Ning Qu

US Patent:

8578483, Nov 5, 2013

Filed:

Jul 31, 2008

Appl. No.:

12/221109

Inventors:

Arvind Seshadri - Pittsburgh PA, US
Ning Qu - Pittsburgh PA, US
Adrian Perrig - Pittsburgh PA, US

Assignee:

Carnegie Mellon University - Pittsburgh PA

International Classification:

G06F 21/00

US Classification:

726 22

Abstract:

Systems and methods are provided for preventing unauthorized modification of an operating system. The system includes an operating system comprised of kernel code for controlling access to operation of a processing unit. The system further includes an enforcement agent executing at a higher privilege than the kernel code such that any changes to the kernel code are approved by the enforcement agent prior to execution.

US Patent:

8627414, Jan 7, 2014

Filed:

Mar 9, 2010

Appl. No.:

12/720008

Inventors:

Jonathan M. McCune - Pittsburgh PA, US
Adrian M. Perrig - Pittsburgh PA, US
Anupam Datta - Pittsburgh PA, US
Virgil Dorin Gligor - Pittsburgh PA, US
Yanlin Li - Pittsburgh PA, US
Bryan Jeffrey Parno - Pittsburgh PA, US
Amit Vasudevan - Pittsburgh PA, US
Ning Qu - San Jose CA, US

Assignee:

Carnegie Mellon University - Pittsburgh PA

International Classification:

G06F 7/04
G06F 12/14
H04L 29/06
H04L 9/32
G06F 15/167
G06F 15/16

US Classification:

726 4, 726 7, 726 23, 726 27, 713165, 713166, 713168, 709212, 709217

Abstract:

A computer including a processor and a verification device. The processor in the computer performs the steps of authenticating a secure connection between a hypervisor and the verification device, measuring the identity of at least a portion of a select guest before the select guest executes any instruction, and sending a measurement of the identity of the select guest to the verification device. The verification device compares the policy stored in the verification device with the measurement of the select guest received by the verification device. The steps of authenticating, measuring, sending, and comparing are performed after receiving a signal indicative of a request to execute the select guest and without rebooting the computer.

US Patent:

20120198514, Aug 2, 2012

Filed:

Jun 29, 2010

Appl. No.:

13/389212

Inventors:

Jonathan M. McCune - Pittsburgh PA, US
Adrian M. Perrig - Pittsburgh PA, US
Anupam Datta - Pittsburgh PA, US
Virgil D. Gligor - Pittsburgh PA, US
Ning Qu - San Jose CA, US

Assignee:

CARNEGIE MELLON UNIVERSITY - Pittsburgh PA

International Classification:

G06F 21/00

US Classification:

726 1

Abstract:

An apparatus and method for establishing a trusted path between a user interface and a trusted executable, wherein the trusted path includes a hypervisor and a driver shim. The method includes measuring an identity of the hypervisor; comparing the measurement of the identity of the hypervisor with a policy for the hypervisor; measuring an identity of the driver shim; comparing the measurement of the identity of the driver shim with a policy for the driver shim; measuring an identity of the user interface; comparing the measurement of the identity of the user interface with a policy for the user interface; and providing a human-perceptible indication of whether the identity of the hypervisor, the identity of the driver shim, and the identity of the user interface correspond with the policy for the hypervisor, the policy for the driver shim, and the policy for the user interface, respectively.

US Patent:

20210331700, Oct 28, 2021

Filed:

Apr 22, 2020

Appl. No.:

16/855283

Inventors:

- Sunnyvale CA, US
Ning QU - Fremont CA, US

International Classification:

B60W 60/00
G06K 9/00

Abstract:

Systems and methods of determining a risk distribution associated with a multiplicity of coverage zones covered by a multiplicity of sensors of an autonomous driving vehicle (ADV) are disclosed. The method includes for each coverage zone covered by at least one sensor of the ADV, obtaining MTBF data of the sensor(s) covering the coverage zone. The method further includes determining a mean time between failure (MTBF) of the coverage zone based on the MTBF data of the sensor(s). The method further includes computing a performance risk associated with the coverage zone based on the determined MTBF of the coverage zone. The method further includes determining a risk distribution based on the computed performance risks associated with the multiplicity of coverage zones.

US Patent:

20210323561, Oct 21, 2021

Filed:

Apr 15, 2020

Appl. No.:

16/849821

Inventors:

- Sunnyvale CA, US
Ning QU - Fremont CA, US

International Classification:

B60W 50/00

Abstract:

Systems and methods of adjusting zone associated risks of a coverage zone covered by one or more sensors of an autonomous driving vehicle (ADV) operating in real-time are disclosed. As an example, the method includes defining a performance limit detection window associated with a first sensor based on a mean time between failure (MTBF) lower limit of the first sensor and a MTBF upper limit of the first sensor. The method further includes determining whether an operating time of the ADV operating in autonomous driving (AD) mode is within the performance limit detection window associated with the first sensor. The method further includes in response to determining that the operating time of the ADV operating in AD mode is within the performance limit detection window of the first sensor, adjusting a zone associated risk of the coverage zone to a performance risk of a second sensor.

US Patent:

20210316755, Oct 14, 2021

Filed:

Apr 9, 2020

Appl. No.:

16/844562

Inventors:

- Sunnyvale CA, US
Ning QU - Fremont CA, US

International Classification:

B60W 60/00
B60W 50/04
B60W 30/09

Abstract:

In one embodiment, method for real-time monitoring of a safety redundancy autonomous driving system operating within a predefined risk tolerable boundary includes calculating a zone failure risk score for each of predetermined zones based on a sensor failure risk score associated with each of sensors mounted on the ADV. The predetermined zones being defined based on a sensor layout of the sensors. A sensor capability coverage of the ADV is determined based on the zone failure risk score associated with each of the predetermined zones. A drivable area of the ADV is determined based on the sensor capability coverage in view of map data associated with a current location of the ADV. A trajectory is planned based on the drivable area to autonomously drive the ADV to navigate a driving environment surrounding the ADV.

US Patent:

20210284108, Sep 16, 2021

Filed:

Mar 11, 2020

Appl. No.:

16/815734

Inventors:

- Sunnyvale CA, US
NING QU - FREMONT CA, US

International Classification:

B60T 7/22
G06K 9/00
B60W 30/18
B60W 60/00
B60W 10/18

Abstract:

In one embodiment, a method for performing an obstacle detection for an ADV includes detecting an obstacle by a primary ADS and a secondary ADS using an obstacle detection algorithm based on sensor data provided by sensors on the ADV. In response to detecting the obstacle, a first controlled stop distance and a second controlled stop distance are calculated by the primary ADS and secondary ADS respectively based on a speed and a deceleration capability of the ADV. The first and second controlled stop distances between the primary ADS and secondary ADS are exchanged to determine a third controlled stop distance which is the maximum of the two. In response to determining that the ADV reaches within the third controlled distance between the ADV and the obstacle, a controlled stop operation is activated by the primary ADS to decelerate the ADV based on the third controlled stop distance.

US Patent:

20210284200, Sep 16, 2021

Filed:

Mar 11, 2020

Appl. No.:

16/815266

Inventors:

- Sunnyvale CA, US
Ning Qu - Fremont CA, US

International Classification:

B60W 60/00
G05D 1/00

Abstract:

In one embodiment, method for determining capability boundary of a safety redundancy of an autonomous driving vehicle (ADV) includes obtaining a sensor layout associated with the ADV representing a system having a plurality of sensors mounted on a plurality of locations of the ADV. A zone failure risk of one or more sensors within the predetermined zones is estimated based on statistical operational data of the one or more sensors for each of the plurality of predetermined zones. An overall failure risk of the sensors is determined based on the zone failure risks of the predetermined zones based on relative locations of the sensors across the predetermined zones. A dynamic risk adjustment is determined based on the overall failure risk of the sensors, the dynamic risk adjustment representing a reliability of a sensor system associated with the ADV for estimating a safety of autonomous driving of the ADV.