Patents by Inventor Rahul C. Kashyap
Rahul C. Kashyap has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10986137Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.Type: GrantFiled: March 2, 2017Date of Patent: April 20, 2021Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
-
Patent number: 10607007Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: GrantFiled: November 21, 2016Date of Patent: March 31, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 10534910Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.Type: GrantFiled: September 21, 2017Date of Patent: January 14, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventor: Rahul C. Kashyap
-
Patent number: 10430591Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.Type: GrantFiled: September 25, 2017Date of Patent: October 1, 2019Assignee: Bromium, Inc.Inventors: Ian Pratt, Rahul C. Kashyap, Adrian Taylor, James M. McKenzie
-
Patent number: 10430614Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.Type: GrantFiled: April 19, 2016Date of Patent: October 1, 2019Assignee: Bromium, Inc.Inventors: Ian Pratt, Rahul C. Kashyap, Gaurav Banga
-
Patent number: 9922192Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: July 24, 2015Date of Patent: March 20, 2018Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9769199Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and all versions, including temporary versions, of any files written to, updated by, or accessed by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.Type: GrantFiled: November 30, 2015Date of Patent: September 19, 2017Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Arun Passi
-
Publication number: 20170180427Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.Type: ApplicationFiled: March 2, 2017Publication date: June 22, 2017Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
-
Publication number: 20170076092Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: ApplicationFiled: November 21, 2016Publication date: March 16, 2017Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 9501310Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 28, 2015Date of Patent: November 22, 2016Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9432400Abstract: A method and system for protecting against unknown malicious activities by detecting a heap spray attack on a electronic device are disclosed. A script is received at an electronic device from a remote device via a network and a loop operation is detected in the script that contains a write operation operable to write data to a memory of the electronic device. The amount of the data operable to be written to the memory by the write operation is determined and the data is prevented from being written to the memory if the amount of the data is greater than or equal to a threshold.Type: GrantFiled: April 3, 2015Date of Patent: August 30, 2016Assignee: McAfee, Inc.Inventors: J. McEnroe Samuel Navaraj, Rahul C. Kashyap
-
Publication number: 20160232380Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.Type: ApplicationFiled: April 19, 2016Publication date: August 11, 2016Inventors: Ian Pratt, Rahul C. Kashyap, Gaurav Banga
-
Publication number: 20160132351Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: ApplicationFiled: December 28, 2015Publication date: May 12, 2016Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Publication number: 20160099951Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and all versions, including temporary versions, of any files written to, updated by, or accessed by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.Type: ApplicationFiled: November 30, 2015Publication date: April 7, 2016Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Arun Passi
-
Patent number: 9223962Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 7, 2012Date of Patent: December 29, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9203862Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and data identifying or comprising a set of files infected by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.Type: GrantFiled: July 1, 2013Date of Patent: December 1, 2015Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Arun Passi
-
Publication number: 20150215336Abstract: A method and system for protecting against unknown malicious activities by detecting a heap spray attack on a electronic device are disclosed. A script is received at an electronic device from a remote device via a network and a loop operation is detected in the script that contains a write operation operable to write data to a memory of the electronic device. The amount of the data operable to be written to the memory by the write operation is determined and the data is prevented from being written to the memory if the amount of the data is greater than or equal to a threshold.Type: ApplicationFiled: April 3, 2015Publication date: July 30, 2015Inventors: J. McEnroe Samuel Navaraj, Rahul C. Kashyap
-
Patent number: 9092625Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: December 7, 2012Date of Patent: July 28, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9003501Abstract: A method and system for protecting against unknown malicious activities by detecting a heap spray attack on a electronic device are disclosed. A script is received at an electronic device from a remote device via a network and a loop operation is detected in the script that contains a write operation operable to write data to a memory of the electronic device. The amount of the data operable to be written to the memory by the write operation is determined and the data is prevented from being written to the memory if the amount of the data is greater than or equal to a threshold.Type: GrantFiled: December 7, 2010Date of Patent: April 7, 2015Assignee: McAfee, Inc.Inventors: J. McEnroe Samuel Navaraj, Rahul C. Kashyap
-
Publication number: 20120144486Abstract: A method and system for protecting against unknown malicious activities by detecting a heap spray attack on a electronic device are disclosed. A script is received at an electronic device from a remote device via a network and a loop operation is detected in the script that contains a write operation operable to write data to a memory of the electronic device. The amount of the data operable to be written to the memory by the write operation is determined and the data is prevented from being written to the memory if the amount of the data is greater than or equal to a threshold.Type: ApplicationFiled: December 7, 2010Publication date: June 7, 2012Applicant: MCAFEE, INC.Inventors: J. McEnroe Samuel Navaraj, Rahul C. Kashyap