Patents by Inventor Theofrastos KOULOURIS
Theofrastos KOULOURIS has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240104213Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: ApplicationFiled: December 5, 2023Publication date: March 28, 2024Inventors: Nigel Edwards, Michael R. Krause, Melvin Benedict, Ludovic Emmanuel Paul Noel Jacquin, Luis Luciani, Thomas Laffey, Theofrastos Koulouris, Shiva Dasari
-
Patent number: 11868474Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: GrantFiled: January 8, 2019Date of Patent: January 9, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Michael R. Krause, Melvin Benedict, Ludovic Emmanuel Paul Noel Jacquin, Luis Luciani, Thomas Laffey, Theofrastos Koulouris, Shiva Dasari
-
Patent number: 11803639Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: GrantFiled: April 16, 2021Date of Patent: October 31, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Theofrastos Koulouris, Nigel Edwards
-
Publication number: 20220043914Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: ApplicationFiled: January 8, 2019Publication date: February 10, 2022Inventors: Nigel EDWARDS, Michael R. KRAUSE, Melvin BENEDICT, Ludovic Emmanuel Paul Noel JACQUIN, Luis LUCIANI, Thomas LAFFEY, Theofrastos KOULOURIS, Shiva DASARI
-
Publication number: 20210256118Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: ApplicationFiled: April 16, 2021Publication date: August 19, 2021Inventors: Geoffrey NDU, Theofrastos KOULOURIS, Nigel EDWARDS
-
Patent number: 11017080Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: GrantFiled: June 13, 2018Date of Patent: May 25, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Theofrastos Koulouris, Nigel Edwards
-
Patent number: 10771264Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.Type: GrantFiled: October 10, 2018Date of Patent: September 8, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Ludovic Emmanuel Paul Noel Jacquin, Thomas Laffey, Theofrastos Koulouris
-
Patent number: 10749895Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.Type: GrantFiled: November 17, 2015Date of Patent: August 18, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Simon Ian Arnell, Marco Casassa Mont, Yolanta Beresna, Theofrastos Koulouris, Jon Potter
-
Publication number: 20200119929Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.Type: ApplicationFiled: October 10, 2018Publication date: April 16, 2020Inventors: Nigel Edwards, Ludovic Emmanuel Paul Noel Jacquin, Tom Laffey, Theofrastos Koulouris
-
Publication number: 20190384909Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: ApplicationFiled: June 13, 2018Publication date: December 19, 2019Inventors: Geoffrey Ndu, Theofrastos Koulouris, Nigel Edwards
-
Publication number: 20180337943Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.Type: ApplicationFiled: November 17, 2015Publication date: November 22, 2018Inventors: Simon Ian ARNELL, Marco CASASSA MONT, Yolanta BERESNA, Theofrastos KOULOURIS, Jon POTTER