June 21, 2005Date of Patent: January 30, 2007Assignee: Microsoft CorpoartionInventors: Chun Yuan, Ji-Rong Wen, Wei-Ying Ma, Yi-Min Wang, Zheng Zhang
-
Publication number: 20070022287Abstract: A method and system for determining whether resources of a computer system are being hidden is provided. The security system invokes a high-level function of user mode that is intercepted and filtered by the malware to identify resources. The security system also directly invokes a low-level function of kernel mode that is not intercepted and filtered by the malware to identify resources. After invoking the high-level function and the low-level function, the security system compares the identified resources. If the low-level function identified a resource that was not identified by the high-level function, then the security system may consider the resource to be hidden.Type: ApplicationFiled: July 15, 2005Publication date: January 25, 2007Applicant: Microsoft CorporationInventors: Douglas Beck, Yi-Min Wang
-
Publication number: 20070006323Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.Type: ApplicationFiled: August 29, 2005Publication date: January 4, 2007Applicant: Microsoft CorporationInventors: Chad Verbowski, John Dunagan, Shuo Chen, Yi-Min Wang
-
Publication number: 20070006297Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.Type: ApplicationFiled: August 29, 2005Publication date: January 4, 2007Applicant: Microsoft CorporationInventors: Chad Verbowski, John Dunagan, Shuo Chen, Yi-Min Wang
-
Publication number: 20070006283Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.Type: ApplicationFiled: August 29, 2005Publication date: January 4, 2007Applicant: Microsoft CorporationInventors: Chad Verbowski, John Dunagan, Shuo Chen, Yi-Min Wang
-
Publication number: 20060294592Abstract: Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.Type: ApplicationFiled: June 28, 2005Publication date: December 28, 2006Applicant: Microsoft CorporationInventors: Alexey Polyakov, Gretchen Loihle, Mihai Costea, Robert Hensing, Scott Field, Vincent Orgovan, Yi-Min Wang, Yun Lin
-
Publication number: 20060288261Abstract: System events preceding occurrence of a problem are likely to be similar to events preceding occurrence of the same problem at other times or on other systems. Thus, the cause of a problem may be identified by comparing a trace of events preceding occurrence of the problem with previously diagnosed traces. Traces of events preceding occurrences of a problem arising from a known cause are reduced to a series of descriptive elements. These elements are aligned to correlate differently timed but otherwise similar traces of events, converted into symbolic representations, and archived. A trace of events leading to an undiagnosed a problem similarly is converted to a symbolic representation. The representation of the undiagnosed trace is then compared to the archived representations to identify a similar archived representation. The cause of the similar archived representation is presented as a diagnosis of the problem.Type: ApplicationFiled: June 21, 2005Publication date: December 21, 2006Applicant: Microsoft CorporationInventors: Chun Yuan, Ji-Rong Wen, Wei-Ying Ma, Yi-Min Wang, Zheng Zhang
-
Patent number: 7139790Abstract: A weak leader election approach to determine which of a number of redundant nodes is the leader node is disclosed. The redundant nodes exchange information particular to them, such as age information. Based on the information received from the other nodes, each node determines whether it is the leader. Where the information is age information, a criteria that can be used to make this determination is that the oldest node is the leader. Each redundant node knows only whether it is the leader node. Redundant nodes that are not the leader do not know which node is the leader node.Type: GrantFiled: August 17, 2000Date of Patent: November 21, 2006Assignee: Microsoft CorporationInventors: Yi-Min Wang, Wilf G. Russell, Anish K. Arora
-
Patent number: 7133729Abstract: Power line monitoring is disclosed. The monitoring can be performed in conjunction with an automation system designed to control and monitor devices and sensors. Model-based power line monitoring uses a model of acceptable power line activity. Activity that does not conform to the model is tagged as indicating a potential problem. Pattern-based power line monitoring uses patterns of unacceptable power line activity. Activity that matches one of the patterns is also tagged as indicating a potential problem.Type: GrantFiled: August 17, 2000Date of Patent: November 7, 2006Assignee: Microsoft CorporationInventors: Yi-Min Wang, Wilf G. Russell, Anish K. Arora
-
Patent number: 7096200Abstract: A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.Type: GrantFiled: April 23, 2002Date of Patent: August 22, 2006Assignee: Microsoft CorporationInventors: Yi-Min Wang, Qixiang Sun, Daniel R. Simon, Wilfred Russell, Lili Qiu, Venkata N. Padmanabhan
-
Patent number: 7082553Abstract: A method and system for improving reliability and availability in distributed computer applications. The method and system may be used in the context of primary-backup, failover recovery. The method involves software-fault tolerance using technique of structured storage; referral components; and wrappers. The method and system exploit the platform and operating system independence of component object models to allow the dynamic linkage of different component objects, the objects being resident on different inter-linked machines, based on the application requirements at any given point in time.Type: GrantFiled: August 21, 1998Date of Patent: July 25, 2006Assignee: AT&T Corp.Inventor: Yi-Min Wang
-
Patent number: 7078998Abstract: A spiral inductor is provided including a substrate and an inductor dielectric layer over the substrate having a spiral opening provided therein. The spiral inductor is in the spiral opening with the spiral inductor including a plurality of parallel spiral vias connected together at center proximate and center distal ends of the spiral inductor.Type: GrantFiled: January 9, 2004Date of Patent: July 18, 2006Assignee: Chartered Semiconductor Manufacturing Ltd.Inventors: Jiong Zhang, Yi Min Wang, Shao-fu Sanford Chu
-
Publication number: 20060117310Abstract: A method and system for analyzing the impact on software of an update to a software system is provided. The impact analysis system identifies resources that are affected by an update to the software system and identifies resources that are accessed by various software components during execution of the software components. To analyze the effects of an update, the impact analysis system identifies those accessed resources of the software components that are affected by the update as being impacted resources. The impact analysis system considers those software components that access the impacted resources to be impacted software components. The impact analysis system provides a user interface through which a user can view and analyze the impact of an update.Type: ApplicationFiled: November 24, 2004Publication date: June 1, 2006Applicant: Microsoft CorporationInventors: Bradford Daniels, John Dunagan, Roussi Roussev, Chad Verbowski, Yi-Min Wang
-
Publication number: 20060059091Abstract: A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.Type: ApplicationFiled: October 31, 2005Publication date: March 16, 2006Applicant: Microsoft CorporationInventors: Yi-Min Wang, Qixiang Sun, Daniel Simon, Wilfred Russell, Lili Qiu, Venkata Padmanabhan