Patents by Inventor Oleksandr Bazhaniuk
Oleksandr Bazhaniuk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240054234Abstract: Systems and methods are provided herein for monitoring and identifying potential security vulnerabilities in hardware and/or firmware of host devices. In an example, a client system includes a data interface, a processor, and a storage device storing instructions executable by the processor to collect firmware and/or hardware information relating to the client system and transmit, via the data interface, data associated with the firmware and/or hardware information to a remote device.Type: ApplicationFiled: October 24, 2023Publication date: February 15, 2024Inventors: Yuriy Bulygin, Oleksandr Bazhaniuk
-
Patent number: 11797684Abstract: Systems and methods are provided herein for monitoring and identifying potential security vulnerabilities in hardware and/or firmware of host devices. In an example, a client system includes a data interface, a processor, and a storage device storing instructions executable by the processor to collect firmware and/or hardware information relating to the client system and transmit, via the data interface, data associated with the firmware and/or hardware information to a remote device.Type: GrantFiled: August 16, 2019Date of Patent: October 24, 2023Assignee: Eclypsium, Inc.Inventors: Yuriy Bulygin, Oleksandr Bazhaniuk
-
Patent number: 11347840Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.Type: GrantFiled: July 30, 2019Date of Patent: May 31, 2022Assignee: MCAFEE, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Patent number: 11347853Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: GrantFiled: September 16, 2019Date of Patent: May 31, 2022Assignee: MCAFEE, LLCInventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Publication number: 20200074086Abstract: Systems and methods are provided herein for monitoring and identifying potential security vulnerabilities in hardware and/or firmware of host devices. In an example, a client system includes a data interface, a processor, and a storage device storing instructions executable by the processor to collect firmware and/or hardware information relating to the client system and transmit, via the data interface, data associated with the firmware and/or hardware information to a remote device.Type: ApplicationFiled: August 16, 2019Publication date: March 5, 2020Inventors: Yuriy Bulygin, Oleksandr Bazhaniuk
-
Publication number: 20200065490Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: ApplicationFiled: September 16, 2019Publication date: February 27, 2020Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Publication number: 20190354678Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.Type: ApplicationFiled: July 30, 2019Publication date: November 21, 2019Inventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Patent number: 10437998Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: GrantFiled: October 26, 2015Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Patent number: 10437990Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.Type: GrantFiled: September 30, 2016Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Yuriy Bulygin, Gideon Gerzon, Sameer Desai, Hisham Shafi, Andrew A. Furtak, Oleksandr Bazhaniuk, Mikhail V. Gorobets, Ravi L. Sahita, Ofer Levy
-
Patent number: 10387642Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.Type: GrantFiled: December 27, 2016Date of Patent: August 20, 2019Assignee: McAfee, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Publication number: 20180181747Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.Type: ApplicationFiled: December 27, 2016Publication date: June 28, 2018Inventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Publication number: 20180096140Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.Type: ApplicationFiled: September 30, 2016Publication date: April 5, 2018Inventors: YURIY BULYGIN, GIDEON GERZON, SAMEER DESAI, HISHAM SHAFI, ANDREW A. FURTAK, OLEKSANDR BAZHANIUK, MIKHAIL V. GOROBETS, RAVI L. SAHITA, OFER LEVY
-
Publication number: 20170116418Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: ApplicationFiled: October 26, 2015Publication date: April 27, 2017Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Publication number: 20170091454Abstract: Existing performance monitoring and last branch recording processor hardware may be configured and used for detection of return-oriented and jump-oriented programming exploits with less performance impact that software-only techniques. Upon generation of a performance monitoring interrupt indicating that a predetermined number of mispredicted branches have occurred, the control flow and code may be analyzed to detect a return-oriented or jump-oriented exploit.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Vadim Sukhomlinov, Oleksandr Bazhaniuk, Igor Muttik, Yuriy Bulygin, Alex Nayshtut, Andrew A. Furtak