Patents by Inventor Ziv Rafalovich
Ziv Rafalovich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10768920Abstract: Software updates within one or more regions of a multi-tenant cloud are coordinated. Tenant vs. tenant conflicts, tenant vs. infrastructure provider conflicts, and conflicts between security and another priority are identified and resolved using a shared update coordinator, update priority specifications, and availability specifications. An infrastructure update request may be presented to tenants for approval. Postponed infrastructure updates may be prioritized higher. Preventing exploits of zero-day vulnerabilities may be prioritized over meeting availability targets. Updates may be merged to reduce downtime, even when the updates originate from independently controlled entities. Maximum downtime, minimum fault domains, minimum virtual machines, permitted update start times, and other availability criteria may be specified. Updates may be preempted, or allowed to complete, based on their relative priorities.Type: GrantFiled: June 15, 2016Date of Patent: September 8, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Marcus Fontoura, Mark Russinovich, Yunus Mohammed, Pritesh Patwa, Avnish Kumar Chhabra, Ziv Rafalovich
-
Publication number: 20170364345Abstract: Software updates within one or more regions of a multi-tenant cloud are coordinated. Tenant vs. tenant conflicts, tenant vs. infrastructure provider conflicts, and conflicts between security and another priority are identified and resolved using a shared update coordinator, update priority specifications, and availability specifications. An infrastructure update request may be presented to tenants for approval. Postponed infrastructure updates may be prioritized higher. Preventing exploits of zero-day vulnerabilities may be prioritized over meeting availability targets. Updates may be merged to reduce downtime, even when the updates originate from independently controlled entities. Maximum downtime, minimum fault domains, minimum virtual machines, permitted update start times, and other availability criteria may be specified. Updates may be preempted, or allowed to complete, based on their relative priorities.Type: ApplicationFiled: June 15, 2016Publication date: December 21, 2017Inventors: Marcus FONTOURA, Mark RUSSINOVICH, Yunus MOHAMMED, Pritesh PATWA, Avnish Kumar CHHABRA, Ziv RAFALOVICH
-
Patent number: 8839419Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.Type: GrantFiled: April 5, 2008Date of Patent: September 16, 2014Assignee: Microsoft CorporationInventors: Efim Hudis, Yair Helman, Tomer Weisberg, Oren Yossef, Ziv Rafalovich
-
Patent number: 8181250Abstract: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.Type: GrantFiled: June 30, 2008Date of Patent: May 15, 2012Assignee: Microsoft CorporationInventors: Ziv Rafalovich, Lior Arzi, Ron Karidi, Efim Hudis
-
Patent number: 8019845Abstract: A computer implemented method, data processing system, and computer program product for automatically aggregating entities via a profile-driven management. A profile is created, wherein the profile includes a set of search criteria comprising one or more server attributes. A list of attributes of each server in the data processing system is obtained. Servers in the plurality of servers whose attributes meet the set of search criteria specified in the profile are then grouped to form a profile group. Once the servers are grouped into a profile, an administrative action may be performed on all of the servers in the profile group simultaneously.Type: GrantFiled: June 5, 2006Date of Patent: September 13, 2011Assignee: International Business Machines CorporationInventors: Rhonda L. Childress, Itzhack Goldberg, Lorraine M. Herger, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin J. Tross
-
Patent number: 7747736Abstract: A computer implemented method, data processing system, and computer program product for nominating rules or policies for promotion through a policy hierarchy. An administrator at any level in a policy hierarchy may create a rule or policy. The administrator may then nominate the rule or policy for inclusion in a next higher level in the policy hierarchy. The rule or policy is evaluated at the next higher level. Responsive to an approval of the next higher level to include the rule or policy in the jurisdiction of the next higher level, the rule of policy is provided to all users under the jurisdiction. The nominating, evaluating, and providing steps may then be repeated for each higher level in the policy hierarchy.Type: GrantFiled: June 5, 2006Date of Patent: June 29, 2010Assignee: International Business Machines CorporationInventors: Rhonda L. Childress, Itzhack Goldberg, Lorraine M. Herger, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin J. Tross
-
Patent number: 7698704Abstract: Two methods (native and clone) are used for installing software, such as an operating system, on client system(s) booting from shared storage. The native installation method configures an interconnection network to create an exclusive communication zone between the client system and the shared storage system and installs the operating system on the client system using the exclusive communication zone. After the software is installed, the method terminates the exclusive communication zone. The clone installation method utilizes a point-in-time copy feature of the shared storage system to clone an operating system drive instantaneously. After the drive is cloned, it is logically attached to a new client and the operating system is customized for that client.Type: GrantFiled: February 17, 2005Date of Patent: April 13, 2010Assignee: International Business Machines CorporationInventors: Bulent Abali, James W. Arendt, Mohammad Banikazemi, D. Scott Guthridge, Dan E. Poff, Ziv Rafalovich, Linda A. Riedle, Gary Valentin, Nancy M. Wei
-
Publication number: 20100031354Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.Type: ApplicationFiled: April 5, 2008Publication date: February 4, 2010Applicant: MICROSOFT CORPORATIONInventors: Efim Hudis, Yair Helman, Tomer Weisberg, Oren Yossef, Ziv Rafalovich
-
Publication number: 20090328216Abstract: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.Type: ApplicationFiled: June 30, 2008Publication date: December 31, 2009Applicant: MICROSOFT CORPORATIONInventors: Ziv Rafalovich, Lior Arzi, Ron Karidi, Efim Hudis
-
Publication number: 20080126787Abstract: Managing default values. A determination is automatically made that the first program is operating in the batch mode in which user interaction is not intended to affirm or change default values. In response, first current default values for input to the first program are determined, and a determination is made whether a user previously entered or affirmed the first current default values in an interactive mode. If so, the first program is allowed to proceed with operation using the first current default values. If not, the first program is not allowed to proceed with operation using the first current default values. A determination is automatically made that the second program is operating in the interactive mode in which user interaction is intended to affirm or change default values.Type: ApplicationFiled: June 5, 2006Publication date: May 29, 2008Applicant: International Business Machines CorporationInventors: Rhonda L. Childress, Oded Dubovsky, Itzhack Goldberg, Ido Levy, Ziv Rafalovich, Martin J. Tross
-
Publication number: 20070282986Abstract: A computer implemented method, data processing system, and computer program product for nominating rules or policies for promotion through a policy hierarchy. An administrator at any level in a policy hierarchy may create a rule or policy. The administrator may then nominate the rule or policy for inclusion in a next higher level in the policy hierarchy. The rule or policy is evaluated at the next higher level. Responsive to an approval of the next higher level to include the rule or policy in the jurisdiction of the next higher level, the rule of policy is provided to all users under the jurisdiction. The nominating, evaluating, and providing steps may then be repeated for each higher level in the policy hierarchy.Type: ApplicationFiled: June 5, 2006Publication date: December 6, 2007Inventors: Rhonda L. Childress, Itzhack Goldberg, Lorraine M. Herger, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin J. Tross
-
Publication number: 20070282985Abstract: A computer implemented method, data processing system, and computer program product for automatically aggregating entities via a profile-driven management. A profile is created, wherein the profile includes a set of search criteria comprising one or more server attributes. A list of attributes of each server in the data processing system is obtained. Servers in the plurality of servers whose attributes meet the set of search criteria specified in the profile are then grouped to form a profile group. Once the servers are grouped into a profile, an administrative action may be performed on all of the servers in the profile group simultaneously.Type: ApplicationFiled: June 5, 2006Publication date: December 6, 2007Inventors: Rhonda L. Childress, Itzhack Goldberg, Lorraine M. Herger, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin J. Tross
-
Publication number: 20070282982Abstract: A system for policy-based management in a computer environment, the system including at least one rule configured to be applied to an element of a computer environment, at least one policy including at least one of the rules, at least one profile including at least one element of the computer environment, at least one association defining a relationship between one of the policies and one of the profiles, and a computer configured to instaniate any of the associations, thereby invoking any of the rules included in the related policy for application to any of the elements in the related profile.Type: ApplicationFiled: June 5, 2006Publication date: December 6, 2007Inventors: Rhonda Childress, Oded Dubovsky, Itzhack Goldberg, Ido Levy, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin Tross
-
Publication number: 20060184650Abstract: Two methods (native and clone) are used for installing software, such as an operating system, on client system(s) booting from shared storage. The native installation method configures an interconnection network to create an exclusive communication zone between the client system and the shared storage system and installs the operating system on the client system using the exclusive communication zone. After the software is installed, the method terminates the exclusive communication zone. The clone installation method utilizes a point-in-time copy feature of the shared storage system to clone an operating system drive instantaneously. After the drive is cloned, it is logically attached to a new client and the operating system is customized for that client.Type: ApplicationFiled: February 17, 2005Publication date: August 17, 2006Inventors: Bulent Abali, James Arendt, Mohammad Banikazemi, D. Guthridge, Dan Poff, Ziv Rafalovich, Linda Riedle, Gary Valentin, Nancy Wei
-
Publication number: 20060136704Abstract: A management computer controlling operations of computer systems in a number of positions within a chassis is programmed to receive a signal indicating that one of the computer systems has been installed and to determine whether it has been installed in a previously unoccupied position, installed in a previously occupied position, or moved from one position to another. If it has been installed in a previously unoccupied position, an operating system is installed for remote booting; if it has been installed in a previously occupied position, it is allowed to continue booting the operating system used by the computer it replaced; if it has been moved from one position to another, it is allowed to continue booting as before.Type: ApplicationFiled: December 17, 2004Publication date: June 22, 2006Applicant: International Business Machines CorporationInventors: James Arendt, Gregory Pruett, Ziv Rafalovich, David Rhoades, Linda Riedle