-
公开(公告)号:US20220027473A1
公开(公告)日:2022-01-27
申请号:US17392127
申请日:2021-08-02
Applicant: VMware Inc.
Inventor: Nilesh Awate , Goresh Musalay , Sachin Shinde , VSV Vijay
IPC: G06F21/57 , G06F21/60 , G06F21/53 , H04N21/443 , H04L12/24
Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.
-
公开(公告)号:US11201847B2
公开(公告)日:2021-12-14
申请号:US17107793
申请日:2020-11-30
Applicant: VMware, Inc.
Inventor: Shirish Vijayvargiya , Sachin Shinde , Nakul Ogale , Vasantha Kumar Dhanasekar
Abstract: In some embodiments, a method receives a first address resolution mapping from a workload and verifies the first address resolution mapping. When the first address resolution mapping is verified, the method adds the first address resolution mapping to a list of address resolution mappings. The list of address resolution mappings includes verified address resolution mappings. The list of address resolution mappings is sent to the workload to allow the workload to verify a second address resolution mapping using the list of verified address resolution mappings.
-
公开(公告)号:US20210084004A1
公开(公告)日:2021-03-18
申请号:US17107793
申请日:2020-11-30
Applicant: VMware, Inc.
Inventor: Shirish Vijayvargiya , Sachin Shinde , Nakul Ogale , Vasantha Kumar Dhanasekar
Abstract: In some embodiments, a method receives a first address resolution mapping from a workload and verifies the first address resolution mapping. When the first address resolution mapping is verified, the method adds the first address resolution mapping to a list of address resolution mappings. The list of address resolution mappings includes verified address resolution mappings. The list of address resolution mappings is sent to the workload to allow the workload to verify a second address resolution mapping using the list of verified address resolution mappings.
-
公开(公告)号:US20230188497A1
公开(公告)日:2023-06-15
申请号:US18106153
申请日:2023-02-06
Applicant: VMware, Inc.
Inventor: Shirish Vijayvargiya , Sunil Hasbe , Nakul Ogale , Sachin Shinde
IPC: H04L61/4552 , H04L61/4511 , H04L61/103
CPC classification number: H04L61/4552 , H04L61/103 , H04L61/4511
Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.
-
公开(公告)号:US11575646B2
公开(公告)日:2023-02-07
申请号:US16874706
申请日:2020-05-15
Applicant: VMWARE, INC.
Inventor: Shirish Vijayvargiya , Sunil Hasbe , Nakul Ogale , Sachin Shinde
IPC: H04L61/4552 , H04L61/103 , H04L61/4511
Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.
-
Patent Agency Ranking
公开(公告)号:US11080402B2
公开(公告)日:2021-08-03
申请号:US16215612
申请日:2018-12-10
Applicant: VMware Inc.
Inventor: Nilesh Awate , Goresh Musalay , Sachin Shinde , V S V Vijay
IPC: G06F21/57 , G06F21/60 , H04L12/24 , G06F21/53 , H04N21/443
Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.
-
公开(公告)号:US11062033B2
公开(公告)日:2021-07-13
申请号:US16409902
申请日:2019-05-13
Applicant: VMWARE, INC.
Inventor: Alok Nemchand Kataria , Sachin Shinde , Achindra Bhatnagar
Abstract: The disclosure herein describes verifying integrity of security policies on a client device. Policy data sets associated with security applications of virtual machines on the client device are received from a server and stored on the client device. An integrity verifier on the client device receives verified checksums from the server, wherein the verified checksums are associated with the policy data sets. Client-side checksums are generated by the integrity verifier based on the stored policy data sets. Upon generating the client-side checksums, the integrity verifier compares the verified checksums to the generated client-side checksums. Based on the comparison indicating that a verified checksum and a client-side checksum differ, the integrity verifier generates a checksum failure indicator, wherein the client device is configured to take corrective measures to restore integrity of the virtual machines based on the checksum failure indicator.
-
公开(公告)号:US11170077B2
公开(公告)日:2021-11-09
申请号:US16296273
申请日:2019-03-08
Applicant: VMWARE, INC.
Inventor: Alok Nemchand Kataria , Achindra Bhatnagar , Sachin Shinde , Martim Carbone , Deep Shah
Abstract: Techniques for verifying the integrity of application data using secure hardware enclaves are provided. In one set of embodiments, a client system can create a secure hardware enclave on the client system and load program code for an integrity verifier into the secure hardware enclave. The client system can further receive a dataset from a server system and store the dataset at a local storage or memory location, and receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash, determine that the stored dataset has been modified.
-
公开(公告)号:US11093625B2
公开(公告)日:2021-08-17
申请号:US16505743
申请日:2019-07-09
Applicant: VMWARE, INC.
Inventor: Shirish Vijayvargiya , Sachin Shinde , Amol Shivram Katkar , Vivek Parikh
Abstract: Example methods are provided for adaptive file access authorization using process access patterns. In a learning mode, attributes and other information, which are associated with applications or with processes that are related to the applications and that attempt to access a file system, are collected and used to generate a policy. In a protected mode, file access requests are examined against the policy, and are granted access to the file system or are denied access to the file system based on the contents of the policy. The policy may be updated so as to adapt to changes in the access patterns and to changes in the application or processes.
-
10.发明申请公开(公告)号:US20200272742A1
公开(公告)日:2020-08-27
申请号:US16409902
申请日:2019-05-13
Applicant: VMWARE, INC.
Inventor: ALOK NEMCHAND KATARIA , Sachin Shinde , Achindra Bhatnagar
Abstract: The disclosure herein describes verifying integrity of security policies on a client device. Policy data sets associated with security applications of virtual machines on the client device are received from a server and stored on the client device. An integrity verifier on the client device receives verified checksums from the server, wherein the verified checksums are associated with the policy data sets. Client-side checksums are generated by the integrity verifier based on the stored policy data sets. Upon generating the client-side checksums, the integrity verifier compares the verified checksums to the generated client-side checksums. Based on the comparison indicating that a verified checksum and a client-side checksum differ, the integrity verifier generates a checksum failure indicator, wherein the client device is configured to take corrective measures to restore integrity of the virtual machines based on the checksum failure indicator.
-
-
-
-
-
-
-
-
-
Search Results
24
records
(took 0.015 seconds)
