-
Patent Agency Ranking
公开(公告)号:WO2007123620A1
公开(公告)日:2007-11-01
申请号:PCT/US2007/007244
申请日:2007-03-23
Applicant: MICROSOFT CORPORATION
Inventor: BERNABEU-AUBAN, Jose, M. , DOSSICK, Stephen, E. , PESCHEL-GALLEE, Frank, V. , KHALIDI, Yousef, A. , ZACHWIEJA, Stephan, J.
Abstract: The resources needed by an application to execute are declared by the application. When the application is activated, only the declared resources are made available to the application because only the declared resources are connected to the execution environment. Accessibility to resources may be controlled by the operating system by making the resource visible or invisible to the executing software by mapping a local name used by the executing software to a global resource, possibly limiting the type of access allowed. Because the executing software relies on the mapping function performed by the operating system for access to resources, and the operating system only maps names declared by the software, the operating system can isolate the software, and prevent the application from accessing undeclared global resources.
Abstract translation: 应用程序执行所需的资源由应用程序声明。 当应用程序被激活时,只有声明的资源才可用于应用程序,因为只有声明的资源连接到执行环境。 资源的可访问性可以由操作系统控制,通过将执行软件使用的本地名称映射到全局资源,使资源可见或不可见,从而可能限制所允许的访问类型。 由于执行软件依赖于操作系统对资源的访问所执行的映射功能,操作系统仅映射软件声明的名称,因此操作系统可以隔离软件,防止应用程序访问未申报的全局资源。
-
公开(公告)号:WO2007070535A2
公开(公告)日:2007-06-21
申请号:PCT/US2006/047438
申请日:2006-12-12
Applicant: MICROSOFT CORPORATION
Inventor: SMITH, Frederick, J. , HAVENS, Jeff, L. , TALLURI, Madhusudhan , KHALIDI, Yousef, A.
CPC classification number: G06F9/4401 , Y10S707/99939
Abstract: An intra-operating system isolation mechanism called a silo provides for the grouping and isolation of processes running on a single computer using a single instance of the operating system. The operating system enables the controlled sharing of resources by providing a view of a system name space to processes executing within an isolated application called a server silo. A server silo is created by performing a separate "mini-boot" of user-level services within the server silo. The single OS image serving the computer employs the mechanism of name space containment to constrain which server silos can use which resource(s). Restricting access to resources is therefore directly based on the process or application placed in the server silo rather than who is running the application because if a process or application is unable to resolve a name used to access a resource, it will be unable to use the resource.
Abstract translation:
称为筒仓的操作系统内隔离机制提供了使用单个操作系统实例在单台计算机上运行的进程的分组和隔离。 操作系统通过提供系统名称空间的视图来实现受控共享资源,以便在称为服务器孤岛的独立应用程序内执行的进程。 服务器筒仓是通过执行单独的“迷你启动” 服务器孤岛内的用户级服务。 为计算机提供服务的单一操作系统镜像采用名称空间控制机制来约束哪些服务器孤岛可以使用哪些资源。 因此,限制对资源的访问直接基于放置在服务器孤岛中的进程或应用程序,而不是由谁来运行应用程序,因为如果进程或应用程序无法解析用于访问资源的名称,则无法使用 资源。
-
公开(公告)号:WO2013191927A1
公开(公告)日:2013-12-27
申请号:PCT/US2013/044869
申请日:2013-06-10
Applicant: MICROSOFT CORPORATION
Inventor: KIM, Changhoon , GREENBERG, Albert, G. , DABAGH, Alireza , KHALIDI, Yousef, A. , BANSAL, Deepak , KANDULA, Srikanth
IPC: H04L12/803
CPC classification number: H04L47/11 , G06F9/45558 , G06F2009/45595 , H04L47/12 , H04L47/263 , H04L47/762 , H04L47/822 , H04L49/70 , H04L69/16 , Y02D50/10
Abstract: The ensuring of predictable and quantifiable networking performance. Embodiments of the invention combine a congestion free network core with a hypervisor based (i.e., edge-based) throttling design to help insure quantitative and invariable subscription bandwidth rates. A lightweight shim layer in a hypervisor can adaptively throttle the rate of VM-to-VM traffic flow.A receiving hypervisor can detect congestion and communicate back to sending hypervisors that rates are to be regulated. In response, sending hypervisors can reduce transmission rate to mitigate congestion at the receiving hypervisor. In some embodiments, the principles are extended to any message processors communicating over a congestion free network.
Abstract translation: 确保可预测和可量化的网络性能。 本发明的实施例将无拥塞网络核心与基于虚拟机管理程序(即基于边缘的)节流设计相结合,以帮助确保定量和不变的订阅带宽速率。 虚拟机管理程序中的轻量级垫片层可以自适应地调节VM到VM流量的速率。接收虚拟机管理程序可以检测到拥塞并向发送管理程序通信,速率将被调节。 作为响应,发送管理程序可以降低传输速率以减轻接收管理程序的拥塞。 在一些实施例中,原理被扩展到通过无拥塞网络通信的任何消息处理器。
-
公开(公告)号:WO2008054989A1
公开(公告)日:2008-05-08
申请号:PCT/US2007/081546
申请日:2007-10-16
Applicant: MICROSOFT CORPORATION
CPC classification number: G06F9/44505 , G06F9/45537
Abstract: An element such as a Registry key or value is virtually deleted by creating a deletion marker for the element. Two or more separate sets of physical Registry keys/ values are presented as one merged (virtual) Registry to a process running in a silo. The operating system provides the merged view of the Registry by monitoring Registry key or value system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of Registry key or value system access requests, including but not limited to: enumeration, open, create, rename or delete.
Abstract translation: 通过创建元素的删除标记,实际上删除了诸如注册表项或值的元素。 两个或多个单独的物理注册表项/值集合作为一个合并(虚拟)注册表呈现给在一个仓中运行的进程。 操作系统通过监视计算机或计算机系统上的进程的注册表项或值系统请求来提供注册表的合并视图,并过滤掉与删除标记相关的元素。 响应于检测某些类型的注册表项或值系统访问请求而调用特殊处理,包括但不限于枚举,打开,创建,重命名或删除。
-
公开(公告)号:EP2078246A1
公开(公告)日:2009-07-15
申请号:EP07844328.0
申请日:2007-10-16
Applicant: Microsoft Corporation
CPC classification number: G06F9/44505 , G06F9/45537
Abstract: An element such as a Registry key or value is virtually deleted by creating a deletion marker for the element. Two or more separate sets of physical Registry keys/ values are presented as one merged (virtual) Registry to a process running in a silo. The operating system provides the merged view of the Registry by monitoring Registry key or value system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of Registry key or value system access requests, including but not limited to: enumeration, open, create, rename or delete.
-
-
-
-
Search Results
5
records
(took 0.024 seconds)
