Patents by Inventor Selim Ciraci
Selim Ciraci has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230244594Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking. Other embodiments may be disclosed and/or claimed.Type: ApplicationFiled: January 28, 2022Publication date: August 3, 2023Applicant: salesforce.com, inc.Inventors: Kaushal BANSAL, Prabhat SINGH, Selim CIRACI
-
Publication number: 20230247006Abstract: A network protocol and architecture for extending trust between cloud domains of a same entity comprises adding, by egress logic executing on a first server, authentication information to a packet leaving a first cloud domain of the entity to indicate a source of the packet. The egress logic allows the packet to traverse to a target cloud domain of the entity. Ingress logic executing on a second server at the target cloud domain intercepts the packet and performs validation of the authentication information. Responsive to the authentication information passing validation, the ingress logic determines that the first cloud domain is trusted and allows the packet to proceed to a destination. Responsive to the authentication information failing validation, the ingress logic rejects the packet.Type: ApplicationFiled: January 28, 2022Publication date: August 3, 2023Applicant: salesforce.com, inc.Inventors: Chaitanya PEMMARAJU, Joshua MEIER, Selim CIRACI
-
Patent number: 11258876Abstract: The techniques disclosed herein improve the efficiency, reliability and scalability of flow processing systems by providing a multi-tier flow cache structure that can reduce the size of a flow table and also reduce replicated flow sets. In some configurations, a system can partition a flow space across workers and replicate the flows within a partition to a set of workers. In some configurations, a flow cache structure can include three tiers: (1) a scalable flow processing layer for executing the actions and transformations of a flow, (2) a flow state management layer for managing distributed flow state decisions, and (3) a flow decider layer for identifying actions and transformations needs to be executed on each packet of a flow. Flow replications allow other workers to pick up flows allocated to a particular worker that is taken offline in the event of a crash or update.Type: GrantFiled: August 6, 2020Date of Patent: February 22, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Selim Ciraci, Shekhar Agarwal, Geoffrey Outhred
-
Patent number: 11233804Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.Type: GrantFiled: January 28, 2019Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Behnaz Arzani, Selim Ciraci, Stefan Saroiu, Alastair Wolman, Jack Wilson Stokes, III, Geoff Outhred
-
Publication number: 20210329087Abstract: The techniques disclosed herein improve the efficiency, reliability and scalability of flow processing systems by providing a multi-tier flow cache structure that can reduce the size of a flow table and also reduce replicated flow sets. In some configurations, a system can partition a flow space across workers and replicate the flows within a partition to a set of workers. In some configurations, a flow cache structure can include three tiers: (1) a scalable flow processing layer for executing the actions and transformations of a flow, (2) a flow state management layer for managing distributed flow state decisions, and (3) a flow decider layer for identifying actions and transformations needs to be executed on each packet of a flow. Flow replications allow other workers to pick up flows allocated to a particular worker that is taken offline in the event of a crash or update.Type: ApplicationFiled: August 6, 2020Publication date: October 21, 2021Inventors: Selim CIRACI, Shekhar AGARWAL, Geoffrey OUTHRED
-
Patent number: 10778507Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: GrantFiled: February 28, 2019Date of Patent: September 15, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Geoff Outhred, Selim Ciraci
-
Publication number: 20200244674Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.Type: ApplicationFiled: January 28, 2019Publication date: July 30, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Behnaz ARZANI, Selim CIRACI, Stefan SAROIU, Alastair WOLMAN, Jack Wilson STOKES, III, Geoff OUTHRED
-
Publication number: 20190199580Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: ApplicationFiled: February 28, 2019Publication date: June 27, 2019Inventors: Geoff OUTHRED, Selim CIRACI
-
Patent number: 10263835Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: GrantFiled: August 12, 2016Date of Patent: April 16, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Geoff Outhred, Selim Ciraci
-
Patent number: 10263786Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: GrantFiled: January 19, 2018Date of Patent: April 16, 2019Assignee: Battelle Memorial InstituteInventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, Jr., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci
-
Publication number: 20180159691Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: ApplicationFiled: January 19, 2018Publication date: June 7, 2018Applicant: Battelle Memorial InstituteInventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, JR., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci
-
Patent number: 9923723Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: GrantFiled: June 22, 2015Date of Patent: March 20, 2018Assignee: Battelle Memorial InstituteInventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, Jr., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci
-
Publication number: 20180048519Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: ApplicationFiled: August 12, 2016Publication date: February 15, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Geoff OUTHRED, Selim CIRACI
-
Publication number: 20160006569Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: ApplicationFiled: June 22, 2015Publication date: January 7, 2016Applicant: Battelle Memorial InstituteInventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, JR., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci
-
Patent number: 9094385Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: GrantFiled: August 5, 2011Date of Patent: July 28, 2015Assignee: Battelle Memorial InstituteInventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, Jr., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci
-
Publication number: 20130036311Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions.Type: ApplicationFiled: August 5, 2011Publication date: February 7, 2013Inventors: Bora A. Akyol, Jereme Nathan Haack, Philip Allen Craig, JR., Cody William Tews, Anand V. Kulkarni, Brandon J. Carpenter, Wendy M. Maiden, Selim Ciraci