Patents Assigned to George Mason Research Foundation, Inc.
-
Patent number: 9871812Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OS VM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: March 15, 2017Date of Patent: January 16, 2018Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 9849189Abstract: A cationic antimicrobial peptide (CAMP) conjugate is disclosed. The CAMP conjugate may be made by identifying a suitable carrier peptide; identifying a suitable antimicrobial agent; creating a conjugate by conjugating the peptide with the antimicrobial agent; and evaluating and refining the conjugate. The peptide may be short peptide based on the sequence of a CAMP, such as human ?-defensin-3. The peptide can be directly connected to the antimicrobial agent or through a linker segment. The antimicrobial agent may be connected to the peptide or the linker segment through stable or cleavable bonding. The peptide may carry and facilitate the delivery of the conjugated antimicrobial agent to a microbe.Type: GrantFiled: May 2, 2016Date of Patent: December 26, 2017Assignee: George Mason Research Foundation, Inc.Inventors: Barney Bishop, Monique van Hoek, Keith M. Davies
-
Patent number: 9846588Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.Type: GrantFiled: September 10, 2014Date of Patent: December 19, 2017Assignee: George Mason Research Foundation, Inc.Inventors: Anup K. Ghosh, Sushil Jajodia, Yih Huang, Jiang Wang
-
Publication number: 20170302692Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: March 15, 2017Publication date: October 19, 2017Applicant: George Mason Research Foundation, Inc.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Publication number: 20170206348Abstract: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark.Type: ApplicationFiled: August 29, 2016Publication date: July 20, 2017Applicant: George Mason Research Foundation, Inc.Inventors: Anup K. GHOSH, Sushil JAJODIA, Yih HUANG, Jiang WANG
-
Publication number: 20170201534Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: November 22, 2016Publication date: July 13, 2017Applicant: George Mason Research Foundation, Inc.Inventors: Angelos STAVROU, Sushil JAJODIA, Anup K. GHOSH, Rhandi MARTIN, Charalampos ANDRIANAKIS
-
Patent number: 9602524Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: July 24, 2015Date of Patent: March 21, 2017Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Patent number: 9531747Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: GrantFiled: September 10, 2014Date of Patent: December 27, 2016Assignee: George Mason Research Foundation, Inc.Inventors: Angelos Stavrou, Sushil Jajodia, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
-
Patent number: 9483637Abstract: A computer system may be employed to verify program execution integrity by receiving a request to launch a program that has been instrumented to include at least one integrity marker, instantiating the program with an integrity marker value, and verifying the execution integrity of the program based on the integrity marker value and information received from the program during execution. A computer system may also be employed for program instrumentation by modifying the program to include at least one instruction for passing an integrity marker value to an operating system kernel during execution of the instruction.Type: GrantFiled: July 7, 2014Date of Patent: November 1, 2016Assignee: George Mason Research Foundation, Inc.Inventor: Xinyuan Wang
-
Patent number: 9436822Abstract: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark.Type: GrantFiled: September 9, 2014Date of Patent: September 6, 2016Assignee: George Mason Research Foundation, Inc.Inventors: Anup K. Ghosh, Sushil Jajodia, Yih Huang, Jiang Wang
-
Patent number: 9383299Abstract: Capture particles for harvesting analytes from solution and methods for using them are described. The capture particles are made up of a polymeric matrix having pore size that allows for the analytes to enter the capture particles. The pore size of the capture particles are changeable upon application of a stimulus to the particles, allowing the pore size of the particles to be changed so that analytes of interest remain sequestered inside the particles. The polymeric matrix of the capture particles are made of co-polymeric materials having a structural monomer and an affinity monomer, the affinity monomer having properties that attract the analyte to the capture particle. The capture particles may be used to isolate and identify analytes present in a mixture. They may also be used to protect analytes which are typically subject to degradation upon harvesting and to concentrate low an analyte in low abundance in a fluid.Type: GrantFiled: February 25, 2013Date of Patent: July 5, 2016Assignee: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Alessandra Luchini Kunkel, Lance Liotta, Emanuel Petricoin, Barney Bishop, Francesco Meani, Claudia Fredolini, Thomas M Dunlap, Alexis Patanarut
-
Publication number: 20160182540Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: ApplicationFiled: July 24, 2015Publication date: June 23, 2016Applicant: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Anup GHOSH, Yih HUANG, Jiang WANG, Angelos STAVROU
-
Patent number: 9325729Abstract: Systems and methods for determining a safety level of a network vulnerable to attack from at least one origin to at least one target are described. Machines, components, and vulnerabilities in a network may be associated to one another. Degrees of similarity among the vulnerabilities may be determined and subsets of vulnerabilities may be grouped based on their determined degrees of similarity to one another. This data may be used to generate an attack graph describing exploitation of vulnerabilities and grouped vulnerabilities and defining vulnerability exploit condition relationships between at least one origin and at least one target. The attack graph may be analyzed using a k-zero day metric function to determine a safety level.Type: GrantFiled: July 7, 2014Date of Patent: April 26, 2016Assignees: George Mason Research Foundation, Inc., The United States of America, as represented by the Secretary of Commerce, The National Institute of Standards and TechnologyInventors: Sushil Jajodia, Lingyu Wang, Steven Noel, Anoop Singhal
-
Patent number: 9311566Abstract: A method and system for measuring and determining the full-field spatial distributions of strain tensor field components in a two or three-dimensional space, as a consequence of deformation under generalized loading conditions. One or more digital cameras may be used to acquire successive images of a deforming body with optically distinctive features on its surface. A method for determining the location of characteristic points of the surface features and another one for tracking these points as deformation occurs. Elongations between neighboring points on the vicinity of a location of interest are computed. The elongation between points is calculated even though discontinuities may exist between them. Strain tensor fields are directly calculated as a tensor approximation from these elongations without determining or using the displacement vector distributions.Type: GrantFiled: August 2, 2013Date of Patent: April 12, 2016Assignees: George Mason Research Foundation, Inc., The United States of America, as Represented by the Secretary of the NavyInventors: Athanasios Iliopoulos, John G. Michopoulos
-
Patent number: 9270697Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.Type: GrantFiled: August 22, 2014Date of Patent: February 23, 2016Assignee: George Mason Research Foundation, Inc.Inventors: Anup K. Ghosh, Kun Sun, Jiang Wang, Angelos Stavrou
-
Publication number: 20160019391Abstract: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark.Type: ApplicationFiled: September 9, 2014Publication date: January 21, 2016Applicant: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Anup K. GHOSH, Sushil Jajodia, Yih HUANG, Jiang WANG
-
Publication number: 20150264059Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.Type: ApplicationFiled: September 10, 2014Publication date: September 17, 2015Applicant: George Mason Research Foundation, Inc.Inventors: Angelos STAVROU, Sushil JAJODIA, Anup K. GHOSH, Rhandi MARTIN, Charalampos Andrianakis
-
Patent number: 9098698Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.Type: GrantFiled: September 14, 2009Date of Patent: August 4, 2015Assignee: George Mason Research Foundation, Inc.Inventors: Anup Ghosh, Yih Huang, Jiang Wang, Angelos Stavrou
-
Publication number: 20150212842Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.Type: ApplicationFiled: September 10, 2014Publication date: July 30, 2015Applicant: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Anup K. GHOSH, Sushil JAJODIA, Yih HUANG, Jiang WANG
-
Patent number: 9092229Abstract: Systems and Methods are utilized for determining a software signature. A software program in a form of a sequence of instructions of the software program is obained. The software program is clustered into a software family. A signature for each software family is generated.Type: GrantFiled: May 3, 2012Date of Patent: July 28, 2015Assignee: GEORGE MASON RESEARCH FOUNDATION, INC.Inventors: Muhammad Aljammaz, Edward J. Wegman