公开(公告)号：US09063721B2

公开(公告)日：2015-06-23

申请号：US14027352

申请日：2013-09-16

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F9/30 ,  G06F9/38 ,  G06F11/00 ,  G06F21/00 ,  G06F21/50 ,  G06F11/14

CPC分类号： G06F21/566 ,  G06F9/30079 ,  G06F9/3859 ,  G06F9/3861 ,  G06F9/3877 ,  G06F11/00 ,  G06F11/1407 ,  G06F21/50 ,  G06F21/52 ,  G06F2221/033

摘要： Trustworthy systems require that code be validated as genuine. Most systems implement this requirement prior to execution by matching a cryptographic hash of the binary file against a reference hash value, leaving the code vulnerable to run time compromises, such as code injection, return and jump-oriented programming, and illegal linking of the code to compromised library functions. The Run-time Execution Validator (REV) validates, as the program executes, the control flow path and instructions executed along the control flow path. REV uses a signature cache integrated into the processor pipeline to perform live validation of executions, at basic block boundaries, and ensures that changes to the program state are not made by the instructions within a basic block until the control flow path into the basic block and the instructions within the basic block are both validated.

公开(公告)号：US08631411B1

公开(公告)日：2014-01-14

申请号：US12841169

申请日：2010-07-21

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F9/46

CPC分类号： G06F1/3209 ,  G05D23/19 ,  G06F1/20 ,  G06F1/206 ,  G06F1/3203 ,  G06F1/3206 ,  G06F9/4893 ,  G06F9/5094 ,  G06F13/409 ,  H04L29/06 ,  H04L29/08072 ,  H05K7/20836 ,  Y02D10/151 ,  Y02D10/16 ,  Y02D10/24

摘要： A method for controlling a data center, comprising a plurality of server systems, each associated with a cooling system and a thermal constraint, comprising: a concurrent physical condition of a first server system; predicting a future physical condition based on a set of future states of the first server system; dynamically controlling the cooling system in response to at least the input and the predicted future physical condition, to selectively cool the first server system sufficient to meet the predetermined thermal constraint; and controlling an allocation of tasks between the plurality of server systems to selectively load the first server system within the predetermined thermal constraint and selectively idle a second server system, wherein the idle second server system can be recruited to accept tasks when allocated to it, and wherein the cooling system associated with the idle second server system is selectively operated in a low power consumption state.

摘要翻译： 一种用于控制数据中心的方法，包括与冷却系统和热约束相关联的多个服务器系统，包括：第一服务器系统的并发物理状况; 基于第一服务器系统的一组未来状态预测未来的身体状况; 响应于至少输入和预测的未来物理状况来动态地控制冷却系统，以选择性地冷却足以满足预定热约束的第一服务器系统; 以及控制所述多个服务器系统之间的任务分配，以选择性地将所述第一服务器系统加载到所述预定热约束内并选择性地空闲第二服务器系统，其中所述空闲的第二服务器系统可以被招募以在分配给它时接受任务;以及 其中与空闲的第二服务器系统相关联的冷却系统选择性地在低功耗状态下操作。

公开(公告)号：US20100046370A1

公开(公告)日：2010-02-25

申请号：US11950322

申请日：2007-12-04

申请人： Kanad Ghose ,  Peter Sulatycke

发明人： Kanad Ghose ,  Peter Sulatycke

IPC分类号： H04L12/56 ,  G08C15/00

CPC分类号： H04L47/193 ,  H04L1/1614 ,  H04L1/1628 ,  H04L1/1809 ,  H04L1/1848 ,  H04L47/10 ,  H04L47/18 ,  H04L47/39 ,  H04L69/16 ,  H04L69/163

摘要： Reliable byte stream transfer protocols play an important role in modern networks. The present invention implements such a protocol using credits for flow control and negative acknowledgements for reliable delivery. The credit mechanism uses credit transfer in installments and is immune to the losses or corruptions of intermediate credit installments. Negative acknowledgements are used to solicit the retransmission of data stream component. The present invention provides full compatibility at the programming interface with reliable byte transfer protocols, such as TCP, and also allows full interoperability among hosts running the aforesaid standard protocol or the protocol of the present invention.

摘要翻译： 可靠的字节流传输协议在现代网络中起着重要的作用。 本发明实现了使用用于流量控制的信用和用于可靠传递的否定确认的这种协议。 信用机制分期使用信用转移，免受中级信用分期付款的损失或破坏。 负确认用于请求数据流组件的重传。 本发明在编程接口上提供了诸如TCP之类的可靠字节传输协议的完全兼容性，并且还允许运行上述标准协议的主机或本发明的协议之间的完全互操作性。

公开(公告)号：US07496735B2

公开(公告)日：2009-02-24

申请号：US10994774

申请日：2004-11-22

申请人： Matt T Yourst ,  Kanad Ghose

发明人： Matt T Yourst ,  Kanad Ghose

IPC分类号： G06F9/30 ,  G06F9/40 ,  G06F15/00

CPC分类号： G06F9/3863 ,  G06F9/3808 ,  G06F9/3814 ,  G06F9/3836 ,  G06F9/384 ,  G06F9/3842 ,  G06F9/3857

摘要： Method and hardware apparatus are disclosed for reducing the rollback penalty on exceptions in a microprocessor executing traces of scheduled instructions. Speculative state is committed to the architectural state of the microprocessor at a series of commit points within a trace, rather than committing the state as a single atomic operation at the end of the trace.

摘要翻译： 公开了一种方法和硬件装置，用于减少执行微处理指令的微处理器中的例外的回滚损失。 投机状态在跟踪中的一系列提交点处致力于微处理器的架构状态，而不是在跟踪结束时将状态提交为单个原子操作。

公开(公告)号：US08285999B1

公开(公告)日：2012-10-09

申请号：US12631839

申请日：2009-12-06

申请人： Kanad Ghose ,  Erdem Aktas

发明人： Kanad Ghose ,  Erdem Aktas

IPC分类号： H04L9/32

CPC分类号： H04L9/3271 ,  G06F21/54 ,  G06F21/565 ,  G06F2221/2103 ,  H04L9/3234

摘要： With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. A generic framework is provided for authenticating remote executions on a potentially untrusted remote server—essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the present scheme. The performance overhead of this technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

摘要翻译： 随着分布式系统的广泛使用，需要保护这些系统免受各种各样的威胁。 最近的安全机制在对客户端或服务器上的程序执行进行身份验证方面严重不足，因为客户端，服务器和执行程序本身可能会在客户端和服务器通过认证阶段后受到威胁。 提供了一个通用框架，用于对潜在不受信任的远程服务器上的远程执行进行身份验证 - 基本上验证了代表客户端在服务器上执行的操作实际上是预期的程序。 还描述了一个原型Linux实现的细节，以及一些用于减少本方案的运行时间开销的优化技术。 对于大多数基准测试，此技术的性能开销通常从7％变化到24％，从SPEC基准测试的实际远程执行中可以看出。

公开(公告)号：US08046558B2

公开(公告)日：2011-10-25

申请号：US11532197

申请日：2006-09-15

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F12/00 ,  G06F13/00

CPC分类号： G06F3/0674 ,  G06F3/0611 ,  G06F3/0659 ,  G06F17/30227

摘要： A file system that permits predictable accesses to file data stored on devices that may have a variable access latency dependent on the physical location of the file on the physical storage device. A variety of features that guarantee timely, real-time response to I/O file system requests that specify deadlines or other alternative required quality-of-service parameters. The file system addresses needs to accommodate the file systems of storage devices such as disks that have an access time dependant on the physical location of the data within the storage device. A two-phase, deadline-driven scheduler considers the impact of disk seek time on overall response times. Non real-time file operations may be preempted. Files may be preallocated to help avoid access delay caused by non-contiguity. Disk buffers may also be preallocated to improve real-time file system performance.

摘要翻译： 一种文件系统，其允许对存储在可能具有取决于物理存储设备上的文件的物理位置的可变访问延迟的设备上的文件数据的可预测访问。 各种功能，可以保证及时，实时地对I / O文件系统请求进行响应，这些请求规定了最后期限或其他可选择的所需服务质量参数。 文件系统地址需要容纳存储设备的文件系统，例如具有取决于存储设备内的数据的物理位置的访问时间的磁盘。 两阶段的最后期限驱动的调度器考虑磁盘查找时间对整体响应时间的影响。 非实时文件操作可能被抢占。 文件可能会被预先分配，以帮助避免由不连续引起的访问延迟。 还可以预先分配磁盘缓冲区以提高实时文件系统性能。

公开(公告)号：US07562243B1

公开(公告)日：2009-07-14

申请号：US11748411

申请日：2007-05-14

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F1/32

CPC分类号： G06F1/3203 ,  G06F1/3287 ,  G06F9/3802 ,  G06F9/3814 ,  G06F9/3836 ,  G06F9/384 ,  G06F9/3869 ,  G06F9/5027 ,  G06F9/5094 ,  Y02D10/171 ,  Y02D10/22

摘要： There is provided a system and methods for segmenting datapath resources such as reorder buffers, physical registers, instruction queues and load-store queues, etc. in a microprocessor so that their size may be dynamically expanded and contracted. This is accomplished by allocating and deallocating individual resource units to each resource based on sampled estimates of the instantaneous resource needs of the program running on the microprocessor. By keeping unused datapath resources to a minimum, power and energy savings are achieved by shutting off resource units that are not needed for sustaining the performance requirements of the running program. Leakage energy and switching energy and power are reduced using the described methods.

摘要翻译： 提供了一种用于在微处理器中分割数据路径资源（例如重新排序缓冲器，物理寄存器，指令队列和加载存储队列等）的系统和方法，使得它们的大小可以被动态地扩展和收缩。 这是通过基于在微处理器上运行的程序的瞬时资源需求的采样估计来分配和释放各个资源单元到每个资源来实现的。 通过将未使用的数据路径资源保持在最低限度，通过关闭维护正在运行的程序的性能要求所不需要的资源单元来实现功率和能量节省。 使用所描述的方法减少了泄漏能量和开关能量和功率。

公开(公告)号：US07219249B1

公开(公告)日：2007-05-15

申请号：US10727105

申请日：2003-12-03

申请人： Kanad Ghose ,  Dmitry V. Ponomarev ,  Gurhan Kucuk

发明人： Kanad Ghose ,  Dmitry V. Ponomarev ,  Gurhan Kucuk

IPC分类号： G06F1/32

CPC分类号： G06F1/3203 ,  G06F1/3287 ,  G06F9/3802 ,  G06F9/3814 ,  G06F9/3836 ,  G06F9/384 ,  G06F9/3869 ,  G06F9/5027 ,  G06F9/5094 ,  Y02D10/171 ,  Y02D10/22

摘要： There is provided a system and methods for segmenting datapath resources such as reorder buffers, physical registers, instruction queues and load-store queues, etc. in a microprocessor so that their size may be dynamically expanded and contracted. This is accomplished by allocating and deallocating individual resource units to each resource based on sampled estimates of the instantaneous resource needs of the program running on the microprocessor. By keeping unused datapath resources to a minimum, power and energy savings are achieved by shutting off resource units that are not needed for sustaining the performance requirements of the running program. Leakage energy and switching energy and power are reduced using the described methods.

摘要翻译： 提供了一种用于在微处理器中分割数据路径资源（例如重新排序缓冲器，物理寄存器，指令队列和加载存储队列等）的系统和方法，使得它们的大小可以被动态地扩展和收缩。 这是通过基于在微处理器上运行的程序的瞬时资源需求的采样估计来分配和释放各个资源单元到每个资源来实现的。 通过将未使用的数据路径资源保持在最低限度，通过关闭维护正在运行的程序的性能要求所不需要的资源单元来实现功率和能量节省。 使用所描述的方法减少了泄漏能量和开关能量和功率。

公开(公告)号：US08904189B1

公开(公告)日：2014-12-02

申请号：US13183912

申请日：2011-07-15

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F11/36

CPC分类号： H04L9/3247 ,  G06F9/3834 ,  G06F9/3851 ,  G06F11/1407 ,  G06F11/3612 ,  G06F12/0855 ,  G06F12/0862 ,  G06F21/52 ,  G06F21/602 ,  G06F21/74 ,  G06F21/79 ,  G06F2212/6026

摘要： A processor comprising: an instruction processing pipeline, configured to receive a sequence of instructions for execution, said sequence comprising at least one instruction including a flow control instruction which terminates the sequence; a hash generator, configured to generate a hash associated with execution of the sequence of instructions; a memory configured to securely receive a reference signature corresponding to a hash of a verified corresponding sequence of instructions; verification logic configured to determine a correspondence between the hash and the reference signature; and authorization logic configured to selectively produce a signal, in dependence on a degree of correspondence of the hash with the reference signature.

摘要翻译： 一种处理器，包括：指令处理流水线，被配置为接收用于执行的指令序列，所述序列包括至少一个指令，其包括终止所述序列的流控制指令; 哈希发生器，被配置为生成与所述指令序列的执行相关联的散列; 存储器，被配置为安全地接收与所验证的相应的指令序列的散列相对应的参考签名; 验证逻辑，其被配置为确定所述散列和所述参考签名之间的对应关系; 以及授权逻辑，被配置为根据所述散列与所​​述参考签名的对应程度选择性地产生信号。

公开(公告)号：US08782434B1

公开(公告)日：2014-07-15

申请号：US13183857

申请日：2011-07-15

申请人： Kanad Ghose

发明人： Kanad Ghose

IPC分类号： G06F9/44 ,  G06F9/38 ,  G06F21/72 ,  G06F21/54 ,  G06F11/14 ,  G06F11/36

CPC分类号： G06F21/51 ,  G06F9/3834 ,  G06F9/3851 ,  G06F11/1407 ,  G06F11/3612 ,  G06F21/52 ,  G06F21/54 ,  G06F21/72 ,  G06F21/79

摘要： A pipelined processor comprising a cache memory system, fetching instructions for execution from a portion of said cache memory system, an instruction commencing processing before a digital signature of the cache line that contained the instruction is verified against a reference signature of the cache line, the verification being done at the point of decoding, dispatching, or committing execution of the instruction, the reference signature being stored in an encrypted form in the processor's memory, and the key for decrypting the said reference signature being stored in a secure storage location. The instruction processing proceeds when the two signatures exactly match and, where further instruction processing is suspended or processing modified on a mismatch of the two said signatures.

摘要翻译： 一种流水线处理器，包括高速缓冲存储器系统，从所述高速缓冲存储器系统的一部分获取执行指令，在包含所述指令的高速缓存行的数字签名之前针对高速缓存行的参考签名进行验证的指令开始处理， 在解码，调度或执行指令的时刻进行验证，将参考签名以加密形式存储在处理器的存储器中，以及用于解密所述参考签名的密钥存储在安全存储位置。 当两个签名完全匹配并且在另外的指令处理被暂停的情况下进行指令处理，或者对两个所述签名的不匹配进行修改。