Patents by Inventor Rafal Wojtczuk

Rafal Wojtczuk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11238160
    Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: February 1, 2022
    Assignee: Apple Inc.
    Inventors: Corey T. Kallenberg, Rafal Wojtczuk, Xeno S. Kovah, Andrew J. Fish
  • Patent number: 10986137
    Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: April 20, 2021
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
  • Publication number: 20200104506
    Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.
    Type: Application
    Filed: May 31, 2019
    Publication date: April 2, 2020
    Inventors: Corey T. Kallenberg, Rafal Wojtczuk, Xeno S. Kovah, Andrew J. Fish
  • Patent number: 10607007
    Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: March 31, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
  • Patent number: 9922192
    Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.
    Type: Grant
    Filed: July 24, 2015
    Date of Patent: March 20, 2018
    Assignee: Bromium, Inc.
    Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
  • Publication number: 20170180427
    Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.
    Type: Application
    Filed: March 2, 2017
    Publication date: June 22, 2017
    Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
  • Publication number: 20170076092
    Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.
    Type: Application
    Filed: November 21, 2016
    Publication date: March 16, 2017
    Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
  • Patent number: 9501310
    Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: November 22, 2016
    Assignee: Bromium, Inc.
    Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
  • Patent number: 9460293
    Abstract: A software module executes on a first operating system running. The software module determines that the first operating system has caused data to the written to a first clipboard maintained by the first operating system. The software module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second operating system. The policy data may only allow the data to be written to the second clipboard if the data was written to the first clipboard at the initiation of or approved by a user. If the software module determines that the policy data allows the data to be written to the second clipboard, then the software module, without human instruction, causes the data to written to the second clipboard.
    Type: Grant
    Filed: June 20, 2013
    Date of Patent: October 4, 2016
    Assignee: Bromium, Inc.
    Inventors: Rahul Kashyap, Rafal Wojtczuk, Ian Pratt
  • Publication number: 20160132351
    Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.
    Type: Application
    Filed: December 28, 2015
    Publication date: May 12, 2016
    Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
  • Patent number: 9292328
    Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.
    Type: Grant
    Filed: May 24, 2013
    Date of Patent: March 22, 2016
    Assignee: Bromium, Inc.
    Inventors: Ian Pratt, Rafal Wojtczuk
  • Patent number: 9223962
    Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.
    Type: Grant
    Filed: December 7, 2012
    Date of Patent: December 29, 2015
    Assignee: Bromium, Inc.
    Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
  • Patent number: 9092625
    Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.
    Type: Grant
    Filed: December 7, 2012
    Date of Patent: July 28, 2015
    Assignee: Bromium, Inc.
    Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
  • Publication number: 20140351810
    Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.
    Type: Application
    Filed: May 24, 2013
    Publication date: November 27, 2014
    Applicant: Bromium, Inc.
    Inventors: Ian Pratt, Rafal Wojtczuk