Patents by Inventor Rafal Wojtczuk
Rafal Wojtczuk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11238160Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.Type: GrantFiled: May 31, 2019Date of Patent: February 1, 2022Assignee: Apple Inc.Inventors: Corey T. Kallenberg, Rafal Wojtczuk, Xeno S. Kovah, Andrew J. Fish
-
Patent number: 10986137Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.Type: GrantFiled: March 2, 2017Date of Patent: April 20, 2021Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
-
Publication number: 20200104506Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.Type: ApplicationFiled: May 31, 2019Publication date: April 2, 2020Inventors: Corey T. Kallenberg, Rafal Wojtczuk, Xeno S. Kovah, Andrew J. Fish
-
Patent number: 10607007Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: GrantFiled: November 21, 2016Date of Patent: March 31, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 9922192Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: July 24, 2015Date of Patent: March 20, 2018Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Publication number: 20170180427Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.Type: ApplicationFiled: March 2, 2017Publication date: June 22, 2017Inventors: Rahul C. Kashyap, Rafal Wojtczuk, Ian Pratt
-
Publication number: 20170076092Abstract: An isolated environment is instantiated in response to receiving a request to execute a process. One or more events occurring within the isolated environment in which the process executes are identified. Whether the actual behavior of the process executing within the isolated environment deviates from an expected behavior of the execution of the process is determined. Only when it is determined that the process deviates from the expected behavior is behavior data, which describes the actual behavior of the process during execution, stored. A determination is then made as to whether the process is compromised by analyzing the behavior data that describes the actual behavior of the process.Type: ApplicationFiled: November 21, 2016Publication date: March 16, 2017Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk, Adrian Taylor
-
Patent number: 9501310Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 28, 2015Date of Patent: November 22, 2016Assignee: Bromium, Inc.Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9460293Abstract: A software module executes on a first operating system running. The software module determines that the first operating system has caused data to the written to a first clipboard maintained by the first operating system. The software module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second operating system. The policy data may only allow the data to be written to the second clipboard if the data was written to the first clipboard at the initiation of or approved by a user. If the software module determines that the policy data allows the data to be written to the second clipboard, then the software module, without human instruction, causes the data to written to the second clipboard.Type: GrantFiled: June 20, 2013Date of Patent: October 4, 2016Assignee: Bromium, Inc.Inventors: Rahul Kashyap, Rafal Wojtczuk, Ian Pratt
-
Publication number: 20160132351Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: ApplicationFiled: December 28, 2015Publication date: May 12, 2016Inventors: Rahul C. Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9292328Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.Type: GrantFiled: May 24, 2013Date of Patent: March 22, 2016Assignee: Bromium, Inc.Inventors: Ian Pratt, Rafal Wojtczuk
-
Patent number: 9223962Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.Type: GrantFiled: December 7, 2012Date of Patent: December 29, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Patent number: 9092625Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.Type: GrantFiled: December 7, 2012Date of Patent: July 28, 2015Assignee: Bromium, Inc.Inventors: Rahul C Kashyap, J. McEnroe Samuel Navaraj, Baibhav Singh, Arun Passi, Rafal Wojtczuk
-
Publication number: 20140351810Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.Type: ApplicationFiled: May 24, 2013Publication date: November 27, 2014Applicant: Bromium, Inc.Inventors: Ian Pratt, Rafal Wojtczuk