公开(公告)号：US12095629B2

公开(公告)日：2024-09-17

申请号：US16878652

申请日：2020-05-20

Applicant: VMWARE, INC.

Inventor： Nakul Ogale ,  Shirish Vijayvargiya ,  Sachin Shinde

IPC: H04L12/24 ,  G06F9/455 ,  H04L29/12 ,  H04L41/046 ,  H04L41/28 ,  H04L61/4511

CPC classification number: H04L41/28 ,  G06F9/45558 ,  H04L41/046 ,  H04L61/4511 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Example methods and systems for a computer system to perform security threat detection during service query handling are described. In one example, a process running on a virtualized computing instance supported by the computer system may generate and send a first service query specifying a query input according to a service protocol. The first service query may be detected by a security agent configured to operate in a secure enclave that is isolated from the process. Next, the security agent may generate and send a second service query specifying the query input in the first service query. It is then determined whether there is a potential security threat based on a comparison between (a) a first reply received responsive to the first service query and (b) a second reply received responsive to the second service query.

公开(公告)号：US20230188497A1

公开(公告)日：2023-06-15

申请号：US18106153

申请日：2023-02-06

Applicant: VMware, Inc.

Inventor： Shirish Vijayvargiya ,  Sunil Hasbe ,  Nakul Ogale ,  Sachin Shinde

IPC: H04L61/4552 ,  H04L61/4511 ,  H04L61/103

CPC classification number: H04L61/4552 ,  H04L61/103 ,  H04L61/4511

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

公开(公告)号：US11575646B2

公开(公告)日：2023-02-07

申请号：US16874706

申请日：2020-05-15

Applicant: VMWARE, INC.

Inventor： Shirish Vijayvargiya ,  Sunil Hasbe ,  Nakul Ogale ,  Sachin Shinde

IPC: H04L61/4552 ,  H04L61/103 ,  H04L61/4511

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

公开(公告)号：US11201847B2

公开(公告)日：2021-12-14

申请号：US17107793

申请日：2020-11-30

Applicant: VMware, Inc.

Inventor： Shirish Vijayvargiya ,  Sachin Shinde ,  Nakul Ogale ,  Vasantha Kumar Dhanasekar

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/06

Abstract: In some embodiments, a method receives a first address resolution mapping from a workload and verifies the first address resolution mapping. When the first address resolution mapping is verified, the method adds the first address resolution mapping to a list of address resolution mappings. The list of address resolution mappings includes verified address resolution mappings. The list of address resolution mappings is sent to the workload to allow the workload to verify a second address resolution mapping using the list of verified address resolution mappings.

公开(公告)号：US20210084004A1

公开(公告)日：2021-03-18

申请号：US17107793

申请日：2020-11-30

Applicant: VMware, Inc.

Inventor： Shirish Vijayvargiya ,  Sachin Shinde ,  Nakul Ogale ,  Vasantha Kumar Dhanasekar

IPC: H04L29/12 ,  H04L29/06

Abstract: In some embodiments, a method receives a first address resolution mapping from a workload and verifies the first address resolution mapping. When the first address resolution mapping is verified, the method adds the first address resolution mapping to a list of address resolution mappings. The list of address resolution mappings includes verified address resolution mappings. The list of address resolution mappings is sent to the workload to allow the workload to verify a second address resolution mapping using the list of verified address resolution mappings.

公开(公告)号：US11201853B2

公开(公告)日：2021-12-14

申请号：US16352901

申请日：2019-03-14

Applicant: VMWARE, INC.

Inventor： Nakul Ogale ,  Nilesh Awate

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/24 ,  H04L12/733 ,  H04L12/26

Abstract: Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.

公开(公告)号：US11182472B2

公开(公告)日：2021-11-23

申请号：US16588614

申请日：2019-09-30

Applicant: VMware, Inc.

Inventor： Nakul Ogale ,  Shirish Vijayvargiya ,  Sachin Shinde

IPC: G08B23/00 ,  G06F12/16 ,  G06F12/14 ,  G06F11/00 ,  G06F21/52 ,  G06N20/00

Abstract: A process monitoring methodology is disclosed. In a computer-implemented method, a selection of a process to be monitored is received. The process is to be at least partially performed using a component of a computing environment. An expected operating parameter of the process is determined. The process is also monitored to determine an actual operating parameter of the process. The actual operating parameter of the process is compared with the expected operating parameter of the process to generate a comparison result. An operation is then automatically performed based upon the comparison result.

公开(公告)号：US10855644B1

公开(公告)日：2020-12-01

申请号：US16660835

申请日：2019-10-23

Applicant: VMWARE, INC.

Inventor： Shirish Vijayvargiya ,  Sachin Shinde ,  Nakul Ogale ,  Vasantha Kumar Dhanasekar

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/06

Abstract: In some embodiments, a method receives one or more address resolution mappings and sends the one or more first address resolution mappings to a manager for verification of the one or more first address resolution mappings. The method receives one or more responses based on the verification of the one or more first address resolution mappings and allows or disallows use of the one or more address resolution mappings based on the one or more responses. A list of verified address resolution mappings is received from the manager based on the verification of the one or more first address resolution mappings. Then, the method receives a second address resolution mapping and verifies the second address resolution mapping using the list of verified address resolution mappings.