Brian N Bershad

US Patent:

6865735, Mar 8, 2005

Filed:

Oct 7, 1998

Appl. No.:

09/168178

Inventors:

Emin Gun Sirer - Seattle WA, US
Brian N. Bershad - Seattle WA, US

Assignee:

University of Washington - Seattle WA

International Classification:

G06F009/45

US Classification:

717158, 717128, 709108, 714 38

Abstract:

A program or program snippet is rewritten to conform to site-specific properties prior to being executed by a target host. The program or program snippet directed to a target host from a known or unknown source is either intercepted by a server before reaching the target host or can be redirected from the target host to the server to effect its rewriting. The program is parsed in its external representation, converting it to an internal representation that is inspected and analyzed with reference to a site-specific properties database. A summary of the program's properties is then compared to the site-specific properties database by a binary rewriting engine, which produces a rewritten program in an internal representation. If appropriate, the program or program snippet is rewritten to convert it to a format suitable for execution on the target host. Furthermore, certifications may be added to the rewritten program to mark that the rewritten program obeys site-specific constraints.

US Patent:

7673174, Mar 2, 2010

Filed:

Apr 6, 2006

Appl. No.:

11/398799

Inventors:

Michael Swift - Madison WI, US
Brian Bershad - Seattle WA, US
Hank Levy - Seattle WA, US

Assignee:

University of Washington - Seattle WA

International Classification:

G06F 11/00

US Classification:

714 15, 714 2, 719321

Abstract:

A solution to the problem of maintaining application integrity when device drivers fail. This solution employs a new mechanism, the shadow driver, which is an operating system (OS) kernel agent that monitors communication between the OS kernel and the device driver it “shadows. ” When a device driver error occurs, the shadow driver acts in place of the failed device driver, intercepting and responding to calls from the OS kernel and the device driver during cleanup, unloading, reloading, and re-initialization of the failed device driver. Applications and the OS kernel are thus isolated from the failure. An initial embodiment was developed for use with the Linux™ OS and was tested with a dozen device drivers. Results demonstrate that shadow drivers successfully mask device driver failures from applications, impose minimal performance overhead, require no changes to existing applications and device drivers, and can be implemented with relatively little code.

US Patent:

8601263, Dec 3, 2013

Filed:

May 18, 2011

Appl. No.:

13/110361

Inventors:

Umesh Shankar - New York NY, US
Andrei Kulik - Zurich, CH
Bodo Moller - Adliswil, DE
Sarvar Patel - Montville NJ, US
Brian N. Bershad - Seattle WA, US
David Erb - Seattle WA, US

Assignee:

Google Inc. - Mountain View CA

International Classification:

H04L 29/06

US Classification:

713166, 726 27, 726 28, 726 29

Abstract:

An encrypted resource is stored in association with an access control list. A request to retrieve the resource is received. The wrapped key and the authentication credentials are sent, from the application server system, to a key server system. An unencrypted version of the resource encryption key is received from the key server system if the key server system determines that the authentication credentials correspond to a user in the group of users identified by the group identifier. The stored encrypted resource is decrypted using the received unencrypted version of the resource encryption key to generate an unencrypted version of the resource. The unencrypted version of the resource is sent, from the application server system, to the client application.

US Patent:

20060067296, Mar 30, 2006

Filed:

Aug 1, 2005

Appl. No.:

11/195089

Inventors:

Brian Bershad - Seattle WA, US
Gaurav Bhaya - Sunnyvale CA, US

Assignee:

University of Washington - Seattle WA

International Classification:

H04L 12/28

US Classification:

370351000

Abstract:

A predictive tuning system enables a user to easily and efficiently find desired digital content among a plurality of content streams. Using a data collector, analyzer, and distributed tuning service, users may specify one or more particular items of interest, and the system, through the use of predictive algorithms, determines a subset of the plurality of content streams that should be monitored in order to optimize along one or more dimensions, such as the length of time that the user must wait in order to receive their desired digital content. Various strategies can be employed to find the desired content in the data streams, and a combination of strategies can provide the most efficient approach to achieving the desired content. Once found, a desired content can be accessed contemporaneously, stored for later access, or can be input to another application.

US Patent:

20070260702, Nov 8, 2007

Filed:

Sep 15, 2006

Appl. No.:

11/532419

Inventors:

David Richardson - Seattle WA, US
Brian Bershad - Seattle WA, US
Steven Gribble - Seattle WA, US
Henry Levy - Seattle WA, US

Assignee:

University of Washington - Seattle WA

International Classification:

G06F 15/16

US Classification:

709217

Abstract:

Applications and services are accessed over the Web without requiring any modification to the currently available code for such applications. Virtual machines (VMs) can each be associated with one or more pre-configured and pre-installed software applications and hosted by Web sites. A VM is accessed and run when a user of a client computing device selects a Web object for the VM in a browser program. A plug-in in the browser reads a configuration file for the selected VM from a server and requests a server-side controller daemon to launch the VM on the server. The plug-in then opens a remote desktop connection to the VM, which is displayed as an embedded window in the Web page on the browser program. The user can then interact with and use the VM and its provided application software and services from within the browser program.

US Patent:

20110289126, Nov 24, 2011

Filed:

Nov 30, 2010

Appl. No.:

12/956574

Inventors:

Erkki Ville Juhani Aikas - Seattle WA, US
Amit Agarwal - Fremont CA, US
Brian N. Bershad - Seattle WA, US

Assignee:

Google Inc. - Mountain View CA

International Classification:

G06F 17/30

US Classification:

707827, 707E1701

Abstract:

A request to store a data object is received at a hosted storage service. The request includes the data object and an associated object reference. The object reference configured to enable retrieval of the data object from the hosted storage service. The data object is stored at the hosted storage service in association with the object reference. The data object is sent from the hosted storage service to a content delivery network node such that the data object is cached in and retrievable from the content delivery network node using the object reference.

US Patent:

60145137, Jan 11, 2000

Filed:

Dec 23, 1997

Appl. No.:

8/996839

Inventors:

Geoffrey Michael Voelker - Seattle WA
Theodore H. Romer - Seattle WA
Alastair Wolman - Seattle WA
Dennis Chua Lee - Seattle WA
Brian N. Bershad - Seattle WA
John Bradley Chen - Winchester MA
Henry M. Levy - Seattle WA
Wayne Anthony Wong - Hillsboro OR

Assignee:

University of Washington - Seattle WA

International Classification:

G06F 9445

US Classification:

395703

Abstract:

A computer software tool used for automatically identifying code portions and data portions of a binary executable software program in which the code portions include machine instructions that are of arbitrary length. Software products are typically distributed as binary, executable files, which comprise a string of binary values. In general, an executable file has no structure or meaning, except as determined by its behavior when dynamically executed, one instruction at a time, by a digital computer. The software tool determines a set of addresses for any known code and data portions. The tool is then used to disassemble machine instructions, beginning at a starting address for each known code portion, to identify the target addresses of other code portions and other data portions. Other sections of the binary executable software program that could be either code or data are then analyzed to identify additionAL code and data portions. As new portions are identified, the steps are repeated, until no further code or data portions are identifiable.

US Patent:

63178680, Nov 13, 2001

Filed:

Oct 7, 1998

Appl. No.:

9/168125

Inventors:

Robert Grimm - Seattle WA
Brian N. Bershad - Seattle WA

Assignee:

University of Washington - Seattle WA

International Classification:

G06F 944

US Classification:

717 2

Abstract:

An original software component is modified in accordance with a site's security policy provisions prior to being executed by a component system or computer at the site. The original software component is intercepted by an introspection service running on a server or on the component system prior to execution on the component system. The introspection service analyzes the software component by parsing it, and based on the information it determines, a security policy service instructs an interposition service how to modify the software component so that it conforms to the security policy service requirements. The interposition service thus produces a modified software component by inserting code for security initialization and for imposing security operations on the original component operations. When the modified software component is executed, an enforcement service follows the security operations that were injected into the software component, which instruct the enforcement service on associating component system objects with security identifiers. For example, a security identifier is associated with the software component.