Patents by Inventor Vladimir Lifliand
Vladimir Lifliand has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10250620Abstract: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.Type: GrantFiled: June 30, 2016Date of Patent: April 2, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Vladimir Lifliand, Evgeney Ryzhyk, Yifat Sagiv, Maxim Uritsky
-
Patent number: 9871807Abstract: Described is a generic protocol decoder that analyzes network traffic or file data to look for a signature, and signals an intrusion prevention mechanism/system if the signature is matched. In one aspect, the generic decoder is built using generic application-level protocol analysis language (GAPAL) primitives. These primitives provide various capabilities, including pattern matching, skipping, reading data, copying variable data and comparing data. The generic decoder may be coupled to a pre-developed protocol parser that provides the decoder with the data to analyze.Type: GrantFiled: June 12, 2009Date of Patent: January 16, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Tanmay Arun Ganacharya, Vladimir Lifliand, Evgeney Ryzhyk
-
Publication number: 20160315957Abstract: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.Type: ApplicationFiled: June 30, 2016Publication date: October 27, 2016Applicant: Microsoft Technology Licensing, LLCInventors: Vladimir Lifliand, Evgeney Ryzhyk, Yifat Sagiv, Maxim Uritsky
-
Patent number: 9389839Abstract: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.Type: GrantFiled: June 26, 2008Date of Patent: July 12, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Vladimir Lifliand, Evgeney Ryzhyk, Yifat Sagiv, Maxim Uritsky
-
Patent number: 9262300Abstract: A method for capturing breakpoint information from a debuggee software process includes generating a breakpoint condition based upon a breakpoint request received from a user computing device corresponding to a user and transmitting the generated breakpoint condition to debuglets, each corresponding to a software process executed by a debuggee service. The debuggee service executes on a distributed system, and each debuglet translates the generated breakpoint condition to a physical breakpoint condition set to the respective software process. The method also includes receiving a request from one of the debuglets to update active breakpoint information captured by the debuglet upon the physical breakpoint condition being hit by one of the software processes and transmitting a notification from the processing device indicating the physical breakpoint condition being hit to the user computing device.Type: GrantFiled: March 19, 2015Date of Patent: February 16, 2016Assignee: Google Inc.Inventors: Erez Haba, Emre Kultursay, Vladimir Lifliand, Amnon Omri Horowitz
-
Patent number: 9191397Abstract: Described is a technology by which an engine parses data based upon modules arranged in a tree-like model structure. Only those modules that meet a condition with respect to the data are invoked for processing the data. Each child module specifies a parent module and specifies a condition for when the parent is to invoke the child module. As a module processes the data, if a child module's specified condition is met, it invokes the corresponding child module, (which in turn may invoke a lower child if its condition is met, and so on). When the data corresponds to protocols, the model facilitates protocol layering. A top level parent may represent one protocol (e.g., TCP), a child beneath may represent a lower-layer protocol (e.g., HTTP), whose children may handle certain types of HTTP commands, or correspond to a signature that the child module is programmed to detect.Type: GrantFiled: June 27, 2008Date of Patent: November 17, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ramesh Chinta, Crystal Li, Vladimir Lifliand, Narasimha Rao S. S. Nagampalli
-
Patent number: 9118700Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: GrantFiled: October 1, 2013Date of Patent: August 25, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Publication number: 20140215610Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: ApplicationFiled: October 1, 2013Publication date: July 31, 2014Applicant: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Patent number: 8578486Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: GrantFiled: June 18, 2010Date of Patent: November 5, 2013Assignee: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Publication number: 20110314270Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: ApplicationFiled: June 18, 2010Publication date: December 22, 2011Applicant: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Publication number: 20100319071Abstract: Described is a generic protocol decoder that analyzes network traffic or file data to look for a signature, and signals an intrusion prevention mechanism/system if the signature is matched. In one aspect, the generic decoder is built using generic application-level protocol analysis language (GAPAL) primitives. These primitives provide various capabilities, including pattern matching, skipping, reading data, copying variable data and comparing data. The generic decoder may be coupled to a pre-developed protocol parser that provides the decoder with the data to analyze.Type: ApplicationFiled: June 12, 2009Publication date: December 16, 2010Applicant: Microsoft CorporationInventors: Tanmay Arun Ganacharya, Vladimir Lifliand, Evgeney Ryzhyk
-
Publication number: 20090328011Abstract: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.Type: ApplicationFiled: June 26, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Vladimir Lifliand, Evgeney Ryzhyk, Yifat Sagiv, Maxim Uritsky
-
Publication number: 20090327993Abstract: Described is a technology by which an engine parses data based upon modules arranged in a tree-like model structure. Only those modules that meet a condition with respect to the data are invoked for processing the data. Each child module specifies a parent module and specifies a condition for when the parent is to invoke the child module. As a module processes the data, if a child module's specified condition is met, it invokes the corresponding child module, (which in turn may invoke a lower child if its condition is met, and so on). When the data corresponds to protocols, the model facilitates protocol layering. A top level parent may represent one protocol (e.g., TCP), a child beneath may represent a lower-layer protocol (e.g., HTTP), whose children may handle certain types of HTTP commands, or correspond to a signature that the child module is programmed to detect.Type: ApplicationFiled: June 27, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Ramesh Chinta, Jason Li, Vladimir Lifliand, Narasimha Rao S. S. Nagampalli