Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 1-20 are objected to because of the following informalities: The term “its” makes the claim indefinite as it is not clear what “its” is referring to. Such limitation should be clearly defined. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 7-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Boling et al (2021/0042100) in views of Redlich et al (2010/0010968) and Kerschbaumer et al (2013/0117845).
For claim 1. Boling teaches a method for generating and enforcing compartmentalization security policies for tagged processor architectures (Boiling teaches tag processing hardware may be provided to ensure that instructions being executed by the host processor comply with one or more policies such as a compartment policy may provide explicit policy control of flows between compartments as Boiling teaches in par.59 and 229), the method comprising: at a node for generating compartmentalization security policies for enforcement in a tagged processor architecture (Boiling teaches that compartment policy may, during execution, enforcing that input data for a computation may only belong to an active compartment, and/or that a result of the computation may be labeled with an ID of the active compartment as Boiling teaches in par.233): receiving computer code of at least one application (Boiling teaches compartment color metadata may be applied to task data, task environment, and/or task code. This may associate data and code with an execution context as Boiling teaches in par.228); determining, using a compartmentalization algorithm, at least one rule cache characteristic, and performance analysis information, compartmentalizations for the computer code and rules for enforcing the compartmentalizations (the tag processing hardware 140 may include a rule cache 144 for mapping one or more input tags to a decision and/or one or more output tags, compartment policy may include rules that ensure all parts (e.g., code, data, registers, etc.) of the execution context share a single common metadata ID that identifies the compartment and a hardware feature may be provided in a rule cache (e.g., the illustrative rule cache 144 in the example of FIG. 1) to allow a rule to forward one or more inputs of the rule to the rule's output as Boiling teaches as Boiling teaches in par.79, par.332 and 260); generating a compartmentalization security policy comprising the rules for enforcing the compartmentalizations (Boiling teaches that to facilitate communication between compartments, policy rules may be provided to allow compartment ID for data to change as the data is sent to another compartment and Each rule may, when executed, enforce that an operation of a corresponding type may proceed only if all inputs and outputs have identical compartment IDs as Boiling teaches in par.235 and 255); instantiating, using a policy compiler, the compartmentalization security policy for enforcement in the tagged processor architecture (Boiling teaches that policy compiler (e.g., the illustrative policy compiler 220 shown in FIG. 2) may generate a hierarchical metadata symbol as Boiling teaches in par.242 to par.249), and at least one processor core of the tagged processor architecture (Boiling teaches that the tag processing hardware 140 may be configured to apply one or more security rules to metadata associated with an instruction and/or metadata associated with one or more operands of the instruction to determine if the instruction should be allowed as Boiling teaches in par.68) and executing the tagged of the computer code (Boiling teaches that the host processor 110 may fetch and execute an instruction as Boiling teaches in par.68).
Boling fails to teach that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code based on the compartmentalization security policy, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and executing the tagged image of the computer code; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Redlich teaches that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code based on the compartmentalization security policy and executing the tagged image of the computer code; (Redlich teaches that an information file or data stream) having therein text A, Text B, various tags relative to the information in the text (such as paragraph numbers), metadata associated with items and data objects in the document and image elements. The input file is subjected to a reduction or deconstruction step 2002 which creates an expanded information document which includes source data, and file map of the various elements, text A, text B, metadata, tags, audio and multiple audio files, image files, metadata files, tags etc. may be included in the expanded information document and compartment tags using a combination of automatic and manual tagging features, as allowed by the organization's security policy as Redlich teaches in par.346 and 529). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include tagging an image of the computer code of the at least one application based on the compartmentalization security policy as taught and suggested by Redlich for the purpose of creating a digital bureaucratic process which enhances the security level of the entire system (Redlich, par.551). Boling, as modified by Redlich, does not explicitly teach wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Kerschbaumer teaches, similar system, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels ( Kerschbaumer teaches tagging the dynamic language value with security labels that identify an originating domain as Kerschbaumer teaches in par.4), each of the Domain-ID labels indicating a security domain to which its associated instruction belongs (Kerschbaumer teaches different domain of origin (e.g., www.attacker.com). In block 514, a label tag value identifying the values as being associated with more than one domain may be computed using a logical `OR` operation as Kerschbaumer teaches in par.44), the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label (Kerschbaumer teaches the labels and values may be encoded in multiple levels such that some of the x-bits encode originating domain label information, and such that some of the x-bits store a pointer to a location that contains label information as Kerschbaumer teaches in par.44); and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction (Kerschbaumer teaches identifying the security label as being encoded as one-hot-bit, and performing a bitwise OR operation if it is determined that the reserved bit indicates that the first mode is selected, and identifying the security label as being a reference into a label manager data-structure that stores actual label information and performing memory read operations if it is determined that the reserved bit indicates that the second mode is selected and dentifying the values as being associated with more than one domain may be computed using a logical OR operation. Before any request is sent over the network, various aspects may check whether the information is allowed to be sent to that domain or if a security violation occurred. Labels of that value may be compared, and the results of that comparison may be used to decide whether the send request is to be allowed as Kerschbaumer teaches in par.47). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include Domain-ID labels as taught and suggested by Kerschbaumer for the purpose of creating detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code (Kerschbaumer, abstract).
For claim 2. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein tagging the image of computer code includes adding metadata tags that indicate logical privilege domains or compartments for computer code components of the computer code; or wherein tagging the image of computer code includes adding metadata tags that indicate a logical object for newly allocated memory (Boiling teaches that the dynamic loader may initialize tags in the metadata memory 125 by triggering one or more rules of a loader policy, such as the illustrative loader policy and the user application binary image and/or the user application metadata initialization specification may be electronically signed, and may be distributed with a public key corresponding to a private key used for signing. The private key itself may not be distributed as Boiling teaches in par.207-208).
For claim 3. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the at least one application includes a user application and/or an operating system for running the user application or other software; wherein the at least one rule cache characteristic includes a cache capacity, a cache performance, or comparing overprivilege to a fine-grained reference; or wherein the performance analysis information includes information from a privilege analysis or information from a performance assessment involving comparing execution times on the tagged processor architecture associated with different candidate compartment rule sets (Boiling teaches that The dynamic loader may use the public key to verify that the user application binary image and/or the user application metadata initialization specification have not be modified. Additionally, or alternatively, loading the user application binary image using the user application metadata initialization specification may trigger one or more loader policy rules as Boiling teaches in par.208 and par.259).
For claim 4. Boling, as modified by Redlich and Kerschbaumer, further teaches generating a rule prefetching policy for the compartmentalization security policy, wherein the rule prefetching policy indicates mappings between source rules and sets of related rules to load into the rule cache when a respective source rule triggers a cache miss; and providing the rule prefetching policy to at least one policy execution processor for performing rule prefetching during the enforcement of compartmentalization security policy (Boiling teaches that the tag processing hardware 140 may include a rule cache 144 for mapping one or more input tags to a decision and/or one or more output tags and Such a mapping in the rule cache 144 may be created using a query response from the policy processor 150. However, that is not required, as in some embodiments, one or more mappings may be installed into the rule cache 144 ahead of time as Boiling teaches in par.79).
For claim 7. Boling, as modified by Redlich and Kerschbaumer, fails to teach wherein the compartmentalization algorithm includes a working-set algorithm that selects, using rule locality information learned from a tracing policy involving monitoring execution of the at least one application, a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set until a number of rules in the working-set is equal to or below a maximum number or a target number of rules allowed per working-set by iteratively merging domains using a rule delta calculation; or wherein the compartmentalization algorithm includes a working-set algorithm that selects a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set based on privilege effects and rule count effects.
Redlich further teaches that wherein the compartmentalization algorithm includes a working-set algorithm that selects, using rule locality information learned from a tracing policy involving monitoring execution of the at least one application, a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set until a number of rules in the working-set is equal to or below a maximum number or a target number of rules allowed per working-set by iteratively merging domains using a rule delta calculation; or wherein the compartmentalization algorithm includes a working-set algorithm that selects a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set based on privilege effects and rule count effects (Redlich teaches that The search repeats until a search end parameter is met, such as all supplemental documents exceed a predetermined number, a predetermined number of data elements from all supplemental documents fulfill a predetermined number of priorities in said classification system, a lapse of a predetermined time, a predetermined number of data elements from all supplemental documents fulfill a predetermined number of priorities in said classification system, among other search end parameters discussed herein and The concept is a location based access oriented security (or SC relevancy) such as an automated trigger (which activates the security or SC program discussed hereinabove when the portable computing device is beyond a predetermined region as Redlich teaches that in par.365 and par.585). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include predetermined time as taught and suggested by Redlich for the purpose of creating a digital bureaucratic process which enhances the security level of the entire system (Redlich, par.551).
For claim 8. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the compartmentalization algorithm uses one or more syntactic compartments and/or one or more syntactic constraints when determining the compartmentalizations and the rules for enforcing the compartmentalization (Boiling, par.232 and par.235).
For claim 9. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein determining the compartmentalizations and rules for enforcing the compartmentalizations comprises: executing the compartmentalization algorithm multiple times using different parameter values for determining overprivilege ratios and/or performance metrics of different versions of the compartmentalization security policy; and selecting a version of the compartmentalization security policy determined using selection criteria and the overprivilege ratios and/or the performance metrics (Boiling, par.102, par.223 and par.242).
For claim 10. Boling teaches a system for generating and enforcing compartmentalization security policies for tagged processor architectures (Boiling teaches tag processing hardware may be provided to ensure that instructions being executed by the host processor comply with one or more policies such as a compartment policy may provide explicit policy control of flows between compartments as Boiling teaches in par.59 and 229), the system comprising: one or more processors (par.79); and a node for generating compartmentalization security policies for tagged processor architectures implemented using the one or more processors (Boiling teaches that compartment policy may, during execution, enforcing that input data for a computation may only belong to an active compartment, and/or that a result of the computation may be labeled with an ID of the active compartment as Boiling teaches in par.233) and configured for: receiving computer code of at least one application (Boiling teaches compartment color metadata may be applied to task data, task environment, and/or task code. This may associate data and code with an execution context as Boiling teaches in par.228); determining, using a compartmentalization algorithm, at least one rule cache characteristic, and performance analysis information, compartmentalizations for the computer code and rules for enforcing the compartmentalizations (the tag processing hardware 140 may include a rule cache 144 for mapping one or more input tags to a decision and/or one or more output tags, compartment policy may include rules that ensure all parts (e.g., code, data, registers, etc.) of the execution context share a single common metadata ID that identifies the compartment and a hardware feature may be provided in a rule cache (e.g., the illustrative rule cache 144 in the example of FIG. 1) to allow a rule to forward one or more inputs of the rule to the rule's output as Boiling teaches as Boiling teaches in par.79, par.332 and 260); generating a compartmentalization security policy comprising the rules for enforcing the compartmentalizations (Boiling teaches that to facilitate communication between compartments, policy rules may be provided to allow compartment ID for data to change as the data is sent to another compartment and Each rule may, when executed, enforce that an operation of a corresponding type may proceed only if all inputs and outputs have identical compartment IDs as Boiling teaches in par.235 and 255); instantiating, using a policy compiler, the compartmentalization security policy for enforcement in the tagged processor architecture (Boiling teaches that policy compiler (e.g., the illustrative policy compiler 220 shown in FIG. 2) may generate a hierarchical metadata symbol as Boiling teaches in par.242 to par.249), and at least one processor core of the tagged processor architecture (Boiling teaches that the tag processing hardware 140 may be configured to apply one or more security rules to metadata associated with an instruction and/or metadata associated with one or more operands of the instruction to determine if the instruction should be allowed as Boiling teaches in par.68) and executing the tagged of the computer code (Boiling teaches that the host processor 110 may fetch and execute an instruction as Boiling teaches in par.68).
Boling fails to teach that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code based on the compartmentalization security policy, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and executing the tagged image of the computer code; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Redlich teaches that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code based on the compartmentalization security policy and executing the tagged image of the computer code; (Redlich teaches that an information file or data stream) having therein text A, Text B, various tags relative to the information in the text (such as paragraph numbers), metadata associated with items and data objects in the document and image elements. The input file is subjected to a reduction or deconstruction step 2002 which creates an expanded information document which includes source data, and file map of the various elements, text A, text B, metadata, tags, audio and multiple audio files, image files, metadata files, tags etc. may be included in the expanded information document and compartment tags using a combination of automatic and manual tagging features, as allowed by the organization's security policy as Redlich teaches in par.346 and 529). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include tagging an image of the computer code of the at least one application based on the compartmentalization security policy as taught and suggested by Redlich for the purpose of creating a digital bureaucratic process which enhances the security level of the entire system (Redlich, par.551). Boling, as modified by Redlich, does not explicitly teach wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Kerschbaumer teaches, similar system, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels ( Kerschbaumer teaches tagging the dynamic language value with security labels that identify an originating domain as Kerschbaumer teaches in par.4), each of the Domain-ID labels indicating a security domain to which its associated instruction belongs (Kerschbaumer teaches different domain of origin (e.g., www.attacker.com). In block 514, a label tag value identifying the values as being associated with more than one domain may be computed using a logical `OR` operation as Kerschbaumer teaches in par.44), the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label (Kerschbaumer teaches the labels and values may be encoded in multiple levels such that some of the x-bits encode originating domain label information, and such that some of the x-bits store a pointer to a location that contains label information as Kerschbaumer teaches in par.44); and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction (Kerschbaumer teaches identifying the security label as being encoded as one-hot-bit, and performing a bitwise OR operation if it is determined that the reserved bit indicates that the first mode is selected, and identifying the security label as being a reference into a label manager data-structure that stores actual label information and performing memory read operations if it is determined that the reserved bit indicates that the second mode is selected and dentifying the values as being associated with more than one domain may be computed using a logical OR operation. Before any request is sent over the network, various aspects may check whether the information is allowed to be sent to that domain or if a security violation occurred. Labels of that value may be compared, and the results of that comparison may be used to decide whether the send request is to be allowed as Kerschbaumer teaches in par.47). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include Domain-ID labels as taught and suggested by Kerschbaumer for the purpose of creating detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code (Kerschbaumer, abstract).
For claim 11. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the policy compiler is configured for tagging the image of the computer code by adding metadata tags that indicate logical privilege domains or compartments for computer code components of the computer code; or wherein tagging the image of computer code includes adding metadata tags that indicate a logical object for newly allocated memory (Boiling teaches that the dynamic loader may initialize tags in the metadata memory 125 by triggering one or more rules of a loader policy, such as the illustrative loader policy and the user application binary image and/or the user application metadata initialization specification may be electronically signed, and may be distributed with a public key corresponding to a private key used for signing. The private key itself may not be distributed as Boiling teaches in par.207-208).
For claim 12. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the at least one application includes a user application and/or an operating system for running the user application or other software; wherein the at least one rule cache characteristic includes a cache capacity, a cache performance, or comparing overprivilege to a fine-grained reference; or wherein the performance analysis information includes information from a privilege analysis or information from a performance assessment involving comparing execution times on the tagged processor architecture associated with different candidate compartment rule sets (Boiling teaches that The dynamic loader may use the public key to verify that the user application binary image and/or the user application metadata initialization specification have not be modified. Additionally, or alternatively, loading the user application binary image using the user application metadata initialization specification may trigger one or more loader policy rules as Boiling teaches in par.208 and par.259).
For claim 13. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the node is further configured for: generating a rule prefetching policy for the compartmentalization security policy, wherein the rule prefetching policy indicates mappings between source rules and sets of related rules to load into the rule cache when a respective source rule triggers a cache miss; and providing the rule prefetching policy to at least one policy execution processor for performing rule prefetching during the enforcement of compartmentalization security policy (Boiling teaches that the tag processing hardware 140 may include a rule cache 144 for mapping one or more input tags to a decision and/or one or more output tags and Such a mapping in the rule cache 144 may be created using a query response from the policy processor 150. However, that is not required, as in some embodiments, one or more mappings may be installed into the rule cache 144 ahead of time as Boiling teaches in par.79).
For claim 16. Boling, as modified by Redlich and Kerschbaumer, fails to teach wherein the compartmentalization algorithm includes a working-set algorithm that selects, using rule locality information learned from a tracing policy involving monitoring execution of the at least one application, a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set until a number of rules in the working-set is equal to or below a maximum number or a target number of rules allowed per working-set by iteratively merging domains using a rule delta calculation; or wherein the compartmentalization algorithm includes a working-set algorithm that selects a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set based on privilege effects and rule count effects.
Redlich further teaches that wherein the compartmentalization algorithm includes a working-set algorithm that selects, using rule locality information learned from a tracing policy involving monitoring execution of the at least one application, a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set until a number of rules in the working-set is equal to or below a maximum number or a target number of rules allowed per working-set by iteratively merging domains using a rule delta calculation; or wherein the compartmentalization algorithm includes a working-set algorithm that selects a set of rules encountered during a predetermined period of time as a working-set and reduces the rules in the working-set based on privilege effects and rule count effects (which activates the security or SC program discussed hereinabove when the portable computing device is beyond a predetermined region as Redlich teaches that in par.365 and par.585). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include predetermined time as taught and suggested by Redlich for the purpose of creating a digital bureaucratic process which enhances the security level of the entire system (Redlich, par.551).
For claim 17. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the compartmentalization algorithm uses one or more syntactic compartments and/or one or more syntactic constraints when determining the compartmentalizations and the rules for enforcing the compartmentalizations (Boiling, par.232 and par.235).
For claim 18. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein the node is configured for determining the compartmentalizations and rules for enforcing the compartmentalizations by: executing the compartmentalization algorithm multiple times using different parameter values for determining overprivilege ratios and/or performance metrics of different versions of the compartmentalization security policy; and selecting a version of the compartmentalization security policy using selection criteria and the overprivilege ratios and/or the performance metrics (Boiling, par.102, par.223 and par.242).
For claim 19. Boling teaches A non-transitory computer readable medium storing executable instructions that when executed by at least one processor of a computer control the computer to perform operations (par.262) comprising: at a node for generating compartmentalization security policies for enforcement in a tagged processor architecture (Boiling teaches that compartment policy may, during execution, enforcing that input data for a computation may only belong to an active compartment, and/or that a result of the computation may be labeled with an ID of the active compartment as Boiling teaches in par.233): receiving computer code of at least one application or of an operating system (Boiling teaches compartment color metadata may be applied to task data, task environment, and/or task code. This may associate data and code with an execution context as Boiling teaches in par.228); determining, using a compartmentalization algorithm, at least one rule cache characteristic, and performance analysis information, compartmentalizations for the computer code and rules for enforcing the compartmentalizations (the tag processing hardware 140 may include a rule cache 144 for mapping one or more input tags to a decision and/or one or more output tags, compartment policy may include rules that ensure all parts (e.g., code, data, registers, etc.) of the execution context share a single common metadata ID that identifies the compartment and a hardware feature may be provided in a rule cache (e.g., the illustrative rule cache 144 in the example of FIG. 1) to allow a rule to forward one or more inputs of the rule to the rule's output as Boiling teaches as Boiling teaches in par.79, par.332 and 260); generating a compartmentalization security policy comprising the rules for enforcing the compartmentalizations (Boiling teaches that to facilitate communication between compartments, policy rules may be provided to allow compartment ID for data to change as the data is sent to another compartment and Each rule may, when executed, enforce that an operation of a corresponding type may proceed only if all inputs and outputs have identical compartment IDs as Boiling teaches in par.235 and 255); and instantiating, using a policy compiler, the compartmentalization security policy for enforcement in the tagged processor architecture (Boiling teaches that policy compiler (e.g., the illustrative policy compiler 220 shown in FIG. 2) may generate a hierarchical metadata symbol as Boiling teaches in par.242 to par.249), and at least one processor core of the tagged processor architecture (Boiling teaches that the tag processing hardware 140 may be configured to apply one or more security rules to metadata associated with an instruction and/or metadata associated with one or more operands of the instruction to determine if the instruction should be allowed as Boiling teaches in par.68) and executing the tagged of the computer code (Boiling teaches that the host processor 110 may fetch and execute an instruction as Boiling teaches in par.68).
Boling fails to teach that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code of the at least one application based on the compartmentalization security policy, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and executing the tagged image of the computer code; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Redlich teaches that wherein instantiating the compartmentalization security policy includes tagging an image of the computer code of the at least one application based on the compartmentalization security policy and executing the tagged image of the computer code; (Redlich teaches that an information file or data stream) having therein text A, Text B, various tags relative to the information in the text (such as paragraph numbers), metadata associated with items and data objects in the document and image elements. The input file is subjected to a reduction or deconstruction step 2002 which creates an expanded information document which includes source data, and file map of the various elements, text A, text B, metadata, tags, audio and multiple audio files, image files, metadata files, tags etc. may be included in the expanded information document and compartment tags using a combination of automatic and manual tagging features, as allowed by the organization's security policy as Redlich teaches in par.346 and 529). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include tagging an image of the computer code of the at least one application based on the compartmentalization security policy as taught and suggested by Redlich for the purpose of creating a digital bureaucratic process which enhances the security level of the entire system (Redlich, par.551). Boling, as modified by Redlich, does not explicitly teach wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels, each of the Domain-ID labels indicating a security domain to which its associated instruction belongs, the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label; and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction.
Kerschbaumer teaches, similar system, wherein tagging the image of the computer code includes tagging instructions in the computer code with Domain-ID labels ( Kerschbaumer teaches tagging the dynamic language value with security labels that identify an originating domain as Kerschbaumer teaches in par.4), each of the Domain-ID labels indicating a security domain to which its associated instruction belongs (Kerschbaumer teaches different domain of origin (e.g., www.attacker.com). In block 514, a label tag value identifying the values as being associated with more than one domain may be computed using a logical `OR` operation as Kerschbaumer teaches in par.44), the Domain-ID labels including at least an operating system syntactic domain label and an application code syntactic domain label (Kerschbaumer teaches the labels and values may be encoded in multiple levels such that some of the x-bits encode originating domain label information, and such that some of the x-bits store a pointer to a location that contains label information as Kerschbaumer teaches in par.44); and enforcing the compartmentalization security policy by reading the Domain-ID label associated with one of the instructions and executing or blocking an operation indicated by the instruction based on whether the operation is permitted by a domain-based rule for the security domain indicated by the Domain-ID label associated with the instruction (Kerschbaumer teaches identifying the security label as being encoded as one-hot-bit, and performing a bitwise OR operation if it is determined that the reserved bit indicates that the first mode is selected, and identifying the security label as being a reference into a label manager data-structure that stores actual label information and performing memory read operations if it is determined that the reserved bit indicates that the second mode is selected and dentifying the values as being associated with more than one domain may be computed using a logical OR operation. Before any request is sent over the network, various aspects may check whether the information is allowed to be sent to that domain or if a security violation occurred. Labels of that value may be compared, and the results of that comparison may be used to decide whether the send request is to be allowed as Kerschbaumer teaches in par.47). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling to include Domain-ID labels as taught and suggested by Kerschbaumer for the purpose of creating detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code (Kerschbaumer, abstract).
For claim 20. Boling, as modified by Redlich and Kerschbaumer, further teaches wherein tagging the image of the computer code includes adding metadata tags that indicate logical privilege domains or compartments for computer code components of the computer code (Boiling teaches that the dynamic loader may initialize tags in the metadata memory 125 by triggering one or more rules of a loader policy, such as the illustrative loader policy and the user application binary image and/or the user application metadata initialization specification may be electronically signed, and may be distributed with a public key corresponding to a private key used for signing. The private key itself may not be distributed as Boiling teaches in par.207-208).
Claim(s) 5-6 and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boling et al (2021/0042100) in views of Redlich et al (2010/0010968) and Kerschbaumer et al (2013/0117845), as applied to claims above, and further in view of Redlich et al (2009/0178144).
For claims 5 and 14, Boiling, as modified by Redlich and Kerschbaumer, teaches all the limitations as previously set forth except for wherein generating the rule prefetching policy includes monitoring execution of the at least one application and generating probabilities of subsequent rules being required after a first rule triggers a cache miss based on the monitored execution and wherein the rule prefetching policy includes a mapping of the first rule and a set of probable subsequent rules, wherein the set of probable subsequent rules is determined using the probabilities and a probability threshold value.
Redlich’s 144 teaches that wherein generating the rule prefetching policy includes monitoring execution of the at least one application and generating probabilities of subsequent rules being required after a first rule triggers a cache miss based on the monitored execution and wherein the rule prefetching policy includes a mapping of the first rule and a set of probable subsequent rules, wherein the set of probable subsequent rules is determined using the probabilities and a probability threshold value (par.15). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling, as modified by Redlich and Kerschbaumer, to include probabilities as taught and suggested by Redlich for the purpose of allowing strong information integrity guarantees and cheater detection can also be implemented using cryptographic techniques such as adding digest to information before storing it (Redlich’144, par.15).
For claims 6 and 15, Boiling, as modified by Redlich and Kerschbaumer, teaches all the limitations as previously set forth except for wherein the set of probable subsequent rules is also determined using a maximum number or a target number of rules for the set of probable subsequent rules.
Redlich’s 144 teaches wherein the set of probable subsequent rules is also determined using a maximum number or a target number of rules for the set of probable subsequent rules (par.15). It would have been obvious to one ordinary skill in the art before effective filling date to modify Boiling, as modified by Redlich and Kerschbaumer, to include probable as taught and suggested by Redlich for the purpose of allowing strong information integrity guarantees and cheater detection can also be implemented using cryptographic techniques such as adding digest to information before storing it (Redlich’144, par.15).
Response to Amendments/Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
The 101 rejections has been overcome based on the applicant’ amendments to the claims 1, 10 and 19.
The applicant’s arguments regarding new amendment limitations in claims 1, 10 and 19, has been considered but is moot, because the examiner applied new art, Kerschbaumer et al (2013/0117845), that covers newly claimed limitation.
Regarding dependent claims arguments, said arguments are moot because the applied references are not considered to have alleged differences, and therefore are considered to properly show that for which they were cited.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYUB A MAYE whose telephone number is (571)270-5037. The examiner can normally be reached Monday-Friday 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYUB A MAYE/Examiner, Art Unit 2436 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436