Steven A Gribble

8196205, Jun 5, 2012

Jun 26, 2006

11/426370

Steven Gribble - Seattle WA, US
Henry Levy - Seattle WA, US
Alexander Moshchuk - Seattle WA, US
Tanya Bragin - Seattle WA, US

University of Washington through its Center for Commercialization - Seattle WA

G06F 11/00
H04L 9/32

726 24, 713168

A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.

20070136579, Jun 14, 2007

Dec 9, 2005

11/298859

Henry Levy - Seattle WA, US
Steven Gribble - Seattle WA, US
Jacob Hansen - Copenhagen, DK
Richard Cox - San Francisco CA, US

University of Washington - Seattle WA

H04L 9/00

713168000

A Web browsing system using a browser operating system (BOS), which provides a trusted software layer on which Web browsers execute. The BOS runs the client-side component of each Web application (e.g., on-line banking, and Web mail) in its own virtual machine, which provides strong isolation between Web services and the user's local resources. Web publishers can thus limit the scope of their Web applications by specifying the URLs and other resources that their browsers are allowed to access, which limits the harm that can be caused by a compromised browser. Web applications are treated as first-class objects that users explicitly install and manage, giving them explicit knowledge about and control over downloaded content and code. An initial embodiment implemented using Linux and the Xen virtual machine monitor has been shown to prevent or contain about 87% of the vulnerabilities that have been identified in a conventional web browser environment.

20070260702, Nov 8, 2007

Sep 15, 2006

11/532419

David Richardson - Seattle WA, US
Brian Bershad - Seattle WA, US
Steven Gribble - Seattle WA, US
Henry Levy - Seattle WA, US

University of Washington - Seattle WA

G06F 15/16

709217

Applications and services are accessed over the Web without requiring any modification to the currently available code for such applications. Virtual machines (VMs) can each be associated with one or more pre-configured and pre-installed software applications and hosted by Web sites. A VM is accessed and run when a user of a client computing device selects a Web object for the VM in a browser program. A plug-in in the browser reads a configuration file for the selected VM from a server and requests a server-side controller daemon to launch the VM on the server. The plug-in then opens a remote desktop connection to the VM, which is displayed as an embedded window in the Web page on the browser program. The user can then interact with and use the VM and its provided application software and services from within the browser program.

20130014259, Jan 10, 2013

Jun 4, 2012

13/488222

Steven Gribble - Seattle WA, US
Henry Levy - Seattle WA, US
Alexander Moshchuk - Seattle WA, US
Tanya Bragin - Seattle WA, US

University of Washington through its Center for Commercialization - Seattle WA

G06F 21/00

726 24

A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when a page is rendered by a browser program. The tool uses a virtual machine (VM) to sandbox and analyze potentially malicious content. By installing and running executable files within a clean VM environment, commercial anti-spyware tools can be employed to determine whether a specific executable contains piggy-backed spyware. By visiting a Web page with an unmodified browser inside a clean VM environment, predefined “triggers,” such as the installation of a new library, or the creation of a new process, can be used to determine whether the page mounts a drive-by download attack.

20130198522, Aug 1, 2013

Apr 8, 2011

13/640034

Tadayoshi Kohno - Seattle WA, US
Roxana Geambasu - Seattle WA, US
Henry Levy - Seattle WA, US
Steven Gribble - Seattle WA, US

G06F 21/62

713182

Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.

20210243138, Aug 5, 2021

Apr 21, 2021

17/236768

- Mountain View CA, US
Zengbin Zhang - Seattle WA, US
Amin Vahdat - Los Altos CA, US
Vinay Kumar Bannai - Sunnyvale CA, US
Alexander Jinhon Lin - San Jose CA, US
Anvesh Komuravelli - Santa Clara CA, US
Steven Gribble - Mountain View CA, US
Andrew DeBock Ferguson - New York NY, US
Muhammad Mukarram Tariq - San Jose CA, US
Joon Ong - Cupertino CA, US
Alvaro Martinez Echevarria - Mountain View CA, US

H04L 12/933
H04L 12/947
H04L 12/24
H04L 12/775

Methods, systems, and apparatus, for automatically changing a network system. A method includes receiving a set of first intents that describe a state of a first switch fabric; receiving a set of second intents that describe a state of a second switch fabric; computing a set of network operations to perform on the first switch fabric to achieve the second switch fabric, the set of operations also defining an order in which the operations are to be executed, and the set of operations determined based on the set of first intents, the set of second intents, and migration logic that defines a ruleset for selecting the operations based on the set of first intents and the second intents; and executing the set of network operations according to the order, to apply changes to elements within the first switch fabric to achieve the state of the second switch fabric.

20190173805, Jun 6, 2019

Feb 1, 2019

16/265754

- Mountain View CA, US
Zengbin Zhang - Seattle WA, US
Amin Vahdat - Los Altos CA, US
Vinay Kumar Bannai - Sunnyvale CA, US
Alexander Jinhon Lin - San Jose CA, US
Anvesh Komuravelli - Santa Clara CA, US
Steven Gribble - Mountain View CA, US
Andrew DeBock Ferguson - New York NY, US
Muhammad Mukarram Tariq - San Jose CA, US
Joon Ong - Cupertino CA, US
Alvaro Martinez Echevarria - Mountain View CA, US

H04L 12/933
H04L 12/947
H04L 12/775
H04L 12/24

Methods, systems, and apparatus, for automatically changing a network system. A method includes receiving a set of first intents that describe a state of a first switch fabric; receiving a set of second intents that describe a state of a second switch fabric; computing a set of network operations to perform on the first switch fabric to achieve the second switch fabric, the set of operations also defining an order in which the operations are to be executed, and the set of operations determined based on the set of first intents, the set of second intents, and migration logic that defines a ruleset for selecting the operations based on the set of first intents and the second intents; and executing the set of network operations according to the order, to apply changes to elements within the first switch fabric to achieve the state of the second switch fabric.