Patents by Inventor Baibhav Singh
Baibhav Singh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230418937Abstract: In one embodiment, a method includes accessing a request from a lower privileged process executing on a computing device to access a privileged firmware mode of the computing device and accessing a set of access policies for detecting whether the request is an unauthorized access to the privileged firmware mode. The method further includes determining, based on at least part of a content of the request and on the set of access policies, whether the request to access a privileged firmware mode is authorized; and denying or permitting, based on the determination, access by the lower privileged process to the privileged firmware mode.Type: ApplicationFiled: October 18, 2022Publication date: December 28, 2023Inventors: Baibhav Singh, Stephen Elliot McLaughlin, Hayawardh Vijayakumar
-
Patent number: 11848948Abstract: Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer system may map the network alert information to threat information that specifies indicator(s) of compromise associated with the signature(s) and perform a correlation analysis based on the event information, network alert information and threat information. Based on the correlation analysis, it is determined whether there is a potential security threat associated with the virtualized computing instance.Type: GrantFiled: December 18, 2020Date of Patent: December 19, 2023Assignee: VMWARE, INC.Inventors: Baibhav Singh, Jayant Jain
-
Patent number: 11539722Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.Type: GrantFiled: July 14, 2020Date of Patent: December 27, 2022Assignee: VMWARE, INC.Inventors: Baibhav Singh, Jayant Jain
-
Patent number: 11463300Abstract: The disclosure provides an approach for remediating false positives for a network security monitoring component. Embodiments include receiving an alert related to network security for a virtual computing instance (VCI). Embodiments include collecting, in response to receiving the alert, context information from the VCI. Embodiments include providing a notification to a management plane based on the alert and the context information. Embodiments include receiving, from the management plane, in response to the notification, an indication of whether the alert is a false positive. Embodiments include training a model based on the alert, the context information, and the indication to determine whether a given alert is a false positive.Type: GrantFiled: July 13, 2020Date of Patent: October 4, 2022Assignee: VMWARE, INC.Inventors: Nafisa Mandliwala, Sirisha Myneni, Robin Manhas, Baibhav Singh
-
Publication number: 20220201022Abstract: Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer system may map the network alert information to threat information that specifies indicator(s) of compromise associated with the signature(s) and perform a correlation analysis based on the event information, network alert information and threat information. Based on the correlation analysis, it is determined whether there is a potential security threat associated with the virtualized computing instance.Type: ApplicationFiled: December 18, 2020Publication date: June 23, 2022Applicant: VMware, Inc.Inventors: Baibhav SINGH, Jayant JAIN
-
Publication number: 20220021686Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.Type: ApplicationFiled: July 14, 2020Publication date: January 20, 2022Applicant: VMware, Inc.Inventors: Baibhav SINGH, Jayant JAIN
-
Publication number: 20220014425Abstract: The disclosure provides an approach for remediating false positives for a network security monitoring component. Embodiments include receiving an alert related to network security for a virtual computing instance (VCI). Embodiments include collecting, in response to receiving the alert, context information from the VCI. Embodiments include providing a notification to a management plane based on the alert and the context information. Embodiments include receiving, from the management plane, in response to the notification, an indication of whether the alert is a false positive. Embodiments include training a model based on the alert, the context information, and the indication to determine whether a given alert is a false positive.Type: ApplicationFiled: July 13, 2020Publication date: January 13, 2022Inventors: Nafisa MANDLIWALA, Sirisha MYNENI, Robin MANHAS, Baibhav SINGH
-
Patent number: 10607007Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: GrantFiled: November 21, 2016Date of Patent: March 31, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 10115071Abstract: Examples of distributed workload management are disclosed. In one example implementation according to aspects of the present disclosure, a partial data table is received from a main data table. A data view is generated in real time in response to a received data view request. The data view is based at least in part on a plurality of data view configuration properties and the partial data stored in the received partial data table. The partial data table stores data that represents at least a partial copy of main data stored in a main data table. The partial data table and the main data table are then synchronized.Type: GrantFiled: January 7, 2016Date of Patent: October 30, 2018Assignee: Manhattan Associates, Inc.Inventors: Kayla Elizabeth Amaral, Anup K. G, Shashikala Maracharahalli Bhadraiah, Abhishek Jain, Suhas Prahlada Rao, Ranjith Krishnan Nadar, Vikas Aron, Baibhav Singh
-
Patent number: 9922192Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: July 24, 2015Date of Patent: March 20, 2018Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Publication number: 20170076092Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: ApplicationFiled: November 21, 2016Publication date: March 16, 2017Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 9501310Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 28, 2015Date of Patent: November 22, 2016Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Publication number: 20160132351Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: ApplicationFiled: December 28, 2015Publication date: May 12, 2016Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9223962Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 7, 2012Date of Patent: December 29, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9092625Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: December 7, 2012Date of Patent: July 28, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 8561198Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting malicious system calls. In one aspect, a method includes monitoring a function vulnerable to a buffer overflow attack; receiving a call to the function, the call associated with a call stack, the call stack including one or more base pointers, and a destination buffer associated with the function; identifying a first critical memory address vulnerable to the buffer overflow attack comprising: determining the first critical memory address based on a base pointer of the one or more base pointers, wherein the base pointer address is greater than an address of the destination buffer; identifying a first address based on the base pointer of the one or more base pointers; and determining that the first address is a critical memory address in response to the first memory address is greater than the address of the destination buffer.Type: GrantFiled: May 7, 2010Date of Patent: October 15, 2013Assignee: McAfee, Inc.Inventors: Baibhav Singh, Rahul Kashyap
-
Publication number: 20110277035Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting malicious system calls. In one aspect, a method includes monitoring a function vulnerable to a buffer overflow attack; receiving a call to the function, the call associated with a call stack, the call stack including one or more base pointers, and a destination buffer associated with the function; identifying a first critical memory address vulnerable to the buffer overflow attack comprising: determining the first critical memory address based on a base pointer of the one or more base pointers, wherein the base pointer address is greater than an address of the destination buffer; identifying a first address based on the base pointer of the one or more base pointers; and determining that the first address is a critical memory address in response to the first memory address is greater than the address of the destination buffer.Type: ApplicationFiled: May 7, 2010Publication date: November 10, 2011Applicant: McAfee, Inc.Inventors: Baibhav Singh, Rahul Kashyap
-
Publication number: 20100250906Abstract: In an embodiment of a method of making a conditional jump in a computer running a program, an input is provided, conditional on which a substantive conditional branch is to be made. An obfuscatory unpredictable datum is provided. Code is executed that causes an obfuscatory branch conditional on the unpredictable datum. At a point in the computer program determined by the obfuscatory conditional branch, a substantive branch is made that is conditional on the input.Type: ApplicationFiled: March 10, 2010Publication date: September 30, 2010Applicant: SafeNet, Inc.Inventors: Baibhav Singh, Nandita Saxena, Vanagala Sada Siva Ravinadh, Ravindra Singh Chauhan