-
公开(公告)号:US20160191545A1
公开(公告)日:2016-06-30
申请号:US14587048
申请日:2014-12-31
Applicant: Symantec Corporation
Inventor: Susanta K. Nanda , Yuqiong Sun
IPC: H04L29/06
CPC classification number: H04L63/145 , H04L43/028 , H04L43/062 , H04L43/12 , H04L63/0227 , H04L63/1408 , H04L63/20
Abstract: The disclosed computer-implemented method for monitoring virtual networks may include (1) identifying a virtual network containing at least one virtualized switching device that routes network traffic from a source port within the virtual network to a destination port, (2) providing, within the virtualized switching device, a set of software-defined network rules containing criteria for identifying packets having at least one predetermined property associated with a security policy, (3) intercepting, at the source port, a packet destined for the destination port, (4) determining that at least one characteristic of the packet satisfies at least one of the rules, and (5) in response to determining that the characteristic of the packet satisfies at least one of the rules, forwarding a copy of the packet to a virtual tap port that analyzes the packet for security threats. Various other methods, systems, and computer-readable media are also disclosed.
Abstract translation: 所公开的用于监控虚拟网络的计算机实现的方法可以包括(1)识别包含至少一个虚拟交换设备的虚拟网络,该虚拟网络将网络流量从虚拟网络内的源端口路由到目的地端口,(2) 虚拟化交换设备,一套软件定义的网络规则,其中包含用于标识具有与安全策略相关联的至少一个预定属性的分组的标准;(3)在源端口拦截目的地为目的地端口的分组;(4) 确定所述分组的至少一个特征满足所述规则中的至少一个,以及(5)响应于确定所述分组的特性满足所述规则中的至少一个规则,将所述分组的副本转发到虚拟抽头端口 分析数据包的安全威胁。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US11122040B1
公开(公告)日:2021-09-14
申请号:US16233366
申请日:2018-12-27
Applicant: Symantec Corporation
Inventor: Yuqiong Sun , Xueqiang Wang , Susanta Nanda , Yun Shen , Pierre-Antoine Vervier , Petros Efstathopoulos
IPC: H04L29/06
Abstract: The disclosed computer-implemented method for fingerprinting devices may include (i) detecting that a new device has attempted to connect to a network gateway, (ii) attempting to fingerprint the new device as an instance of a known candidate device type by (a) transmitting to the new device, from a security application, a set of network messages that mimic network messages that a second application is configured to transmit to instances of the known candidate device type and (b) confirming, by the security application based on a response from the new device to the set of network messages, that the new device is the instance of the known candidate device type, and (iii) performing a security action to protect a network corresponding to the network gateway based on confirming that the new device is the instance of the known candidate device type. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11048809B1
公开(公告)日:2021-06-29
申请号:US16130254
申请日:2018-09-13
Applicant: Symantec Corporation
Inventor: Yuqiong Sun , Sandeep Bhatkar , Susanta Nanda , Mingliang Pei
Abstract: The disclosed computer-implemented method for detecting misuse of online service access tokens may include (1) receiving a user permission token to access an online service that manages one or more user resources, (2) monitoring, based on utilization of the user permission token, usage data associated with an access token issued to a relying party for accessing the user resources managed by the online service, (3) identifying, based on the usage data, activity associated with the access token being misused by the relying party, and (4) performing, a security action that protects the user resources against the activity associated with the access token being misused by the relying party. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11132447B1
公开(公告)日:2021-09-28
申请号:US16368672
申请日:2019-03-28
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Xueqiang Wang , Susanta K. Nanda , Petros Efstathopoulos
Abstract: Determining security vulnerabilities of smart home devices. A method may include obtaining data regarding a first application associated with a first IoT device associated with a known security vulnerability; analyzing the data regarding the first application to analyze expected communications with the first IoT device; identifying a second application available for download associated with a second IoT device; analyzing expected communications between the second application and the second IoT device; comparing the expected communications between the first application and first IoT device and between the second application and second IoT device to determine a similarity level between the first and second IoT devices; determining the second IoT device shares the same known security vulnerability as the first IoT device based on determining the similarity level; and implementing a security action on the second IoT device based on determining that the second IoT device shares the same known security vulnerability.
-
公开(公告)号:US20190342339A1
公开(公告)日:2019-11-07
申请号:US15969193
申请日:2018-05-02
Applicant: Symantec Corporation
Inventor: Susanta K. Nanda , Yuqiong Sun , Saurabh Shintre
IPC: H04L29/06
Abstract: A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router.
-
Patent Agency Ranking
公开(公告)号:US10447663B2
公开(公告)日:2019-10-15
申请号:US16021950
申请日:2018-06-28
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.
-
公开(公告)号:US10264020B1
公开(公告)日:2019-04-16
申请号:US14614819
申请日:2015-02-05
Applicant: Symantec Corporation
Inventor: Susanta K. Nanda , Yuqiong Sun
Abstract: A computer-implemented method for scalable network monitoring in virtual data centers may include (1) identifying a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center, (2) intercepting, at a receiving virtual machine host system, a traffic flow within a virtual network within the virtual data center, (3) determining a processor load on each of the plurality of virtual machine host systems, (4) selecting, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow, and (5) limiting the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US11184162B1
公开(公告)日:2021-11-23
申请号:US16147014
申请日:2018-09-28
Applicant: SYMANTEC CORPORATION
Inventor: Sandeep Bhatkar , Susanta K. Nanda , Yuqiong Sun , Saurabh Shintre
Abstract: Privacy preserving secure task automation. A method may include generating, by a first section of a platform, a pair of encryption keys (private and shared secret keys); receiving, by a second section of the platform, platform user data, trigger service user data; and action service user data, wherein the user of the services and platform are the same; sending the shared secret key to the services; storing the private key in the first section; receiving from the trigger service, by the second section, a first communication encrypted with the shared secret key, regarding occurrence of a trigger; determining, by the first section, that the trigger corresponds to the user of the platform; encrypting a second message with the shared secret key, requesting invocation of the action based on the trigger; and transmitting the second encrypted message to the action service without the data related to the user of the platform.
-
公开(公告)号:US10534933B1
公开(公告)日:2020-01-14
申请号:US15856040
申请日:2017-12-27
Applicant: SYMANTEC CORPORATION
Inventor: Kevin Alejandro Roundy , Yuqiong Sun , Christopher Gates , Michael Hart , Saurabh Shintre , Brian T. Witten
Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.
-
10.发明申请公开(公告)号:US20190253398A1
公开(公告)日:2019-08-15
申请号:US16021950
申请日:2018-06-28
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
CPC classification number: H04L63/0435 , G06F21/57 , G06F21/6263 , H04L63/0281
Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.014 seconds)
