Patents by Inventor Phillip Porras
Phillip Porras has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240089824Abstract: A satellite orbiting the Earth may perform orbit-aware routing by receiving a data packet, determining whether a final destination plane of the data packet is different from an orbital plane of the satellite, in response to determining that the final destination plane of the data packet is different from the orbital plane of the satellite, determining whether the satellite is able to communicate with one or more cross-plane neighboring satellites, selecting a neighboring satellite to receive the data packet based at least in part on whether the satellite is able to communicate with one or more cross-plane neighboring satellites, and forwarding the data packet to the neighboring satellite.Type: ApplicationFiled: March 26, 2021Publication date: March 14, 2024Inventors: Patrick Denis Lincoln, Steven M. Dawson, Phillip A Porras, Keith M. Skinner, Martin W. Fong
-
Publication number: 20230289460Abstract: Systems and methods for providing sensitive dataflow tracking for containerized applications is provided herein. In some embodiments, a taint tracking system for providing sensitive dataflow tracking may include an audit reporter configured to create a provenance graph; a taint tracking kernel configured to (1) create a screened provenance graph that includes data deemed sensitive, and (2) create one or more final taints set of sensitive data to be tracked at a container level that includes vertices and edges that are descended from a particular sensitive source using one or more dependency checkers; and a taint storage configured to store the taint sets of sensitive data to be tracked at the container level.Type: ApplicationFiled: April 30, 2021Publication date: September 14, 2023Inventors: Ashish Gehani, Phillip A. Porras, Vinod Yegneswaran, Hassaan Irshad
-
Publication number: 20230179628Abstract: A method of determining an adversarial attack playbook includes receiving, from an adversarial actor, an electronic communication intended for a target user. The method includes engaging in a deep dialog with the adversarial actor by deploying a synthetic persona dynamically during the electronic communication. The deep dialog includes multiple rounds of communication exchanges. The method includes determining a length and type of the deep dialog to obtain attributes related to the adversarial actor. The method includes identifying a conversational pattern from the deep dialog. The conversational pattern comprises dialog interaction elements utilized by the adversarial actor. The method includes dynamically producing, based on the conversational pattern, the playbook associated with the adversarial actor. The playbook is indicative of a dialog interaction strategy implemented by the adversarial actor.Type: ApplicationFiled: November 29, 2022Publication date: June 8, 2023Inventors: Phillip Porras, Kenneth Nitz, Keith Skinner, Dayne Freitag
-
Patent number: 11586521Abstract: A method, apparatus and system for providing process-level forensics for a plurality of application containers includes for each of the plurality of application containers; monitoring forensics information of the application container, encoding the monitored forensics information using an encoder of a predetermined encoder/decoder pair to determine a forensics model, decoding the forensics model to determine a reconstructed representation of the forensics information, comparing the reconstructed representation of the forensics information to the monitored forensics information to determine an error and comparing the error to a threshold to determine if an error above the threshold exists. If the error is below the threshold, the forensics model is communicated to a higher-level manager to be used for higher-level management. If the error is above the threshold, the monitored forensics information of the application container is also communicated to the higher-level manager.Type: GrantFiled: December 28, 2020Date of Patent: February 21, 2023Assignee: SRI InternationalInventors: Phillip A. Porras, Prakhar Sharma
-
Patent number: 11314614Abstract: A method, apparatus and system for providing security for a container network having a plurality of containers includes establishing a network stack for each of the plurality of containers of the container network, determining network and policy information from active containers, based on a set of pre-determined inter-container dependencies for the plurality of containers learned from the determined network and policy information, configuring container access in the container network to be limited to only containers of the plurality of containers that are relevant to a respective communication, and configuring inter-container traffic in the container network to be directed only from a source container into a destination container in a point-to-point manner such that exposure of the inter-container traffic to peer containers is prevented.Type: GrantFiled: December 17, 2020Date of Patent: April 26, 2022Assignee: SRI InternationalInventors: Phillip A. Porras, Vinod Yegneswaran, Jaehyun Nam, Seungwon Shin
-
Patent number: 11206276Abstract: A correlator that includes a number of modules cooperating with each other. A transaction correlation module correlates network flow information for one or more network packet flows corresponding to one or more host-agent network-transaction records on whom participated in a network packet flow. The host-agent network-transaction records at least contain source information. A host input module to take in the host-agent network-transaction records from each host agent on its host computing device connecting to the correlator. A merged record creator creates a merged record for corresponding matches of one or more of the host-agent network-transaction records to one or more of the network packet flows. The merged record gives the network policy enforcement module a complete picture of both the network traffic flow information along with the source information that participated in the network packet flows in order to apply network polices against the network packet flows.Type: GrantFiled: June 3, 2019Date of Patent: December 21, 2021Assignee: SRI InternationalInventors: Kenneth C. Nitz, Phillip Porras, Steven Cheung
-
Publication number: 20210211408Abstract: A method, apparatus and system for providing security for a container network having a plurality of containers includes establishing a network stack for each of the plurality of containers of the container network, determining network and policy information from active containers, based on a set of pre-determined inter-container dependencies for the plurality of containers learned from the determined network and policy information, configuring container access in the container network to be limited to only containers of the plurality of containers that are relevant to a respective communication, and configuring inter-container traffic in the container network to be directed only from a source container into a destination container in a point-to-point manner such that exposure of the inter-container traffic to peer containers is prevented.Type: ApplicationFiled: December 17, 2020Publication date: July 8, 2021Inventors: Phillip A. Porras, Vinod Yegneswaran, Jaehyun Nam, Seungwon Shin
-
Publication number: 20210208991Abstract: A method, apparatus and system for providing process-level forensics for a plurality of application containers includes for each of the plurality of application containers; monitoring forensics information of the application container, encoding the monitored forensics information using an encoder of a predetermined encoder/decoder pair to determine a forensics model, decoding the forensics model to determine a reconstructed representation of the forensics information, comparing the reconstructed representation of the forensics information to the monitored forensics information to determine an error and comparing the error to a threshold to determine if an error above the threshold exists. If the error is below the threshold, the forensics model is communicated to a higher-level manager to be used for higher-level management. If the error is above the threshold, the monitored forensics information of the application container is also communicated to the higher-level manager.Type: ApplicationFiled: December 28, 2020Publication date: July 8, 2021Inventors: Phillip A. Porras, Prakhar Sharma
-
Publication number: 20200228553Abstract: A correlator that includes a number of modules cooperating with each other. A transaction correlation module correlates network flow information for one or more network packet flows corresponding to one or more host-agent network-transaction records on whom participated in a network packet flow. The host-agent network-transaction records at least contain source information. A host input module to take in the host-agent network-transaction records from each host agent on its host computing device connecting to the correlator. A merged record creator creates a merged record for corresponding matches of one or more of the host-agent network-transaction records to one or more of the network packet flows. The merged record gives the network policy enforcement module a complete picture of both the network traffic flow information along with the source information that participated in the network packet flows in order to apply network polices against the network packet flows.Type: ApplicationFiled: June 3, 2019Publication date: July 16, 2020Inventors: Kenneth C. Nitz, Phillip Porras, Steven Cheung
-
Publication number: 20190281088Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches.Type: ApplicationFiled: May 20, 2019Publication date: September 12, 2019Inventors: Phillip A. Porras, Martin W. Fong, Vinod Yegneswaran
-
Patent number: 10333988Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches.Type: GrantFiled: June 13, 2017Date of Patent: June 25, 2019Assignee: SRI InternationalInventors: Phillip A. Porras, Martin W. Fong, Vinod Yegneswaran
-
Patent number: 10291653Abstract: Network security management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network security management technology interprets human user interactions, such as gestures, as network directives, and updates the interactive visualization in response to the network directives.Type: GrantFiled: June 8, 2015Date of Patent: May 14, 2019Assignee: SRI InternationalInventors: Rukman Senanayake, Phillip A. Porras, Patrick D. Lincoln
-
Publication number: 20190132214Abstract: Network management technology as disclosed herein performs an impact analysis of actual or hypothetical network commands, and presents the impact analysis results to facilitate the user's understanding of the predicted consequences of the actual or hypothetical commands on network operations, management, or security.Type: ApplicationFiled: December 27, 2018Publication date: May 2, 2019Inventors: Phillip A. Porras, Jeffrey Klaben, Patrick D. Lincoln, Martin W. Fong, Nicholas Chapin
-
Patent number: 10270803Abstract: In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.Type: GrantFiled: January 21, 2015Date of Patent: April 23, 2019Assignee: SRI InternationalInventors: Guofei Gu, Phillip A. Porras, Martin W. Fong
-
Patent number: 10250641Abstract: Network management technology as disclosed herein conducts conversational natural language dialog with a user to facilitate the user's analysis of network activity and the implementation of network security measures and other actions in furtherance of network operations, management, or security.Type: GrantFiled: July 23, 2015Date of Patent: April 2, 2019Assignee: SRI InternationalInventors: Phillip A. Porras, Jeffrey Klaben, Patrick D. Lincoln, Nicholas Chapin
-
Patent number: 10205637Abstract: Network management technology as disclosed herein performs an impact analysis of actual or hypothetical network commands, and presents the impact analysis results to facilitate the user's understanding of the predicted consequences of the actual or hypothetical commands on network operations, management, or security.Type: GrantFiled: August 12, 2015Date of Patent: February 12, 2019Assignee: SRI InternationalInventors: Phillip A. Porras, Jeffrey Klaben, Patrick D. Lincoln, Martin W. Fong, Nicholas Chapin
-
Publication number: 20190020689Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. An event auditor passively monitors network traffic and provides network activity data indicative of network flows to a network privilege manager. The network privilege manager determines a current network context based on the network activity data. In response to the current network context, the network privilege manager selects a security policy and generates one or more flow policy directives in accordance with the selected policy.Type: ApplicationFiled: September 7, 2018Publication date: January 17, 2019Inventors: Phillip A. Porras, Kenneth C. Nitz
-
Patent number: 10116696Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. An event auditor passively monitors network traffic and provides network activity data indicative of network flows to a network privilege manager. The network privilege manager determines a current network context based on the network activity data. In response to the current network context, the network privilege manager selects a security policy and generates one or more flow policy directives in accordance with the selected policy.Type: GrantFiled: July 2, 2014Date of Patent: October 30, 2018Assignee: SRI InternationalInventors: Phillip A. Porras, Kenneth C. Nitz
-
Patent number: 10050868Abstract: Network management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network management technology interprets human user interactions, such as gestures, conversational natural language dialog, and combinations of gestures and natural language dialog, as network directives. The technology can implement the network directives to, for example, facilitate analysis of network activity or to respond to network security events.Type: GrantFiled: July 23, 2015Date of Patent: August 14, 2018Assignee: SRI InternationalInventors: Phillip A. Porras, Jeffrey Klaben, Patrick D. Lincoln, Nicholas Chapin
-
Patent number: 9917860Abstract: Network security management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network security management technology interprets human user interactions, such as gestures, as network directives. The network directives may be implemented by the network in response to security events.Type: GrantFiled: June 8, 2015Date of Patent: March 13, 2018Assignee: SRI INTERNATIONALInventors: Rukman Senanayake, Phillip A. Porras, Patrick D. Lincoln