公开(公告)号：US20180026987A1

公开(公告)日：2018-01-25

申请号：US15215860

申请日：2016-07-21

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  John Liefert ,  Christopher Van Wart

IPC: H04L29/06

Abstract: A system for providing access control in a cloud includes a software defined network including a software defined network controller. The system is configured to authenticate user access using multi-factor authentication. If the user is authorized to access a cloud resource the software defined network controller sends instructions to insert layer 3 and 4 user-specific flows to a software defined network device connected to the cloud resource. The user-specific flows cause the software defined network device to grant access to the cloud resource to the user.

公开(公告)号：US20170187732A1

公开(公告)日：2017-06-29

申请号：US15460818

申请日：2017-03-16

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: H04L29/06 ,  G06F9/455 ,  G06F11/07

CPC classification number: H04L63/1416 ,  G06F9/45512 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0751 ,  G06F11/079 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L63/145

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US20170034220A1

公开(公告)日：2017-02-02

申请号：US14812656

申请日：2015-07-29

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Gokul Singaraju ,  Ashutosh Dutta ,  Thusitha Jayawardena ,  Christopher Van Wart

IPC: H04L29/06

CPC classification number: H04L63/205 ,  H04L63/0263 ,  H04L63/0892 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1458

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

Abstract translation: 一种用于在由第一载体服务的第一网络中识别分布式攻击（例如但不限于分布式拒绝服务攻击和僵尸网络攻击）的系统和方法，并且被配置为警告由第二载体所服务的不同的第二网络 从第一载波公开。 一旦已经识别出攻击，就会生成攻击警报并将其提供给第二个网络或第一个网络的其他方面，或者两者。 攻击警报可以通过基于直径的安全协议Rs与第二网络动态分布。 这样的系统和方法可以通过跨运营商共享目的地互联网协议和不良的国际移动用户身份信息来减轻分布式恶意攻击。

公开(公告)号：US20230024436A1

公开(公告)日：2023-01-26

申请号：US17956930

申请日：2022-09-30

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Christopher Van Wart ,  Leonard Russo ,  Nicholas Arconati ,  Robert Chin

IPC: H04L9/40 ,  H04L67/1097 ,  G06F9/455

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows include probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

公开(公告)号：US20200162994A1

公开(公告)日：2020-05-21

申请号：US16193379

申请日：2018-11-16

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Christopher Van Wart ,  Donald Levy ,  Cristina Serban ,  David Gross ,  Deon Ogle ,  Shawn Hiemstra ,  Jayaraman Ramachandran

IPC: H04W40/24 ,  H04W40/02

Abstract: Aspects of the subject disclosure may include, for example, determining a first access point name according to a first service set identifier associated with a first wireless message transmitted according to a first wireless protocol from a first device, where the first access point name is included in a set of access point names of a cellular communication system, and transmitting a second wireless message according to a second wireless protocol to a communication node of a guided wave communication system, where the guided wave communication system is communicatively coupled to the cellular communication system, where the second wireless message is associated with the first wireless message and includes the first access point name, and where the cellular communication system determines a first routing of first communications associated with the first device according to first access point name. Other embodiments are disclosed.

公开(公告)号：US10547647B2

公开(公告)日：2020-01-28

申请号：US16260315

申请日：2019-01-29

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Gokul Singaraju ,  Ashutosh Dutta ,  Thusitha Jayawardena ,  Christopher Van Wart

IPC: H04L29/06

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

公开(公告)号：US10079844B2

公开(公告)日：2018-09-18

申请号：US15683129

申请日：2017-08-22

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: G06F21/00 ,  H04L29/06 ,  G06F11/07 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45512 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0751 ,  G06F11/079 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L63/145

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US11570185B2

公开(公告)日：2023-01-31

申请号：US16658508

申请日：2019-10-21

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: G06F11/00 ,  H04L9/40 ,  G06F11/07 ,  G06F9/455

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US20200053107A1

公开(公告)日：2020-02-13

申请号：US16658508

申请日：2019-10-21

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: H04L29/06 ,  G06F11/07 ,  G06F9/455

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US10454956B2

公开(公告)日：2019-10-22

申请号：US16101924

申请日：2018-08-13

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: G06F21/00 ,  H04L29/06 ,  G06F11/07 ,  G06F9/455

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.