Patents by Inventor Andrei V. LUTAS
Andrei V. LUTAS has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10949247Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: GrantFiled: October 29, 2019Date of Patent: March 16, 2021Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas, Ionel C. Anichitei
-
Patent number: 10635479Abstract: Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.Type: GrantFiled: December 18, 2017Date of Patent: April 28, 2020Assignee: Bitdefender IPR Management Ltd.Inventor: Andrei V. Lutas
-
Publication number: 20200065131Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: ApplicationFiled: October 29, 2019Publication date: February 27, 2020Inventors: Sandor LUKACS, Andrei V. LUTAS, Ionel C. ANICHITEI
-
Patent number: 10489187Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: GrantFiled: May 4, 2018Date of Patent: November 26, 2019Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas, Ionel C. Anichitei
-
Patent number: 10445498Abstract: Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.Type: GrantFiled: July 25, 2018Date of Patent: October 15, 2019Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas
-
Patent number: 10296470Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.Type: GrantFiled: June 30, 2017Date of Patent: May 21, 2019Assignee: Bitdefender IPR Management Ltd.Inventor: Andrei V. Lutas
-
Publication number: 20180330085Abstract: Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.Type: ApplicationFiled: July 25, 2018Publication date: November 15, 2018Inventors: Sandor LUKACS, Andrei V. LUTAS
-
Publication number: 20180253329Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: ApplicationFiled: May 4, 2018Publication date: September 6, 2018Inventors: Sandor LUKACS, Andrei V. LUTAS, Ionel C. ANICHITEI
-
Patent number: 10049211Abstract: Described systems and methods allow protecting a host computer system from malicious software, such as return-oriented programming (ROP) and jump-oriented programming (JOP) exploits. In some embodiments, a processor of the host system is endowed with two counters storing a count of branch instructions and a count of inter-branch instructions, respectively, occurring within a sequence of instructions. Exemplary counted branch instructions include indirect JMP, indirect CALL, and RET on x86 platforms, while inter-branch instructions consist of instructions executed between two consecutive counted branch instructions. The processor may be further configured to generate a processor event, such as an exception, when a value stored in a counter exceeds a predetermined threshold, and/or when a branch instruction redirects execution to a critical OS function. Such events may be used as triggers for launching a malware analysis to determine whether the host system is subject to a code reuse attack.Type: GrantFiled: July 15, 2015Date of Patent: August 14, 2018Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas, Dan H. Lutas
-
Patent number: 10043005Abstract: Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.Type: GrantFiled: March 31, 2016Date of Patent: August 7, 2018Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas
-
Publication number: 20180173555Abstract: Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.Type: ApplicationFiled: December 18, 2017Publication date: June 21, 2018Inventor: Andrei V. LUTAS
-
Patent number: 9965313Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: GrantFiled: February 17, 2016Date of Patent: May 8, 2018Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas, Ionel C. Anichitei
-
Patent number: 9852295Abstract: Described systems and methods enable an efficient analysis of security-relevant events, especially in hardware virtualization platforms. In some embodiments, a notification handler detects the occurrence of an event within a virtual machine, and communicates the respective event to security software. The security software then attempts to match the respective event to a collection of behavioral and exception signatures. An exception comprises a set of conditions which, when satisfied by an <event, entity> tuple, indicates that the respective entity is not malicious. In some embodiments, a part of exception matching is performed synchronously (i.e., while execution of the entity that triggered the respective event is suspended), while another part of exception matching is performed asynchronously (i.e., after the triggering entity is allowed to resume execution).Type: GrantFiled: July 13, 2016Date of Patent: December 26, 2017Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Cristian B. Sirb, Andrei V. Lutas
-
Publication number: 20170308484Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.Type: ApplicationFiled: June 30, 2017Publication date: October 26, 2017Inventor: Andrei V. LUTAS
-
Publication number: 20170286673Abstract: Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventors: Sandor LUKACS, Andrei V. LUTAS
-
Patent number: 9703726Abstract: Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.Type: GrantFiled: June 24, 2014Date of Patent: July 11, 2017Assignee: Bitdefender IPR Management Ltd.Inventor: Andrei V. Lutas
-
Publication number: 20170192810Abstract: Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.Type: ApplicationFiled: February 17, 2016Publication date: July 6, 2017Inventors: Sandor LUKACS, Andrei V. LUTAS, Ionel C. ANICHITEI
-
Patent number: 9672354Abstract: Described systems and methods enable a host system to efficiently perform computer security activities, when operating in a hardware virtualization configuration. A processor is configured to generate a VM suspend event (e.g., a VM exit or a virtualization exception) when a guest instruction executing within a guest VM performs a memory access violation. In some embodiments, the processor is further configured to delay generating the VM suspend event until the execution stage of the pipeline for the guest instruction is complete, and to save results of the execution stage to a specific location (e.g. a specific processor register readable by security software) before generating the event.Type: GrantFiled: September 18, 2014Date of Patent: June 6, 2017Assignee: Bitdefender IPR Management Ltd.Inventors: Andrei V. Lutas, Sandor Lukacs
-
Patent number: 9596261Abstract: Described systems and methods enable a computer security module to protect a set of guest virtual machines against computer security threats. In some embodiments, the computer security module receives introspection notifications from the protected VM, each such notification indicating that a particular trigger event (e.g., a system call) has occurred during execution of guest software within the respective VM. In some embodiments, delivering a notification comprises suspending execution of guest software and switching the processor to executing a notification handler forming part of the computer security module. Some embodiments enable a context-specific delivery of notifications, wherein the set of events triggering notifications may vary from one guest process to another.Type: GrantFiled: March 23, 2015Date of Patent: March 14, 2017Assignee: Bitdefender IPR Management Ltd.Inventors: Sandor Lukacs, Andrei V. Lutas
-
Publication number: 20170039371Abstract: Described systems and methods enable an efficient analysis of security-relevant events, especially in hardware virtualization platforms. In some embodiments, a notification handler detects the occurrence of an event within a virtual machine, and communicates the respective event to security software. The security software then attempts to match the respective event to a collection of behavioral and exception signatures. An exception comprises a set of conditions which, when satisfied by an <event, entity> tuple, indicates that the respective entity is not malicious. In some embodiments, a part of exception matching is performed synchronously (i.e., while execution of the entity that triggered the respective event is suspended), while another part of exception matching is performed asynchronously (i.e., after the triggering entity is allowed to resume execution).Type: ApplicationFiled: July 13, 2016Publication date: February 9, 2017Inventors: Sandor LUKACS, Cristian B. SIRB, Andrei V. LUTAS