!111 11111 111111 111111111111
`1i11
`11111111111111111111111111111)11#1
`USO0RE43528E
`
`18
`21
`
`41
`
`US RE43,528 E
`US RE43,528 E
`(10) Patent Number:
`(10) Patent Number:
`*Jul. 17, 2012
`(45) Date of Reissued Patent:
`*Jul. 17, 2012
`(45) Date of Reissued Patent:
`
`(19) United States
`(19) United States
`(12) Reissued Patent
`(12) Reissued Patent
`Rozman et al.
`Rozman et a].
`
`(54) SYSTEM AND METHOD FOR PROTECTING
`(54)
`SYSTEM AND METHOD FOR PROTECTING
`A COMPUTER SYSTEM FROM MALICIOUS
`A COMPUTER SYSTEM FROM MALICIOUS
`SOFTWARE
`SOFTWARE
`
`(76)
`Inventors: Allen F. Rozman, Garland, TX (US);
`(76) Inventors: Allen F. Rozman, Garland, TX (US);
`Alfonso J. Ciof?, Murphy, TX (US)
`Alfonso J. Cioffi, Murphy, TX (US)
`
`( * )
`Notice:
`( * ) Notice:
`
`This patent is subject to a terminal dis-
`This patent is subject to a terminal dis
`claimer.
`claimer.
`
`(21) Appl.No.: 12/720,147
`(21) Appl. No.: 12/720,147
`
`(22) Filed:
`(22) Filed:
`
`Mar. 9, 2010
`Mar. 9, 2010
`
`Related U.S. Patent Documents
`Related US. Patent Documents
`
`Reissue of:
`Reissue of:
`(64) Patent No.:
`(64) Patent No.:
`Issued:
`Issued:
`Appl. No.:
`Appl. No.:
`Filed:
`Filed:
`
`7,484,247
`7,484,247
`Jan. 27, 2009
`Jan. 27, 2009
`10/913,609
`10/913,609
`Aug. 7, 2004
`Aug. 7, 2004
`
`(51) Int. Cl.
`(51) Int. Cl.
`(2006.01)
`H04L 29/06
`(2006.01)
`H04L 29/06
`(2006.01)
`G06F 11/00
`(2006.01)
`G06F 11/00
`(2006.01)
`G06F 12/14
`(2006.01)
`G06F 12/14
`(2006.01)
`G06F 12/16
`(2006.01)
`G06F 12/16
`(2006.01)
`G08B 23/00
`(2006.01)
`G08B 23/00
` 713/152; 713/151; 726/22; 726/23;
`(52) U.S. Cl.
`(52) US. Cl. .......... .. 713/152; 713/151; 726/22; 726/23;
`726/24
`726/24
`(58) Field of Classification Search
` 726/22-24;
`(58) Field of Classi?cation Search ............ .. 726/22i24;
`713/152, 151; 709/225
`713/152, 151; 709/225
`See application ?le for complete search history.
`See application file for complete search history.
`
`(56)
`(56)
`
`References Cited
`References Cited
`
`U.S. PATENT DOCUMENTS
`U.S. PATENT DOCUMENTS
`4,890,098 A
`12/1989 Dawes et al.
`4,890,098 A 12/1989 Dawes et al.
`5,280,579 A
`1/1994 Nye
`5,280,579 A
`l/l994 Nye
`5,502,808 A
`3/1996 Goddard et al.
`5,502,808 A
`3/1996 Goddard et al.
`5,555,364 A
`9/1996 Goldstein
`5,555,364 A
`9/1996 Goldstein
`5,564,051 A * 10/1996 Halliwell et al.
` 1/1
`5,564,051 A * 10/1996 Halliwellet a1. ................... .. l/l
`5,666,030 A
`9/1997 Parson
`5,666,030 A
`9/1997 Parson
`
`9/1997 Brown et al.
` 715/744
`5,673,403 A *
`9/1997 Brown et al. ............... .. 715/744
`5,673,403 A *
`5/1998
`McCrory
`
`715/803
`5,751,979 A *
`5/1998 McCrory .................... .. 715/803
`5,751,979 A *
`10/1998
`5,826,013 A
`Nachenberg
`5,826,013 A l0/l998 Nachenberg
`5,918,039 A
`6/1999 Buswell et al.
`5,918,039 A
`6/1999 Buswellet a1.
`5,974,549 A * 10/1999 Golan
` 726/23
`5,974,549 A * l0/l999 Golan ........................... .. 726/23
`5,978,917 A
`11/1999 Chi
`5,978,917 A 11/1999 Chi
`5,995,103 A
`11/1999
`Ashe
`5,995,103 A ll/l999 Ashe
`6,091,412 A
`7/2000
`Simonoff et al.
`6,091,412 A
`7/2000 Simonoffet a1.
`6,108,715 A
`8/2000 Leach et al.
`6,108,715 A
`8/2000 Leach et al.
`6,134,661 A
`10/2000 Topp
`6,134,661 A l0/2000 Topp
`6,167,522 A
`12/2000 Lee et al.
`6,167,522 A 12/2000 Lee et al.
`6,183,366 B1
`2/2001 Goldberg et al.
`6,183,366 B1
`2/200l Goldberg et a1.
`(Continued)
`(Continued)
`
`OTHER PUBLICATIONS
`OTHER PUBLICATIONS
`
`Architecture of Virtual Machines by R. P. Goldberg, Honeywell
`Architecture of Virtual Machines by R. P. Goldberg, Honeywell
`Information Systems, Inc. and Harvard University presented at the
`Information Systems, Inc. and Harvard University presented at the
`AFIPS National Computer Conference, New York, New York, Jun.
`AFIPS National Computer Conference, New York, New York, Jun.
`4-8, 1973.
`4-8, 1973.
`
`(Continued)
`(Continued)
`
`Primary Examiner — Christian LaForgia
`Primary Examiner * Christian LaForgia
`(74) Attorney, Agent, or Firm — Slater & Matsil, L.L.P.
`(74) Attorney, Agent, or Firm * Slater & Matsil, L.L.P.
`
`ABSTRACT
`(57)
`ABSTRACT
`(57)
`In a computer system, a first electronic data processor is
`In a computer system, a ?rst electronic data processor is
`communicatively coupled to a first memory space and a sec-
`communicatively coupled to a ?rst memory space and a sec
`ond memory space. A second electronic data processor is
`ond memory space. A second electronic data processor is
`communicatively coupled the second memory space and to a
`communicatively coupled the second memory space and to a
`network interface device. The second electronic data proces-
`network interface device. The second electronic data proces
`sor is capable of exchanging data across a network of one or
`sor is capable of exchanging data across a network of one or
`more computers via the network interface device. A video
`more computers via the network interface device. A video
`processor is adapted to combine video data from the first and
`processor is adapted to combine video data from the ?rst and
`second electronic data processors and transmit the combined
`second electronic data processors and transmit the combined
`video data to a display terminal for displaying the combined
`video data to a display terminal for displaying the combined
`video data in a windowed format. The computer system is
`video data in a Windowed format. The computer system is
`configured such that a malware program downloaded from
`con?gured such that a malware program downloaded from
`the network and executing on the second electronic data pro-
`the network and executing on the second electronic data pro
`cessor is incapable of initiating access to the first memory
`cessor is incapable of initiating access to the ?rst memory
`space.
`space.
`
`73 Claims, 11 Drawing Sheets
`73 Claims, 11 Drawing Sheets
`
`310
`
`umz.=
`
`300
`300
`
`Dela downloaded from nen.,
`PrOcessor On) ndzi
`ten to 2. memo
`
`,t
`
`n
`P2 performs maNia
`downloaded cledin file in AM sinner In reel
`time as deb Is transfer., or MI. data
`fle resides in nA2
`
`320
`
`33
`
`34
`
`Google - Exhibit 1001, page 1
`
`Google - Exhibit 1001, page 1
`
`

`
`US RE43,528 E
`US RE43,528 E
`Page 2
`Page 2
`
`US. PATENT DOCUMENTS
`U.S. PATENT DOCUMENTS
`6.192.477 B1 *
`2/2001 Corthell ........................ .. 726/11
` 726/11
`6,192,477
`2/2001 Corthell
`6,199,181
`3/2001 Rechef et al.
` 714/38
`6199181 B1* 3/2001 Rechefetal. ................. .. 714/38
`’
`’
`6,216,112
`4/2001 Fuller et al.
`6,216,112 B1
`4/2001 Fuller et al.
`6,275,938
`8/2001 Bond et al.
`6,275,938 B1
`8/2001 Bond et al.
`6 285 987 B1
`90001 R th
`1
`6,285,987
`9/2001 Roth et al.
`1
`1
`O et ‘1 ~
`6,321,337
`11/2001
`Reshef et al.
`6,321,337 B1
`11/2001 Reshef et al.
`6,351,816
`2/2002
`Mueller et al.
`6,351,816 B1
`2/2002 Mueller et al.
`6,385,721
`5/2002 Puckette
` 713/2
`6 385 721 B1 *
`5/2002 Puckette
`713/2
`’
`’
`.
`""""""""""""" "
`6,397,242
`5/2002
`Devine et al.
`6,397,242 B1
`5/2002 Dev1ne et al.
`.
`6,401,134
`6/2002
`Razavi et al.
`6,401,134 B1
`6/2002 RaZav1etal.
`6433 794 B1
`80002 B d1
`1
`6,433,794
`8/2002 Beadle et al.
`614381600 B1
`80002 G63 if}; 1
`6,438,600
`8/2002 Greenfield et al.
`614801198 B2 110002 Kreen e 6‘ a~
`6,480,198
`11/2002 Kang
`1
`1
`‘mfg
`6,492,995
`12/2002 Atkin et al.
`6,492,995 B1
`12/2002 Atk1n et a1.
`6,505,300
`1/2003 Chan et al.
`615051300 B2
`1/ 2003 Chan et a1~
`6,507,904
`1/2003 Ellison et al.
`6,507,904 B1
`1/2003 Ellison et al.
`6,507,948
`1/2003 Curtis et al.
`6,507,948 B1
`1/2003 Curtls et al.
`6,546,554
`4/2003 Schmidt et al.
`6,546,554 B1
`4/2003 Schm1dt et a1.
`6,553,377
`4/2003 Eschelbeck et al.
`6,553,377 B1
`4/2003 Eschelbeck et a1~
`713/1
`
`6,578,140
`6/2003
`Policard
`6’578’l40 Bl *
`6/2003 Pohcard """""""""""""" " 713“
`6,581,162
`6/2003
`Angelo et al.
`6,581,162 B1
`6/2003 Angelo et a1.
`6,633,963 B1
`10/2003 Ellison et a1‘
`6,633,963
`10/2003 Ellison et al.
`6,658,573 B1
`12/2003 Bischof
`6,658,573
`12/2003 Bischof
`6,663,000
`12/2003 Muttik et al.
`616631000 B1
`12/2003 Mumk et 311
`6,678,712
`1/2004 McLaren et al.
` 718/100
`6,678,712 B1* 1/2004 McLaren et a1. ............ .. 718/100
`6,678,825 B1
`V2004 Ellison et a1‘
`6,678,825
`1/2004 Ellison et al.
`6,691,230 B1
`2/2004 Bardon
`6,691,230
`2/2004 Bardon
`6,735,700 B1
`5/ 2004 Flint et a1.
`6,735,700
`5/2004 Flint et al.
` 713/1
`6,754,815
`6/2004 Ellison et al.
`6,754,815 B1 *
`6/2004 Ellison et a1~ ~~~~~~~~~~~~~~~~~~~ ~~ 713/1
`6,756,236
`6/2004 Ford et al.
`617561236 B2
`6/2004 Ford et 31'
`6,757,685
`6/2004
`Raffaele et al.
`6’757’685 B2
`6/2004 Raffaele et a1‘
`6,772,345
`8/2004
`Shetty
`6,772,345 B1
`8/2004 Shetty
`6,804,780 B1
`100004 Touboul
`6,804,780
`10/2004 Touboul
`6,836,885 B1
`12/2004 Buswell et a1‘
`6,836,885
`12/2004 Buswell et al.
`6,871,348
`3/2005 Cooper
` 719/310
`6,871,348 B1 *
`3/2005 Cooper ....................... .. 719/310
`6,873,988
`3/2005 Herrmann et al.
`6,873,988 B2
`3/ 2005 Herrmann et a1.
`6,880,110
`4/2005 Largman et al.
`618801110 B2
`4/2005 Largman et 311
`6,990,630
`1/2006 Landsman et al.
`6,996,828
`2/2006
`Kimura et al.
`
`719/319
`6,996,828 B1* 2/2006 Kimura et al. .............. .. 719/319
`7,013,484 B l *
`3/2006 Ellison et a1‘ “
`72606
`726/26
`7,013,484
`3/2006
`Ellison et al.
`
`7 024 555 B2 *
`4/2006 Kozuch et a1‘
`72602
` 726/22
`7,024,555
`4/2006 Kozuch et al.
`7,024,581 B1 *
`4/2006 Wang et a1, ,
`714/2
`7,024,581
`4/2006 Wang et al.
` 714/2
`7,039,801
`5/2006 Narin
` 713/152
`7,039,801 B2 *
`5/2006 Narin .......................... .. 713/152
`6/2006 Owhadi et al.
`7,062,672
`7,062,672 B2
`6/2006 Owhadi et al.
` 726/26
`7,082,615
`7/2006 Ellison et al.
`710821615 131*
`7/2006 151118011 et al' 11111111111111111 11 726/26
`7,085,928
`8/2006
`Schmid et al.
`7’085’928 Bl
`8/2006 Schmld et a1‘
`7,096,381
`8/2006
`Largman et al.
`7,096,381 B2
`8/2006 Largman et al.
`7,139,890 B2 110006 Moran et a1‘
`7,139,890
`11/2006 Moran et al.
` 703/22
`7,146,305 B2 * 12/2006 Van der Made ““““““““ “ 703/22
`7,146,305
`12/2006 van der Made
` 726/16
`7,146,640
`12/2006 Goodman et al.
`7,146,640 B2 * 12/2006 Goodman et a1, ,,,,,,,,,,,, ,, 726/16
`7,181,768
`2/2007 Ghosh et al.
`7,181,768 B1
`2/ 2007 Ghosh et a1.
`7,191,469
`3/2007 Erlingsson
`7,191,469 B2
`3/2007 E?mgsson
`7,246,374
`7/2007 Simon et al.
`12121;):
`31'
`*
`
`7,260,839
`8/2007
`Karasaki
`7’284’274 Bl
`100007 Walls et """"""""""" "
`7,284,274
`10/2007
`Walls et al.
`733673057 B2 >1
`4/2008 Das et a1‘ “““““““““““ “ 726/24
`7,367,057
`4/2008 Das et al.
` 726/24
`7,373,505 B2
`5/2008 Seltzer et a1‘
`7,373,505
`5/2008 Seltzer et al.
`7,401,230 B2
`7/ 2008 Campbell et al.
`7,401,230
`7/2008 Campbell et al.
`7,421,689
`9/2008 Ross et al.
`7,421,689 B2
`9/2008 Ross etal.
`7,444,412
`10/2008 Owhadi
`714441412 B2 10/2008 OWhadl
` 726/34
`7,484,247
`1/2009 Rozman et al.
`7,484,247 B2 *
`1/2009 RoZman et a1. ............... .. 726/34
`7,565,522
`7/2009
`Sastry et al.
`7,565,522 B2
`7/2009 Sastry et al.
`7,577,871 B2
`8/2009 Largman et a1‘
`7,577,871
`8/2009
`Largman et al.
`7,596,694 B1
`9/2009 Karp et a1‘
`7,596,694
`9/2009 Karp et al.
` 713/152
`7,650,493
`1/2010 Narin
`7 ,650,493 B2 *
`1/ 2010 Narin ,,,,,,,,,,,,,,,,,,,,,,,,,, ,, 713/152
` 703/22
`7,657,419
`2/2010 van der Made
`7,657,419 B2 *
`2/ 2010 van der Made ............... .. 703/22
`7,676,842
`3/2010 Carmona et al.
`7,676,842 B2
`3/2010 carmona et 31~
`7,694,328
`4/2010 Joshi et al.
`7,694,328 B2
`4/2010 105111 et 311
`7,730,318
`6/2010 Kurien et al.
`/
`717301318 B2 *
`6;20l0 Kuflen et
` 726/26
`7,818,808
`10/2010 Neiger et al.
`1818308 B1
`10 2010 Nelger et a ' """"""""" " 726 26
`7,849,310
`12/2010
`Watt et al.
`713/164
`
`7,849,310 B2* 12/2010 Watt et al.
`. 713/164
`*
`7,854,008
`12/2010
`Huang et al.
`
`726/24
`7,854,008 B1
`12/2010 Huang et al.
`726/24
`2002/0002673
`1/2002 Narin
` 713/152
`2002/0002673 A1 *
`1/2002 Narin .......................... .. 713/152
`2002/0052809 A1
`15/2002 Toedtli
`2002/0052809
`5/2002 Toedtli
`2002/0066016 A1
`5 /2002 Riordan
`2002/0066016
`5/2002 Riordan
`2002/0174349 A1 11/2002 Wolff et 31,
`2002/0174349
`11/2002 Wolff et al.
`2003/0023857
`1/2003 Hinchliffe et al.
`2003/ 0023857 A1
`1/ 2003 Hinchliffe et al.
`2003/0097591
`5/2003 Pham et al.
`2003/0097591 A1
`5/2003 Pham et a1.
`
`726“ 1
`726/11
`
`7/2003 Erlingsson
`2003/0131152 A1
`7/2003 Erlingsson
`2003/0131152 Al
`9/2003 Samman
`2003/0177397 Al
`713/189
`if“- nm‘inl
`21*
` 713/189
`2003/0221114 Al * 11/2003 Hino et al.
`“10G 3' """"""""" "
`2004/0006706 Al *
`1/2004 Erlingsson
` 713/200
`2004/0006706 A1* 1/2004 Erl1ngsson .................. .. 713/200
`2004/0006715 A1
`1/2004 Skrepetos
`2004/0006715 Al
`1/2004 Skrepetos
`2004/0034794 Al
`2/2004 Mayer et al.
`2004/0034794 A1
`2/2004 Mayer et al.
`2004/0039944 Al *
`2/2004 Karasaki
` 713/201
`2004/0039944 A1 *
`2/2004 Karasaki ..................... .. 713/201
`2004/0054588 Al
`3/2004 Jacobs et al.
`2004/0054588 A1
`3/2004 Jacobs et al.
`2004/0l99763 Al 100004 F
`d
`2004/0199763 Al
`10/2004 Freund
`mun
`2004/0230794 Al * 11/2004 England et al.
` 713/164
`2004/0230794 A1* 11/2004 England et al. ............. .. 713/164
`*
`-
`2004/0267929 Al * 12/2004 Xie
` 709/225
`2004/0267929 A1 12/2004 X1e ............ ..
`709/225
`*
`2005/0005153 Al *
`1/2005 Das et al.
` 713/200
`2005/0005153 A1
`1/2005 Das et al.
`713/200
`4/2005 Kurien et al.
` 719/310
`2005/0091661 Al *
`2005/0091661 A1 *
`4/2005 Kurien et al. ............... .. 719/310
`2005/0149726 Al *
`7/2005 Joshi et al.
` 713/164
`2005/0149726 A1 *
`7/2005 Joshi et al. .................. .. 713/164
`2005/0198692 Al *
`9/2005 Zurko et al.
` 726/24
`2005/0198692 A1 *
`9/2005 Zurko et a1. .................. .. 726/24
`2005/0240810 Al
`10/2005 Safford et al.
`2005/0240810 A1 10/2005 Safford et a1.
`2006/0004667 A1
`1/2006 Neil
`2006/0004667 Al
`1/2006 Neil
`
`OTHER PUBLICATIONS
`OTHER PUBLICATIONS
`
`The Duality of Memory and Communication in the Implementation
`The Duality of Memory and Communication in the Implementation
`of a Multiprocessor Operating System by Michael Young Avadis
`of a Multiprocessor Operating System by Michael Young, Avadis
`_
`_
`_
`’
`_
`Tevanian, Richard Rasheed, David Golub,
`Jeffery Eppinger,
`Tevan1an, R1chard Rasheed, Dav1d Golub, Jeffery Epp1nger,
`Jonathan Crew, William Bolosky, David Black and Robert Baron,
`Jonathan Crew, William Bolosky, David Black and Robert Baron,
`Computer Science Department Carnegie-Mellon University
`Computer Science Department Carnegie-Mellon University
`.
`.
`.
`.
`.
`Appeared in Proceedings of the 11th Operating Systems Principles,
`Appeared 1n Proceedings ofthe 11th Operat1ng Systems Pr1nc1ples,
`Nov. 1987.
`Nov. 1987.
`Application-Controlled Physical Memory using External Page
`Application-Controlled Physical Memory using External Page-
`Cache Management by Keiran Harty and David R. Cheriton, Com-
`Cache Management by Keiran Harty and David R. Cheriton, Com
`puter Science Department, Stanford University, 1992.
`puter Science Department, Stanford University, 1992.
`Ef?cient Software-Based Fault Isolation by Robert Wahbe, Steven
`Efficient Software-Based Fault Isolation by Robert Wahbe, Steven
`h
`d
`ah
`.
`.
`.
`Lucco, Thomas Anderson, Susan Graham, Computer Science Divi-
`Lucco,
`omas An er-son, Susan Gr am, Computer Sc1ence D1v1
`sion University of California, Berkeley, SIGOPS 1993.
`s1on Un1vers1ty of Cal1forn1a, Berkeley, SIGOPS 1993.
`Tron: Process-Specific File Protection for the UNIX Operating Sys-
`Tron: Process-Speci?c File Protection for the UNIX Operating Sys
`tem by Andrew Berman, Virgil Bourassa, Erik Selberg, Department
`tem by Andrew Berman, Virgil Bourassa, Erik Selberg, Department
`of Computer Science and Engineering, University of Washington,
`of Computer Science and Engineering, University of Washington,
`Jan. 23, 1995.
`'
`’
`'.
`.
`.
`.
`A Secure Environment for Untrusted Helper Applications (Confining
`A Secure Env1ronment for Untrusted HelperAppl1cat1ons (Con?n1ng
`the Wily Hacker) by Ian Goldberg, David Wagner, Randi Thomas,
`the Wily Hacker) by Ian Goldberg, David Wagner, Randi Thomas,
`and Eric Brewer, Computer Science Division, University of Califor-
`and Eric Brewer, Computer Science Division, University of Califor
`nia, Berkeley, Sixth USENIX UNIX Security Symposium San Jose,
`nia, Berkeley, Sixth USENIX UNIX Security Symposium San Jose,
`California, Jul, 1996,
`California, Jul. 1996.
`Building Systems that Flexibly Control Downloaded Executable
`Building Systems that Flexibly Control Downloaded Executable
`Context by Trent Jaeger and Atul Prakash, Software Systems
`Context by Trent Jaeger and Atul Prakash, Software Systems
`.
`.
`.
`.
`.
`.
`.
`Research Lab, University of Michigan and Avid D. Rubin, Security
`Research Lab, Un1vers1ty of M1ch1gan and Av1el D. Rub1n, Secur1ty
`Research Group, Bellcore Sixth USENIX UNIX Security Sympo-
`Research Group, Bellcore Sixth USENIX UNIX Security Sympo
`sium San Jose, California, Jul. 1996.
`sium San Jose, California, Jul. 1996.
`Java Security: From HotJava to Netscape and Beyond by Drew Dean,
`Java Security: From HotJava to Netscape and Beyond by Drew Dean,
`Edward W. Felten, Dan S. Wallach Department of Computer Science,
`Edward W. Felten, Dan S. Wallach Department of Computer Science,
`Princeton University, Princeton, NJ 08544 1996 IEEE Symposium
`Princeton University, Princeton, NJ 08544 1996 IEEE Symposium
`on Security and Privacy, Oakland, CA, May 6-8, 1996.
`on Security and Privacy, Oakland, CA, May 6-8, 1996.
`ChakraVyuha (CV) : A Sandbox Operating SystemEnvironment for
`ChakraVyuha (CV) : A Sandbox Operating SystemEnvironment for
`Controlled Execution of Alien Code by Asit Dan, Ajay Mohindra,
`Controlled Execution of Alien Code by Asit Dan, Ajay Mohindra,
`Rajiv Ramaswami, and Dinkar Sitaram IBM Research Division T.J.
`Rajiv Ramaswami, and Dinkar Sitaram IBM Research Division T.J.
`Watson Research Center Yorktown Heights, New York RC 20742
`Watson Research Center Yorktown Heights, New York RC 20742
`(Feb. 20, 1997) Computer Science IBM Research Report Limited
`(Feb. 20, 1997) Computer Science IBM Research Report Limited
`Distribution
`Distribution.
`V 1
`b.l. ' fs
`W bB
`b F1 . D P l. Andr D
`Vulnerability of Secure Web Browsers by Flavio De Paoli, Andre Dos
`u nera 1-1tyo ecure e
`rowsers y av1o e ao 1,
`e os
`Santos, Richard Kemmerer Reliable Software Group Computer Sci-
`Santos, R1chard Kemmerer Rel1able Software Group Computer Sc1
`ence Department, University of California, Santa Barbara, 1997.
`ence Department, University of California, Santa Barbara, 1997.
`Security of Web Browser Scripting Languages: Vulnerabilities,
`Security of Web Browser Scripting Languages: Vulnerabilities,
`Attacks, and Remedies by Vinod Anupam and Alain Mayer, Bell
`Attacks, and Remedies by Vinod Anupam and Alain Mayer, Bell
`Laboratories, Lucent Technologies 7th USENIX Security Sympo
`Laboratories, Lucent Technologies 7th USENIX Security Sympo-
`sium San Antonio, Texas, Jan. 26-29, 1998.
`sium San Antonio, Texas, Jan. 26-29, 1998.
`“Virtual Memory in Contemporary Microprocessors” by Bruce
`"Virtual Memory in Contemporary Microprocessors" by Bruce
`.
`.
`.
`.
`Jacob Un1vers1ty of Maryland and Trevor Mudge Un1vers1ty of
`Jacob University of Maryland and Trevor Mudge University of
`. h.
`.
`1
`Michigan, IEEE Micro Jul.-Aug. 1998.
`1Y1“ {gm IEEE MIC“) J“ "Aug 1998
`”
`"Flexible Control of Downloaded Executable Content" by Trent
`Flex1ble Control of Downloaded Executable Content by Trent
`Jaeger and Jochen Liedtke and Nayeem Islam, IBM Thomas J.
`Jaeger and Jochen Liedtke and Nayeem Islam, IBM Thomas J.
`Watson Research Center, and Atul Prakash University of Michigan,
`Watson Research Center, and Atul Prakash University of Michigan,
`Ann Arbor ACM Transactions on Information and System Security,
`Ann Arbor ACM Transactions on Information and System Security,
`vol. 2, No. 2, May 1999, pp. 177-228.
`vol. 2, No. 2, May 1999, pp. 177-228.
`Google - Exhibit 1001, page 2
`
`Google - Exhibit 1001, page 2
`
`

`
`US RE43,528 E
`US RE43,528 E
`Page 3
`Page 3
`
`“J2ME Building Blocks for Mobile Devices: White Paper on KVM
`"J2ME Building Blocks for Mobile Devices: White Paper on KVM
`and the Connected”, Limited Device Con?guration Sun
`and
`the Connected", Limited Device Configuration Sun
`Microsystems May 19, 2000.
`Microsystems May 19, 2000.
`“User-level Resource-constrained Sandboxing” by FangZhe Chang,
`"User-level Resource-constrained Sandboxing" by Fangzhe Chang,
`Ayal ItZkovitZ, and Vijay Karamcheti Department of Computer Sci
`Ayal Itzkovitz, and Vijay Karamcheti Department of Computer Sci-
`ence, Courant Institute of Mathematical Sciences, NewYork Univer-
`ence, Courant Institute of Mathematical Sciences, NewYork Univer
`sity USENIX Windows System Symposium, Aug. 2000.
`sity USENIX Windows System Symposium, Aug. 2000.
`“Verifying the EROS Con?nement Mechanism” by Jonathan S.
`"Verifying the EROS Confinement Mechanism" by Jonathan S
`Shapiro and San Weber IBM TJ Watson Research Center 0-7695
`Shapiro and San Weber IBM T.J. Watson Research Center 0-7695-
`0665-8/00 2000 IEEE.
`0665-8/00 2000 IEEE.
`“WindowBox: A Simple Security Model for the Connected Desktop”
`"WindowBox: A Simple Security Model for the Connected Desktop"
`by Dirk BalfanZ, Princeton University and Daniel R. Simon,
`by Dirk Balfanz, Princeton University and Daniel R. Simon,
`Microsoft Research, 2000.
`Microsoft Research, 2000.
`“Building a Secure Web Browser” by Sotiris Ioannidis, University of
`"Building a Secure Web Browser" by Sotiris Ioannidis, University of
`Pennsylvania, and Steven M. Bellovin, At&T Labs Research 2001
`Pennsylvania, and Steven M. Bellovin, At&T Labs Research 2001
`USENIX Annual Technical Conference Boston, Massachusetts,
`USENIX Annual Technical Conference Boston, Massachusetts,
`USA Jun. 25-30, 2001.
`USA Jun. 25-30, 2001.
`"Virtualizing I/O Devices on VMware Workstation's Hosted Virtual
`“VirtualiZing I/O Devices on VMware Workstation’s Hosted Virtual
`Machine Monitor” by Jeremy Sugerman, Ganesh Venkitachalam and
`Machine Monitor" by Jeremy Sugerman, Ganesh Venkitachalam and
`Beng-Hong Lim, VMware, Inc. 3145 Porter Dr, Palo Alto, CA
`Beng-Hong Lim, VMware, Inc. 3145 Porter Dr, Palo Alto, CA
`943042001 USENIX Annual Technical Conference Boston, Massa-
`943042001 USENIX Annual Technical Conference Boston, Massa
`chusetts, USA Jun. 25-30, 2001.
`chusetts, USA Jun. 25-30, 2001.
`“When Virtual Is Better Than Real” by Peter M. Chen and Brian D.
`"When Virtual Is Better Than Real" by Peter M. Chen and Brian D.
`Noble, Department of Electrical Engineering and Computer Science
`Noble, Department of Electrical Engineering and Computer Science
`University of Michigan 2001.
`University of Michigan 2001.
`“A Flexible Containment Mechanism for Executing Untrusted Code”
`"A Flexible Containment Mechanism for Executing Untrusted Code"
`by David Peterson, Matt Bishop, and Raju Pandey, Department of
`by David Peterson, Matt Bishop, and Raju Pandey, Department of
`Computer Science University of California, Davis USENIX Security
`Computer Science University of California, Davis USENIX Security
`Symposium San Francisco, California, USA Aug. 5-9, 2002.
`Symposium San Francisco, California, USA Aug. 5-9, 2002.
`“ReVirt: Enabling Intrusion Analysis through Virtual-Machine Log
`"ReVirt: Enabling Intrusion Analysis through Virtual-Machine Log-
`ging and Replay” by George W. Dunlap, Samuel T. King, Sukru
`ging and Replay" by George W. Dunlap, Samuel T. King, Sukru
`Cinar, MurtaZa A. Basrai, Peter M. Chen, Department of Electrical
`Cinar, Murtaza A. Basrai, Peter M. Chen, Department of Electrical
`Engineering and Computer Science, University of Michigan Pro
`Engineering and Computer Science, University of Michigan Pro-
`ceedings of the 2002 Symposium on Operating Systems Design and
`ceedings of the 2002 Symposium on Operating Systems Design and
`Implementation (OSDI).
`Implementation (OSDI).
`"Trusted Paths for Browsers: an Open-Source Solution to Web
`“Trusted Paths for Browsers: an Open-Source Solution to Web
`Spoo?ng” by Zishuang (Eileen) Ye and Sean Smith, Department of
`Spoofing" by Zishuang (Eileen) Ye and Sean Smith, Department of
`Computer Science Dartmouth College, Technical Report TR2002
`Computer Science Dartmouth College, Technical Report TR2002-
`418 Feb. 4, 2002.
`418 Feb. 4, 2002.
`“User Interaction Design for Secure Systems” by Ka-PingYee http://
`"User Interaction Design for Secure Systems" by Ka-Ping Yee http://
`Zesty.ca/sid/ 2002.
`zesty.ca/sid/ 2002.
`BAA-00-06-SNK Focused Research Topic 5 by Marc Stiegler and
`BAA-00-06-SNK Focused Research Topic 5 by Marc Stiegler and
`Mark Miller Report Name: “A Capability Based Client: The
`Mark Miller Report Name: "A Capability Based Client: The
`DarpaBrowser” Jun. 26, 2002.
`DarpaBrowser" Jun. 26, 2002.
`"A Virtual Machine Introspection Based Architecture for Intrusion
`“A Virtual Machine Introspection Based Architecture for Intrusion
`Detection” by Tal Gar?nkel and Mendel Rosenblum, Computer Sci
`Detection" by Tal Garfinkel and Mendel Rosenblum, Computer Sci-
`ence Department, Stanford University 2003.
`ence Department, Stanford University 2003.
`"Terra: A Virtual Machine-Based Platform for Trusted Computing"
`“Terra: A Virtual Machine-Based Platform for Trusted Computing”
`by Tal Garfinkel, Ben Pfaff, Jim Chow, Dan Boneh and Mendel
`by Tal Gar?nkel, Ben Pfaff, Jim Chow, Dan Boneh and Mendel
`Rosenblum, Computer Science Department, Stanford University
`Rosenblum, Computer Science Department, Stanford University
`SOSP'03, Oct. 19-22, 2003, Bolton Landing, New York, USA.
`SOSP’03, Oct. 19-22, 2003, Bolton Landing, NewYork, USA.
`Microsoft® Virtual PC 2004 Technical Overview by Jerry Honeycutt
`Microsoft® Virtual PC 2004 Technical Overview by Jerry Honeycutt
`Published Nov. 2003 http://download.microsoft.com/download/c/f/
`Published Nov. 2003 http://download.microsoft.com/download/c/f/
`b/cfb100a7-463d-4b86-ad62-064397178b4fNiitual PC Techni-
`b/cfbl00a7-463d-4b86-ad62-064397178b4f/VirtualiPCiTechni
`cal Overview.doc.
`caliOverview. doc .
`“Xen and the Art of VirtualiZation” by Paul Barham, Boris Dragovic,
`"Xen and the Art of Virtualization" by Paul Barham, Boris Dragovic,
`Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebaurey,
`Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebaurey,
`
`Ian Pratt, Andrew War?eld University of Cambridge Computer Labo
`Ian Pratt, Andrew Warfield University of Cambridge Computer Labo-
`ratory 15 JJ Thomson Avenue, Cambridge, UK, CB3 0FD SOSP’03,
`ratory 15 JJ Thomson Avenue, Cambridge, UK, CB3 OFD SOSP'03,
`Oct. 19-22, 2003, Bolton Landing, New York, USA.
`Oct. 19-22, 2003, Bolton Landing, New York, USA.
`“Design of the EROS Trusted Window System” by Jonathan S.
`"Design of the EROS Trusted Window System" by Jonathan S
`Shapiro, John Vanderburgh, Eric Northrup, Systems Research Labo
`Shapiro, John Vanderburgh, Eric Northrup, Systems Research Labo-
`ratory Johns Hopkins University, and, David ChiZmadia, Promia, Inc.
`ratory Johns Hopkins University, and, David Chizmadia, Promia, Inc.
`2004.
`2004.
`“Survey of System VirtualiZation” Techniques by Robert Rose Mar.
`"Survey of System Virtualization" Techniques by Robert Rose Mar.
`8, 2004.
`8, 2004.
`White Paper: “Smart Phone Security Issues” by Luc Delpha and
`White Paper: "Smart Phone Security Issues" by Luc Delpha and
`Maliha Rasheed, Cyber Risk Consulting Blackhat Brie?ngs Europe
`Maliha Rasheed, Cyber Risk Consulting Blackhat Briefings Europe
`May 2004.
`May 2004.
`“Software Security and Privacy Risks in Mobile E-Commerce” by
`"Software Security and Privacy Risks in Mobile E-Commerce" by
`Anup K. Ghosh and Tara M. Swaminatha, Communications of the
`Anup K. Ghosh and Tara M. Swaminatha, Communications of the
`ACM Feb. 2001 vol. 44, No. 2.
`ACM Feb. 2001 vol. 44, No. 2.
`T. Jaeger, A. D. Rubin, and A. Prakash. “Building systems that
`T. Jaeger, A. D. Rubin, and A. Prakash. "Building systems that
`?exibly control downloaded executable content” In Proceedings of
`flexibly control downloaded executable content." In Proceedings of
`the 1996 USENIX Security Symposium, pp. 131-148, San Jose, Ca.,
`the 1996 USENIX Security Symposium, pp. 131-148, San Jose, Ca.,
`1996.
`1996.
`David A. Wagner, “Janus: an approach for con?nement of untrusted
`David A. Wagner, "Janus: an approach for confinement of untrusted
`applications.” Master’s thesis, University of California, Berkeley,
`applications." Master's thesis, University of California, Berkeley,
`1999. Also available. Technical Report CSD-99-1056, UC Berkeley,
`1999. Also available. Technical Report CSD-99-1056, UC Berkeley,
`Computer Science Division. http://www.cs.berkeley.edu/~daw/pa
`Computer Science Division. http://www.cs.berkeley.edu/—daw/pa-
`pers/janus-mastersps.
`pers/janus-masters.ps.
`Richard West and Jason Gloudon, "User-Level Sandboxing: a Safe
`Richard West and Jason Gloudon, “User-Level Sandboxing: a Safe
`and Efficient Mechanism for Extensibility", Technical Report, 2003-
`and Ef?cient Mechanism for Extensibility”, Technical Report, 2003 -
`014, Boston University, Jun. 2003.
`014, Boston University, Jun. 2003.
`Shaya Potter, Jason Nieh, Dinesh Subhraveti, “Secure Isolation and
`Shaya Potter, Jason Nieh, Dinesh Subhraveti, "Secure Isolation and
`Migration of Untrusted Legacy Applications” Columbia University
`Migration of Untrusted Legacy Applications." Columbia University
`Technical Report CUCS-005-04, Jan. 2004.
`Technical Report CUCS-005-04, Jan. 2004.
`M. Schmid, F. Hill, A. Ghosh, “Protecting Data from Malicious
`M. Schmid, F. Hill, A. Ghosh, "Protecting Data from Malicious
`Software” Annual Computer Security Applications Conference
`Software." Annual Computer Security Applications Conference
`(ACSAC'02), Las Vegas, NV, Dec. 2002.
`(ACSAC’02), Las Vegas, NV, Dec. 2002.
`Valentin RaZmov “Security in Untrusted Code Environments: Miss
`Valentin Razmov "Security in Untrusted Code Environments: Miss-
`ing Pieces of the Puzzle” Dept. of Computer Science and Engineer
`ing Pieces of the Puzzle." Dept. of Computer Science and Engineer-
`ing, University of Washington, Mar. 30, 2002.
`ing, University of Washington, Mar. 30, 2002.
`Sotiris Ioannidis and Steven M. Bellovin. “Sub-Operating Systems:
`Sotiris Ioannidis and Steven M. Bellovin. "Sub-Operating Systems:
`A New Approach to Application Security” Technical Report
`A New Approach to Application Security." Technical Report
`MS-CIS-01-06, University of Pennsylvania, Feb. 2000.
`MS-CIS-01-06, University of Pennsylvania, Feb. 2000.
`"Spyware, Adware, and Peer to Peer Networks; The Hidden Threat to
`“Spyware, Adware, and Peer to Peer Networks; The Hidden Threat to
`Corporate Security” by Kevin Townsend, Pest Patrol, 2003.
`Corporate Security" by Kevin Townsend, Pest Patrol, 2003.
`Beyond Viruses: Why Anti-Virus Software is No Longer Enough by
`Beyond Viruses: Why Anti-Virus Software is No Longer Enough by
`David Stang PhD, Pest Patrol, 2002.
`David Stang PhD, Pest Patrol, 2002.
`"The Web: Threat or Menace?" from "Firewalls and Internet Secu-
`“The Web: Threat or Menace?” from “Firewalls and Internet Secu
`rity: Repelling the Wiley Hacker”, Second Edition, Addison-Wesley,
`rity: Repelling the Wiley Hacker", Second Edition, Addison-Wesley,
`ISBN 0-201-63466-X, 2003.
`ISBN 0-201-63466-X, 2003.
`Mehta, N. V., et al., “Expanding and Extending the Security Features
`Mehta, N. V., et al., "Expanding and Extending the Security Features
`of JAVA,” Proceedings of the 7th USENIX Security Symposium, San
`of JAVA," Proceedings of the 7th USENIX Security Symposium, San
`Antonio, Texas Jan. 26-29, 1998, 15 pages.
`Antonio, Texas Jan. 26-29, 1998, 15 pages.
`Kevin Townsend; "Spyware, Adware, and Peer to Peer Networks;
`Kevin Townsend; “Spyware, Adware, and Peer to Peer Networks;
`The Hidden Threat to Corporate Security" © Pest Patrol, 2003.
`The Hidden Threat to Corporate Security” © Pest Patrol, 2003.
`David Stang, PhD; “BeyondViruses: Why Anti-Virus Software is No
`David Stang, PhD; "Beyond Viruses: Why Anti-Virus Software is No
`Longer Enough”, © Pest Patrol 2002.
`Longer Enough", © Pest Patrol 2002.
`"The Web: Threat or Menace?" From "Firewalls and Internet Secu-
`“The Web: Threat or Menace?” From “Firewalls and Internet Secu
`rity: Repelling the Wiley Hacker”, Second Edition, Addison-Wesley,
`rity: Repelling the Wiley Hacker", Second Edition, Addison-Wesley,
`ISBN 0-201-63466-X, 2003 C.
`ISBN 0-201-63466-X, 2003 ©.
`
`* cited by examiner
`* cited by examiner
`
`Google - Exhibit 1001, page 3
`
`Google - Exhibit 1001, page 3
`
`

`
`U.S. Patent
`US. Patent
`
`Jul. 17, 2012
`Jul. 17, 2012
`
`Sheet 1 0f 11
`Sheet 1 of 11
`
`US RE43,528 E
`US RE43,528 E
`
`100
`100
`
`110
`110
`
`1" memory
`1'1 memory
`data storage
`data storage
`area
`area
`
`130
`130
`
`2"‘1 memory
`2nd memory
`data storage
`data storage
`area
`area
`
`140
`140
`
`120
`120
`\
`1s1