Patents by Inventor Mariusz H. Jakubowski
Mariusz H. Jakubowski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11568052Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.Type: GrantFiled: May 31, 2020Date of Patent: January 31, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz H. Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
-
Patent number: 11416608Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.Type: GrantFiled: May 29, 2020Date of Patent: August 16, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Sadegh Momeni Milajerdi, Mariusz H. Jakubowski, Jugal Parikh
-
Publication number: 20210374241Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.Type: ApplicationFiled: May 31, 2020Publication date: December 2, 2021Inventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz H. Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
-
Publication number: 20210374237Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.Type: ApplicationFiled: May 29, 2020Publication date: December 2, 2021Inventors: Sadegh Momeni Milajerdi, Mariusz H. Jakubowski, Jugal Parikh
-
Patent number: 10791128Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.Type: GrantFiled: September 28, 2017Date of Patent: September 29, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, Jr.
-
Patent number: 10735457Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.Type: GrantFiled: October 3, 2017Date of Patent: August 4, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Mohamed Rouatbi, Julian Federico Gonzalez, Jr., Marcus Peinado, Mariusz H. Jakubowski, Svetlana Gaivoronski
-
Publication number: 20190104147Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.Type: ApplicationFiled: October 3, 2017Publication date: April 4, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Mohamed Rouatbi, Julian Federico Gonzalez, JR., Marcus Peinado, Mariusz H. Jakubowski, Svetlana Gaivoronski
-
Publication number: 20190098024Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.Type: ApplicationFiled: September 28, 2017Publication date: March 28, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, JR.
-
Patent number: 9916439Abstract: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.Type: GrantFiled: March 22, 2012Date of Patent: March 13, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Mariusz H. Jakubowski, Marcus Peinado
-
Patent number: 9774620Abstract: Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks.Type: GrantFiled: June 18, 2013Date of Patent: September 26, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Weidong Ciu, Adam Loe Doupe, Mariusz H. Jakubowski, Marcus Peinado
-
Patent number: 9459893Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.Type: GrantFiled: November 11, 2013Date of Patent: October 4, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan
-
Patent number: 9208319Abstract: The subject disclosure is directed towards partitioning a code base of a program into a trusted portion and an untrusted portion. After identifying sensitive data within the code base using annotation information, one or more program elements that correspond to the sensitive data are automatically transformed into secure program elements that can be retained in the untrusted portion of the code base. Cryptographic techniques are used to minimize a potential size of the trusted portion of the code base. Source files for the trusted portion and the untrusted portion are generated.Type: GrantFiled: December 15, 2011Date of Patent: December 8, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Athanasios Avgerinos, Mariusz H. Jakubowski, Marcus Peinado
-
Patent number: 9123106Abstract: Information is displayed on a device by writing data to a buffer in memory, the content of the buffer describing a screen display of the device at a particular point in time. A watermarked version of the buffer content is generated by watermarking the content of the buffer with data, such as data identifying a user of the device and/or a copy of a program (e.g., an operating system) running on the device. The watermarked version of the buffer content is then made available, such as in response to a screen capture request. The data embedded in the watermarked version of the content is undetectable (or nearly undetectable) to the human eye, but can nonetheless be extracted by other computing devices or data extraction systems.Type: GrantFiled: December 13, 2012Date of Patent: September 1, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Jeffrey M. Homme, Mariusz H. Jakubowski, Mohamed Sadek
-
Patent number: 9117094Abstract: Programs running on an open architecture, such as a personal computer, are vulnerable to inspection and modification. This is a concern as the program may include or provide access to valuable information. As a defense, the actual location of data can be hidden throughout execution of the program by way of periodic location reordering and pointer scrambling, among other things. These techniques serve to complicate static data flow analysis and dynamic data tracking thereby at least deterring program tampering.Type: GrantFiled: October 29, 2008Date of Patent: August 25, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Bertrand Raphaƫl Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan, Chit Wei Saw
-
Publication number: 20140373087Abstract: Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks.Type: ApplicationFiled: June 18, 2013Publication date: December 18, 2014Inventors: Weidong Ciu, Adam Loe Doupe, Mariusz H. Jakubowski, Marcus Peinado
-
Publication number: 20140169616Abstract: Information is displayed on a device by writing data to a buffer in memory, the content of the buffer describing a screen display of the device at a particular point in time. A watermarked version of the buffer content is generated by watermarking the content of the buffer with data, such as data identifying a user of the device and/or a copy of a program (e.g., an operating system) running on the device. The watermarked version of the buffer content is then made available, such as in response to a screen capture request. The data embedded in the watermarked version of the content is undetectable (or nearly undetectable) to the human eye, but can nonetheless be extracted by other computing devices or data extraction systems.Type: ApplicationFiled: December 13, 2012Publication date: June 19, 2014Applicant: Microsoft CorporationInventors: Jeffrey M. Homme, Mariusz H. Jakubowski, Mohamed Sadek
-
Publication number: 20140068580Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.Type: ApplicationFiled: November 11, 2013Publication date: March 6, 2014Applicant: Microsoft CorporationInventors: Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan
-
Patent number: 8656182Abstract: A security technique to reduce the risk of unauthorized release of a software object. The technique allows identification of an individual responsible for the unauthorized release by marking each object with information, which acts as a fingerprint from which a person manipulating the object in a development environment can be identified. The development environment may be configured to quickly and automatically mark the object whenever a manipulation that may precede an unauthorized release occurs. To prevent circumventing the security technique, the object may be configured to enforce a requirement for a valid fingerprint such that the object is disabled if the fingerprint is removed or altered. Despite the marking, personally identifiable information is not revealed because the fingerprint is generated through a one-way cryptographic function performed on identifying information.Type: GrantFiled: September 12, 2011Date of Patent: February 18, 2014Assignee: Microsoft CorporationInventors: Jeffrey M. Homme, Mariusz H. Jakubowski, Jeremy S. Russell, Scott A. Kupec, Dragos C. Sambotin
-
Patent number: 8584109Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.Type: GrantFiled: October 27, 2006Date of Patent: November 12, 2013Assignee: Microsoft CorporationInventors: Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan
-
Publication number: 20130254829Abstract: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.Type: ApplicationFiled: March 22, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Mariusz H. Jakubowski, Marcus Peinado