Patents by Inventor Fadi El-Moussa

Fadi El-Moussa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11159549
    Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network including receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, and identifying a computer security threat for the communication based on the records generated for the set of security events.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: October 26, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 11151268
    Abstract: An access control method for a restricted resource in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and permitting access by the software component to the restricted resource based on a comparison of the baseline profile and the runtime profile such that the software component exhibiting undesirable performance is precluded from accessing the restrict
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: October 19, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Joshua Daniel, Fadi El-Moussa
  • Patent number: 11151244
    Abstract: A method in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining one or more characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and flagging the software component in execution based on a comparison of the baseline profile and the runtime profile so as to identify an undesirable performance of the software component.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: October 19, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Joshua Daniel, Fadi El-Moussa
  • Patent number: 11128647
    Abstract: A computer implemented method to identify a computer security threat based on communication of a network connected device via a computer network including receiving a plurality of blocks of network traffic from the device, each block including a sequence of network traffic data items being identifiable by a position in the sequence of the block; identifying a subset of positions occurring in every block for which a degree of variability of values of data items in each position of the subset meets a predetermined threshold; and generating executable code for performing a plurality of processing operations based on the identified subset of positions, the executable code consuming a determinate quantity of computing resources when executed for the received network traffic.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: September 21, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Karl Smith, Fadi El-Moussa
  • Publication number: 20210286873
    Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Application
    Filed: July 31, 2017
    Publication date: September 16, 2021
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20210258151
    Abstract: Actuators and sensors in an intelligent system are controlled by setting encryption types and key lengths to individual applications based on the type of device and application being run. A server system 1 running in a communications gateway, selects an encryption policy for one or more devices under its control. This selection is controlled by an analysis function 11 using data relating to the type of device 13, and the applications to be run on the device 14, to generate an appropriate encryption policy 12 which can be deployed to the device (37). Controlling the analysis and deployment in a gateway device allows co-ordination between devices, and reduces processor time in the devices. An agent is sent to the device alongside the encryption policy data, to control the device according to the encryption policy.
    Type: Application
    Filed: April 25, 2019
    Publication date: August 19, 2021
    Inventors: Claudia CRISTINA, Fadi EL-MOUSSA, Simon BEDDUS
  • Publication number: 20210248266
    Abstract: A computer implemented method of sharing a data message containing multiple data fields between a provider computer system and a consumer computer system, wherein the provider and consumer computer systems have mutual mistrust, is disclosed.
    Type: Application
    Filed: March 19, 2019
    Publication date: August 12, 2021
    Inventors: Fabio GIUBILO, Fadi EL-MOUSSA, Mark SHACKLETON
  • Publication number: 20210182404
    Abstract: A computer implemented method to generate training data for a machine learning algorithm for determining security vulnerabilities of a virtual machine (VM) in a virtualized computing environment is disclosed. The machine learning algorithm determines the vulnerabilities based on a vector of configuration characteristics for the VM.
    Type: Application
    Filed: October 11, 2018
    Publication date: June 17, 2021
    Inventors: Mark SHACKLETON, Fadi EL-MOUSSA
  • Publication number: 20210182403
    Abstract: A computer implemented method to determine a security configuration for a target virtual machine (VM) in a virtualized computing environment, the method including training a machine learning algorithm to determine a vector of security vulnerabilities for the target VM based on a vector of configuration characteristics for the target VM, the machine learning algorithm being trained using training examples each including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each training example further includes an identification of one of set of security configurations for the training VM; selecting at least a subset of the set of security configurations and, for each security configuration in the subset, executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a
    Type: Application
    Filed: October 11, 2018
    Publication date: June 17, 2021
    Inventors: Mark SHACKLETON, Fadi EL-MOUSSA
  • Publication number: 20210168164
    Abstract: A computer implemented method to detect an anomalous change to a web application configuration, the web application executing with a web server, the method including receiving a first set of records for the web application operating in a training mode of operation, each record including characteristics of the web application; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the web application in the training mode of operation; receiving a second set of records for the web application, each record including characteristics of the web application; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a determination that
    Type: Application
    Filed: July 30, 2018
    Publication date: June 3, 2021
    Inventors: Fadi EL-MOUSSA, Xiaofeng DU
  • Publication number: 20210157927
    Abstract: Network-based applications and virtualized components are deployed according to a security analysis of the infrastructure to be used and applications to be run on it. A specification of requirements (201) is analysed (211), together with potential devices (212) and network nodes (213), to determine an appropriate level of security to be applied, and a deployment specification of applications, services, security countermeasures, and networks is prepared that will satisfy the customer requirement and with known characteristics and vulnerabilities of the services. This analysis is used to generate a deployment specification (22), and finally the actual control of an orchestrator (23) to deliver the service. The deployed system can be continually monitored to ensure that the service continues to operate within requirements. Should an incident such as a network attack or failure occur the system is re-analysed against the original requirements and re-configured or repaired.
    Type: Application
    Filed: April 25, 2019
    Publication date: May 27, 2021
    Inventors: Simon BEDDUS, Claudia CRISTINA, Fadi EL-MOUSSA
  • Patent number: 10990690
    Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the e
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: April 27, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Theo Dimitrakos
  • Patent number: 10931689
    Abstract: A method for identifying malicious network traffic communicated via a computer network, the method including: evaluating a measure of a correlation fractal dimension for a portion of network traffic over a monitored network connection; comparing the measure of correlation fractal dimension with a reference measure of correlation fractal dimension for a corresponding portion of network traffic of a malicious network connection so as to determine if malicious network traffic is communicated over the monitored network connection.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: February 23, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos
  • Patent number: 10897359
    Abstract: A method for securely accessing a hardware storage device connected to a computer system, the hardware storage device having a unique hardware identifier and the computer system including a processor, the method comprising: an agent software component receiving the identifier of the storage device to authenticate the storage device, wherein the agent executes in an unrestricted mode of operation of the processor such that the agent is a trusted software component; in response to the authentication, the agent accessing a secure data key for encrypting and decrypting data on the storage device, wherein the data key is accessible only to trusted agents executing in the unrestricted mode of the processor such that software executing in a user mode of the processor stores and retrieves data on the storage device only via the agent.
    Type: Grant
    Filed: November 13, 2014
    Date of Patent: January 19, 2021
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventors: Fadi El-Moussa, Theo Dimitrakos, Georgios Vafiadis
  • Patent number: 10891377
    Abstract: A computer implemented method to identify a derivative of one or more malicious software components in a computer system including: evaluating a measure of a correlation fractal dimension (CFD) for at least a portion of a monitored software component in the computer system, the CFD including a plurality of CFD values varying with a resolution of fractal dimension; and comparing the plurality of CFD values with a reference measure of CFD for each of the malicious software components, each reference measure of CFD including a plurality of CFD values varying with a resolution of fractal dimension, so as to identify one or more of the plurality of malicious software components from which the monitored software component is derived.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: January 12, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos
  • Publication number: 20210004468
    Abstract: A computer implemented method of improved security of an application for deployment to a virtualized computing environment, the method including receiving configuration information for the application; accessing a set of configuration descriptors for a known security attack, each descriptor encoding at least a portion of an application configuration so as to identify one or more descriptors matching at least part of the configuration information, each descriptor in the set having a probability that the security attack will occur in a deployed application having a configuration consistent with the descriptor; evaluating a risk score for a risk of occurrence of the security attack, the risk score evaluated from the probabilities associated with the identified descriptors; identifying a set of compatible alternative configurations for the application; evaluating a risk score for a risk of occurrence of the security attack for each alternative configuration; selecting an alternative configuration having a risk sc
    Type: Application
    Filed: March 4, 2019
    Publication date: January 7, 2021
    Inventor: Fadi EL-MOUSSA
  • Publication number: 20210006578
    Abstract: A computer implemented security method operable with a communications network in a vehicle, the network communicatively connecting devices including sensors and actuators in the vehicle such that information provided by sensors and states of actuators are determinable by data communicated via the network, the method including defining a Markov decision process model for the vehicle, the model specifying states of the vehicle and actions constituting transitions between states, wherein a state of the vehicle is indicated by information provided by one or more sensors and a state of one or more actuators, and an action corresponds to a change in the information provided by one or more sensors and/or a change to a state of one or more actuators, each action having associated a probability of occurrence; determining, by accessing data communicated via the network, a current state of the vehicle in the model; accessing data communicated via the network; responsive to the accessed data indicating an action to chang
    Type: Application
    Filed: March 4, 2019
    Publication date: January 7, 2021
    Inventors: Fadi EL-MOUSSA, Karl Smith
  • Publication number: 20200387392
    Abstract: A computer implemented method of converting a serialized virtual machine (VM) for a source virtualized computing environment, the serialized VM being stored in a data file having also metadata for instantiating the serialized VM in the source environment, the method including supplementing the data file with a software adapter including a plurality of executable disk image converters, each disk image converter being suitable for converting the serialized VM between disparate virtualized computing environments; a plurality of metadata mappings, each metadata mapping defining how the metadata is converted between disparate virtual computing environments; and executable code for effecting a conversion by executing an appropriate disk image converter and performing an appropriate metadata conversion to convert the data file for a target virtualized computing environment, such that the supplemented data file is operable to self-convert between the source virtualized computing environment and the target virtualized
    Type: Application
    Filed: December 3, 2018
    Publication date: December 10, 2020
    Inventors: Ali SAJJAD, Fadi EL-MOUSSA
  • Publication number: 20200389471
    Abstract: A computer implemented method to generate a signature of a network attack for a network-connected computing system, the signature including rules for identifying the network attack, the method including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device identifying information about the network attack stored in the copy of the data; and the computing device generating the signature for the network attack based on the information about the network attack so as to subsequently identify the network attack occurring on a computer network.
    Type: Application
    Filed: December 19, 2017
    Publication date: December 10, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventor: Fadi El-Moussa
  • Publication number: 20200387599
    Abstract: A computer implemented method to detect anomalous behavior of a software container having a software application executing therein, the method including receiving a sparse data representation of each of a: first set of container network traffic records; a first set of application traffic records; and a first set of container resource records, and training an hierarchical temporal memory (HTM) for each first set, wherein the container network traffic records correspond to network traffic communicated with the container, the application traffic records correspond to network traffic communicated with the software application, and the container resource records correspond to the use of computer resources by the container; receiving a sparse data representation of each of a: second set of container network traffic records; a second set of application traffic records; and a second set of container resource records; executing the trained HTMs based on each respective second set to determine a degree of recognition o
    Type: Application
    Filed: December 3, 2018
    Publication date: December 10, 2020
    Inventors: Xiaofeng DU, Fadi EL-MOUSSA