Patents by Inventor Dmitri Rubakha
Dmitri Rubakha has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11971994Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: GrantFiled: December 30, 2022Date of Patent: April 30, 2024Assignee: Musarubra US LLCInventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Publication number: 20240064018Abstract: Aspects of the disclosure are directed to point-to-point generation and rotation of security tokens to provide anti-spoof protection in a virtual network stack. Existing public key infrastructure can be leveraged to establish secure connections for control plane purposes. The hosts can run local daemons on machines and can establish secure connections to a control plane as well as to other hosts.Type: ApplicationFiled: August 16, 2022Publication date: February 22, 2024Inventors: Dmitri Rubakha, Alejandro Cornejo
-
Patent number: 11848965Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.Type: GrantFiled: April 27, 2021Date of Patent: December 19, 2023Assignee: MCAFEE, LLCInventors: Dmitri Rubakha, Venkata Ramanan Sambandam, Jonathan King, Igor Polevoy, Andrew V. Holtzmann
-
Publication number: 20230138207Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: ApplicationFiled: December 30, 2022Publication date: May 4, 2023Inventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 11556652Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: GrantFiled: September 20, 2021Date of Patent: January 17, 2023Assignee: Musarubra US LLCInventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 11363058Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.Type: GrantFiled: March 23, 2020Date of Patent: June 14, 2022Assignee: MCAFEE, LLCInventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
-
Publication number: 20220075874Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: ApplicationFiled: September 20, 2021Publication date: March 10, 2022Inventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 11126727Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: GrantFiled: January 24, 2020Date of Patent: September 21, 2021Assignee: Musarubra US LLCInventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Publication number: 20210250380Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.Type: ApplicationFiled: April 27, 2021Publication date: August 12, 2021Inventors: DMITRI RUBAKHA, VENKATA RAMANAN SAMBANDAM, JONATHAN KING, IGOR POLEVOY, ANDREW V. HOLTZMANN
-
Patent number: 11005890Abstract: Providing secure software defined storage includes identifying data directed to be stored in a software defined storage location, intercepting the data, performing a security operation on the intercepted data, and transmitting the data to the software defined storage.Type: GrantFiled: February 22, 2018Date of Patent: May 11, 2021Assignee: McAfee, LLCInventors: Dmitri Rubakha, Venkata Ramanan Sambandam, Jonathan King, Igor Polevoy, Andrew V. Holtzmann
-
Patent number: 10721273Abstract: There is disclosed a computing apparatus, including: a hardware platform; a service mapping requirements table including a plurality of components and having associated therewith a plurality of service requirements; an isolation platform; and a security policy engine configured to: receive a new appliance image for the isolation platform; scan the new appliance image and build a bill of materials (BoM) for the new container image, the BoM including a plurality of components; search the service mapping requirements table for the plurality of components and identify service requirements for the components; and generate a security policy for the new appliance image.Type: GrantFiled: October 24, 2017Date of Patent: July 21, 2020Assignee: McAfee LLCInventor: Dmitri Rubakha
-
Publication number: 20200228545Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.Type: ApplicationFiled: March 23, 2020Publication date: July 16, 2020Inventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
-
Publication number: 20200159932Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: ApplicationFiled: January 24, 2020Publication date: May 21, 2020Inventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 10623438Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.Type: GrantFiled: December 28, 2016Date of Patent: April 14, 2020Assignee: McAfee, LLCInventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
-
Patent number: 10546131Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.Type: GrantFiled: April 1, 2016Date of Patent: January 28, 2020Assignee: McAfee, LLCInventors: Dmitri Rubakha, Francisco M. Cuenca-Acuna, Hector R. Juarez, Leandro I. Costantino
-
Patent number: 10129227Abstract: Data aggregation includes receiving, from an electronic device, a plurality of sensor data packets, wherein the plurality of sensor data packets are received from at least one sensor of the electronic device, and wherein each of the plurality of sensor data packets comprise a tag identifying a classification of the sensor data in the sensor data packet, applying a user-specific policy to the plurality of sensor data packets, aggregating the plurality of sensor data packets based on the user-specific policy to obtain aggregated sensor data, and transmitting the aggregated sensor data to a service broker.Type: GrantFiled: December 23, 2015Date of Patent: November 13, 2018Assignee: MCAFEE, LLCInventors: Ratinder Ahuja, Dmitri Rubakha, Philip B. Tricca, Samir Shah
-
Publication number: 20180288099Abstract: Providing secure software defined storage includes identifying data directed to be stored in a software defined storage location, intercepting the data, performing a security operation on the intercepted data, and transmitting the data to the software defined storage.Type: ApplicationFiled: February 22, 2018Publication date: October 4, 2018Inventors: DMITRI RUBAKHA, VENKATA RAMANAN SAMBANDAM, JONATHAN KING, IGOR POLEVOY, ANDREW V. HOLTZMANN
-
Publication number: 20180288052Abstract: Techniques related to trusted remote configuration and operation using multiple devices are disclosed. The techniques include a machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a target device to receive, from a connecting device, a capabilities request, measure, in response to the capabilities request, the trusted capabilities of the target device, generate a list of trusted capabilities, transmit, to the connecting device, the list of trusted capabilities, receive, from the connecting device, an access request for a trusted capability, the access request describing a workload for the trusted capability, perform the workload to obtain a result, and transmit, to the connecting device, the obtained result.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: VENKATA RAMANAN SAMBANDAM, CARL D. WOODWARD, DMITRI RUBAKHA
-
Publication number: 20180183814Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.Type: ApplicationFiled: December 28, 2016Publication date: June 28, 2018Inventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
-
Patent number: 9996690Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.Type: GrantFiled: December 27, 2014Date of Patent: June 12, 2018Assignee: McAfee, LLCInventors: Ned M. Smith, Dmitri Rubakha, Samir Shah, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing