Patents by Inventor Prasad G. Naldurg
Prasad G. Naldurg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10742401Abstract: One embodiment provides a method, including: receiving, from a data owner, an input string of plaintext data comprising a plurality of characters for storage in a database of a third-party storage provider; arranging the plurality of characters of the input string as a half pyramid, wherein the half pyramid comprises a plurality of rows, each row comprising at least one more character than a preceding row; encrypting, using a secure encryption scheme and based upon a key, each row of the half pyramid independently from each other row of the half pyramid; and storing, in the database of the third-party storage provider, the encrypted rows of the half pyramid. Other aspects are claimed and described.Type: GrantFiled: December 19, 2017Date of Patent: August 11, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Akshar Kaul, Manish Kesarwani, Sameep Mehta, Prasad G. Naldurg, Gagandeep Singh
-
Publication number: 20190190695Abstract: One embodiment provides a method, including: receiving, from a data owner, an input string of plaintext data comprising a plurality of characters for storage in a database of a third-party storage provider; arranging the plurality of characters of the input string as a half pyramid, wherein the half pyramid comprises a plurality of rows, each row comprising at least one more character than a preceding row; encrypting, using a secure encryption scheme and based upon a key, each row of the half pyramid independently from each other row of the half pyramid; and storing, in the database of the third-party storage provider, the encrypted rows of the half pyramid. Other aspects are claimed and described.Type: ApplicationFiled: December 19, 2017Publication date: June 20, 2019Inventors: Akshar Kaul, Manish Kesarwani, Sameep Mehta, Prasad G. Naldurg, Gagandeep Singh
-
Patent number: 9807060Abstract: Methods and arrangements for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure. A hybrid application is recognized in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network. There are provided, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network. A policy service is provided, which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network. Other variants and embodiments are broadly contemplated herein.Type: GrantFiled: March 13, 2015Date of Patent: October 31, 2017Assignee: International Business Machines CorporationInventors: Palanivel A. Kodeswaran, Prasad G. Naldurg, Venkatraman Ramakrishna, Arvind Seshadri, Michael Steiner
-
Publication number: 20160267286Abstract: Methods and arrangements for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure. A hybrid application is recognized in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network. There are provided, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network. A policy service is provided, which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network. Other variants and embodiments are broadly contemplated herein.Type: ApplicationFiled: March 13, 2015Publication date: September 15, 2016Inventors: Palanivel A. Kodeswaran, Prasad G. Naldurg, Venkatraman Ramakrishna, Arvind Seshadri, Michael Steiner
-
Patent number: 9307451Abstract: Methods and arrangements for according access of a mobile device to an enterprise network. the presence of a mobile device relative to an enterprise network is detected, the enterprise network including a plurality of defined zones, wherein each zone is associated with a security level and with one or more resources. An agent of the mobile device is negotiated with to accord access to at least one of the defined zones. The negotiating includes: assessing at least one security constraint relative to the mobile device; and thereupon designating at least one zone to be accessible to the mobile device. Other variants and embodiments are broadly contemplated herein.Type: GrantFiled: December 2, 2014Date of Patent: April 5, 2016Assignee: International Business Machines CorporationInventors: Palanivel Kodeswaran, Sougata Mukherjea, Prasad G. Naldurg, Venkatraman Ramakrishna, Arvind Seshadri
-
Patent number: 9213843Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: April 15, 2014Date of Patent: December 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20150143525Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: ApplicationFiled: April 15, 2014Publication date: May 21, 2015Inventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Patent number: 8701200Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: September 11, 2012Date of Patent: April 15, 2014Assignee: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20130067583Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: ApplicationFiled: September 11, 2012Publication date: March 14, 2013Applicant: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Patent number: 8359652Abstract: An access control anomaly detection system and method to detect potential anomalies in access control permissions and report those potential anomalies in real time to an administrator for possible action. Embodiments of the system and method input access control lists and semantic groups (or any dataset having binary matrices) to perform automated anomaly detection. This input is processed in three broad phases. First, policy statements are extracted from the access control lists. Next, object-level anomaly detection is performed using thresholds by categorizing outliers in the policies discovered in the first phase as potential anomalies. This object-level anomaly detection can yield object-level security anomalies and object-level accessibility anomalies. Group-level anomaly detection is performed in the third phase by using semantic groups and user sets extracted in first phase to find maximal overlaps using group mapping.Type: GrantFiled: October 31, 2009Date of Patent: January 22, 2013Assignee: Microsoft CorporationInventors: Ranjita Bhagwan, Tathagata Das, Prasad G. Naldurg
-
Patent number: 8266702Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: October 31, 2006Date of Patent: September 11, 2012Assignee: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20110107418Abstract: An access control anomaly detection system and method to detect potential anomalies in access control permissions and report those potential anomalies in real time to an administrator for possible action. Embodiments of the system and method input access control lists and semantic groups (or any dataset having binary matrices) to perform automated anomaly detection. This input is processed in three broad phases. First, policy statements are extracted from the access control lists. Next, object-level anomaly detection is performed using thresholds by categorizing outliers in the policies discovered in the first phase as potential anomalies. This object-level anomaly detection can yield object-level security anomalies and object-level accessibility anomalies. Group-level anomaly detection is performed in the third phase by using semantic groups and user sets extracted in first phase to find maximal overlaps using group mapping.Type: ApplicationFiled: October 31, 2009Publication date: May 5, 2011Applicant: Microsoft CorporationInventors: Ranjita Bhagwan, Tathagata Das, Prasad G. Naldurg
-
Publication number: 20100299305Abstract: Techniques described herein help determine dependencies and associations between CPEs in a computing system. These techniques track previous check-ins over a period of time in order to learn the dependencies and associations between CPEs. The previous check-ins are performed by a plurality of different computer programmers. In some embodiments, in response to receiving an indication that a CPE has either already been modified or is about to be modified by a computer programmer, the techniques provide the computer programmer with a recommendation indicating CPEs that are associated with the CPE being modified. This recommendation is based on the dependencies and associations determined from the previous check-ins performed by the plurality of different computer programmers.Type: ApplicationFiled: May 22, 2009Publication date: November 25, 2010Applicant: Microsoft CorporationInventors: Srivatsan Laxman, Prasad G. Naldurg, Nachiappan Nagappan, Jacek A. Czerwonka
-
Publication number: 20080235802Abstract: Implementation of software tamper resistance via integrity checks is described. In one implementation, a tamper resistance tool receives an input program code and generates a tamper-resistant program code using integrity checks. The integrity checks are generated by processing the input program code, and the integrity checks are inserted in various locations in the input program code. Values of the integrity checks are computed during program execution to determine whether a section of the program has been tampered with. Values of the integrity checks may be stored and accessed at any point during execution of the program.Type: ApplicationFiled: March 21, 2007Publication date: September 25, 2008Applicant: Microsoft CorporationInventors: Ramarathnam Venkatesan, Mariusz H. Jakubowski, Prasad G. Naldurg
-
Publication number: 20080104665Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: ApplicationFiled: October 31, 2006Publication date: May 1, 2008Applicant: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert