Patents by Inventor Andrey Marochko
Andrey Marochko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10505954Abstract: Graph-based detection systems and techniques are provided to identify potential malicious lateral movement paths. System and security events may be used to generate a network connection graph and detect remote file executions and/or other detections, for use in tracking malicious lateral movement across a computer network, such as a compromised computer network. Lateral movement determination across a computer network may be divided into two subproblems: forensic analysis and general detection. With forensic analysis, given a malicious node, possible lateral movement leading into or out of the node is identified. General detection identifies previously unknown malicious lateral movement on a network using a remote file execution detector, and/or other detectors, and a rare path anomaly detection algorithm.Type: GrantFiled: June 14, 2017Date of Patent: December 10, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Jack Wilson Stokes, III, Robert James Mead, Tim William Burrell, Ian Hellen, John Joseph Lambert, Weidong Cui, Andrey Marochko, Qingyun Liu
-
Publication number: 20180367548Abstract: Graph-based detection systems and techniques are provided to identify potential malicious lateral movement paths. System and security events may be used to generate a network connection graph and detect remote file executions and/or other detections, for use in tracking malicious lateral movement across a computer network, such as a compromised computer network. Lateral movement determination across a computer network may be divided into two subproblems: forensic analysis and general detection. With forensic analysis, given a malicious node, possible lateral movement leading into or out of the node is identified. General detection identifies previously unknown malicious lateral movement on a network using a remote file execution detector, and/or other detectors, and a rare path anomaly detection algorithm.Type: ApplicationFiled: June 14, 2017Publication date: December 20, 2018Inventors: Jack Wilson STOKES, III, Robert James MEAD, Tim William BURRELL, Ian HELLEN, John Joseph LAMBERT, Weidong CUI, Andrey MAROCHKO, Qingyun LIU
-
Patent number: 9953167Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.Type: GrantFiled: October 12, 2015Date of Patent: April 24, 2018Assignee: Microsoft Technology Licensing, LLCInventors: David R Wooten, Andrey Marochko, Dennis Mattoon, Paul England
-
Patent number: 9917687Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.Type: GrantFiled: October 12, 2015Date of Patent: March 13, 2018Assignee: Microsoft Technology Licensing, LLCInventors: David R Wooten, Andrey Marochko, Dennis Mattoon, Paul England
-
Publication number: 20170104580Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.Type: ApplicationFiled: October 12, 2015Publication date: April 13, 2017Inventors: David R. Wooten, Andrey Marochko, Dennis Mattoon, Paul England
-
Publication number: 20170103209Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.Type: ApplicationFiled: October 12, 2015Publication date: April 13, 2017Inventors: David R. Wooten, Andrey Marochko, Dennis Mattoon, Paul England
-
Patent number: 9075995Abstract: A “Secure Code Launcher” establishes platform trustworthiness, i.e., a trusted computing base (TCB), and uses hardware or firmware based components to securely launch one or more software components. The Secure Code Launcher measures and loads software components by interfacing with security extension functionality integral to one or more hardware or firmware-based components in the computing device. For example, various embodiments of the Secure Code Launcher include firmware-based components that interface with security extension functionality integral to the computing device to measure and load boot managers, operating system (OS) loaders, or other OS components including OS kernels. Similarly, the Secure Code Launcher is capable of measuring and loading software components responsible for installing an instance of an OS.Type: GrantFiled: March 11, 2013Date of Patent: July 7, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Paul England, Andrey Marochko, Dennis Mattoon, David R. Wooten
-
Publication number: 20140258700Abstract: A “Secure Code Launcher” establishes platform trustworthiness, i.e., a trusted computing base (TCB), and uses hardware or firmware based components to securely launch one or more software components. The Secure Code Launcher measures and loads software components by interfacing with security extension functionality integral to one or more hardware or firmware-based components in the computing device. For example, various embodiments of the Secure Code Launcher include firmware-based components that interface with security extension functionality integral to the computing device to measure and load boot managers, operating system (OS) loaders, or other OS components including OS kernels. Similarly, the Secure Code Launcher is capable of measuring and loading software components responsible for installing an instance of an OS.Type: ApplicationFiled: March 11, 2013Publication date: September 11, 2014Applicant: Microsoft CorporationInventors: Paul England, Andrey Marochko, Dennis Mattoon, David R. Wooten