Mr. Ahmed Sallam, Founder, Inventor and CEO, DeepSAFE Technology®
Former VP / CTO / Principal Engineer: Citrix, Intel, McAfee and Symantec
Table of content:
Mr. Ahmed Sallam: A Vanguard in Computer Systems Security, Protection, Safety and Virtualization
Mr. Ahmed Sallam stands out as a dynamic force in technology and engineering leadership with a career spanning over 30 years at the forefront of systems protection, security, virtualization, privacy, safety and manageability. Renowned for initiating and steering groundbreaking projects, he has consistently led international architecture and engineering teams to deliver transformative technologies spanning the spectrum of software, firmware, and hardware domains.
As a founder of DeepSAFE Technology, Mr. Sallam's extensive experience encompasses forming and directing R&D organizations and CTO Offices at leading companies such as McAfee, Intel, Citrix, Nokia, and Symantec. His roles have included Chief Security Architect & CTO of Advanced Technology at McAfee, CTO of Advanced Technology at Intel, Corporate CTO and VP of Product Strategy at Citrix, Senior Security Architect & Director of Security Architecture at Nokia, and Principal Engineer at Symantec.
Mr. Sallam's expertise has been pivotal in managing some of the most intricate technical ventures globally, often at the helm of the most seasoned engineering teams. His comprehensive stewardship of technology and product engineering includes the architecture and delivery of cutting-edge engine and product lines for a multitude of platforms, including Windows, Linux, embedded systems, firmware, and hardware for Intel, AMD, and ARM.
The foundations of protection, security and virtualization technology that Mr. Sallam has architected, invented, and developed are integral to the cloud infrastructures of Amazon Web Services, Microsoft Azure, Oracle Cloud, and numerous other implementations. His innovative approach has driven security innovation, product security architecture, and platform security operations globally across Citrix, McAfee, and Intel, while also guiding technical engagements with partners, ecosystem enablement, acquisitions, and intellectual property management.
Holding over 55 issued patents as a sole inventor, Mr. Sallam has been a trailblazer in developing robust models for hardware, firmware, and software security and virtualization. His innovations encompass below-OS security, virtualization-based security, cloud security, high-integrity computing, zero-trust systems, and cutting-edge anti-malware protections.
Endorsed by industry giants and recognized as a thought leader, Mr. Sallam is a sought-after speaker and author, disseminating deep technical insights into physical and virtual cloud infrastructure, emphasizing security, mobility, and the complex migration of users, applications, data, and networks. His extensive experience encompasses not only security and virtualization within hardware, hypervisors, and OS kernels but also the leadership of initiatives that have shaped CPU, Memory, and GPU virtualization, nested virtualization, and trusted computing.
In his hands-on managerial roles, Mr. Sallam has adeptly leveraged platforms like Google Workspaces and Microsoft Office365, leading IT organizations with a focus on innovation and efficiency.
Mr. Ahmed Sallam's Career Highlights
As corporate VP/CTO/Chief Architect at Citrix, Intel and McAfee, Mr. Sallam ran engineering and technology strategic task force operations reporting to CEO and direct reports. Covering tools, platforms, engines and solutions engineering, coaching and leadership, open source, innovation, IP & legal & HR & Finance, corporate strategy & structuring & M&A, products strategy & management. Represented DeepSAFE, Citrix and McAfee in various partnership activities, drafting partnership terms for joint technology, solutions development, integration and go to market activities. Led various architecture and engineering groups focused on designing and building next generation products and solutions including acting as chief architect of next generation security engines. Led various strategy and engineering efforts focused on vertical markets penetration including federal, financial, Oil & Gas, Healthcare, Education, IoT, and IIoT. Acted as a coach and a mentor with focus on values-based leadership.
Mr. Sallam has been credited for architecting and inventing McAfee / Intel DeepSAFE technology. He came up with the vision initially, then invented, architected and led the team developing McAfee and Intel’s DeepSAFE hardware rooted below-OS virtualization security technology. DeepSAFE triggered the Intel’s $7.7B acquisition of McAfee. DeepSAFE has been implemented into every Intel’s shipping processor’s microcode and solid-state drive’s firmware. DeepSAFE made the technical foundation needed for enabling virtualization-based security and building of scalable virtualized cloud infrastructure.
Click here for more
Mr. Sallam initiated, invented, acted as lead architect, and led teams globally delivering industry’s leading commercial solutions including:
Unified security, virtualizations and manageability engines and platforms across McAfee and Citrix with focus on cost optimization, high performance, scalability, user experience, elasticity, and resilience.
Turnkey System for secure production & distribution of audio CDs (Warner Brothers Music Group).
Country-wide cloud infrastructure with support for elasticity, security, scalability and disaster recovery.
End-to-end (cloud and end-point) secure production, distribution and rendering of audio content.
Cloud platforms and automation workflow system powering McAfee Global Threat Intelligence.
Citrix (Intel) Xen virtualization stack powering public clouds such as AWS and securing federal devices.
Citrix Xen-based Clouds, Apps, Desktop and Hosts Virtualization for ARM scale-out servers
Virtualization driven security extensions for devices and clouds (Intel, McAfee, Citrix and VMWare).
Holistic Security for Hosted and Local VDI infrastructure (Citrix and Intel).
Hardware rooted below-OS security using out-of-band agent for malware protection and integrity assurances of CPU, memory, firmware, storage, kernel and hypervisors (Intel, Citrix and McAfee).
Anti-Malware engines with support for self and buffer overflow and behavioral protection (Symantec and McAfee), and prevention of rootkits, back-door and below-OS attacks (McAfee and Intel).
Non-signature zero-day protection, remediation and recovery from rootkits, and backdoors attacks.
Kernel and Applications shielding, sandboxing, and whitelisting (Citrix, McAfee, and Netscape).
Secure Web browser & Email clients with content filtering, classification, control and integration with NLP engines including text-to-speech, voice recognition and machine translation (Netscape).
Centralized secure distribution of encrypted audio content with embedded watermarks & DRM.
Virtualization-based apps / kernel isolation through nested hypervisor (McAfee, Citrix and Intel),
SSL-VPN with end-point security, applications control, and sandboxing (Nokia).
Object-based, storage virtualization with support for CIFS/NFS and distributed network file systems.
The Pioneering Journey of Mr. Ahmed Sallam Inventing and Architecting Below-OS Security and Protection
Since the mid-90s, Mr. Ahmed Sallam, the founder of DeepSAFE Technology, has made significant contributions to cybersecurity, earning over 55 patents as a sole inventor. His work in developing sophisticated cybersecurity engines has been pivotal in monitoring and controlling operations that target hardware, hypervisors and operating system kernel resources. These engines, adept at detecting and preventing malware and other malicious activities, have been integral to the defense strategies of major corporations.
At Symantec Corporation, he developed a kernel mode device driver for Norton antivirus solutions, enhancing their defense against cyber attacks and introducing proactive behavioral blocking. His tenure as a Senior Security Architect at Nokia's Security Division led to the design of a comprehensive endpoint security solution and an SSL-VPN solution, which was later acquired by CheckPoint. This multifaceted solution included developing Windows device drivers for SSL-VPN, desktop isolation, network firewall capabilities, application control, sandboxing, and intrusion prevention.
During his six years as McAfee's Chief Architect / CTO, Mr. Sallam's focus was on combating low-level and below-OS attacks, such as rootkits, backdoors and bootkits. He achieved this through the development of kernel mode device drivers and custom-built hypervisors, alongside firmware and hardware extensions. These innovations were crucial in tracking, detecting and preventing below-OS malware attacks.
In his role as Citrix CTO/VP of Products for 3.5 years, Mr. Sallam drove the development of virtualization-based security extensions across ARM and Intel Architectures. He led the creation of custom secure devices, servers, gateways, and clouds, powered by custom-built virtualization security modules and extensions.
At DeepSAFE Technology, Mr. Sallam continues to push the boundaries of cybersecurity. His current work involves advancing low-level device driver development, hypervisor-extensions, firmware, and hardware extensions. These efforts are targeted at the prevention and isolation of malware attacks and are instrumental in enhancing hardware architecture. This has led to the development of autonomous systems with self-protection and self-healing capabilities, marking a new era in cybersecurity solutions.
Mr. Sallam's groundbreaking work has not only advanced the field of cybersecurity, virtualization and their intersection but has also set new standards in the protection of digital infrastructure. His innovations have significantly contributed to the evolution of cybersecurity practices, making systems more resilient against increasingly sophisticated cyber threats. This work has been vital in safeguarding sensitive information and maintaining the integrity of digital systems across various industries.
Mr. Ahmed Sallam's LinkedIn public recommendations
"Ahmed is an incredibly smart and insightful security professional. He understands security and attacks at the deepest levels yet can apply solutions practically. Articulate and purpose-driven, Ahmed is a valuable asset to any company who cares about security."
Stuart McClure, CEO & President & Founder, Cylance ( A BlackBerry company).
"I worked with Ahmed on several advanced security technologies that provided a unique and valuable synergy between hardware and software. Ahmed applied his deep security knowledge and deftly integrated his knowledge of Intel architectures to help guide our joint work. Ahmed is a pleasant person to work with working very well in a collaborative team manner. He provides both detailed input as well as an excellent high level vision of the objective while remaining agile to readjust as the program proceeds given the inevitable twists and turns. I highly recommend Ahmed."
Jerry Bautista, VP and GM, New Devices Group, Intel Corporation
"It is clear from my interactions with Ahmed since he joined Citrix that he is an extremely innovative thinker. He takes the time to listen to the business and technical challenges faced by customers and partners before proposing thoughtful solutions and approaches. As important, Ahmed recognize that one company cannot do everything. He works in a highly collaborative way to initially nurture and subsequently strengthen/broaden ecosystems. Three specific initiatives come to mind during our time working together: Ahmed participated in the launch of the first 64-bit ARM based silicon optimized for use in servers (Applied Micro's silicon). Ahmed was Citrix's executive sponsor and led their participation and engagement in Linaro. Ahmed has driven Citrix's product roadmap to bring Xen software to the ARM architecture
Ian Ferguson, VP of World Wide Marketing and Strategic Alliances, ARM
"I recommend Ahmed without any reservation. Ahmed is one of the smartest guys I've ever had the opportunity to work alongside. He has impeccable work ethic, honesty and interpersonal people skills. His technical skills are finely tuned and he can mange the very large scale architectural design of a system and drill down to the lowest technical details seamlessly. In my career, I count knowing and working with Ahmed to be among one of my best and most valued professional experiences. To know Ahmed is truly a privilege, and to work with him is truly an opportunity in itself. Simply stated, he's one our industry's best."
Michael Dalton, Sr. Vice President Software Engineering, BAE Systems Applied Intelligence
"Ahmed is an innovative architect always thinking about disruptive technologies. We worked together on two completely different security solutions, while Ahmed was the CTO leading advanced technology group; and the solutions were as interesting as the debates/ discussions we had thinking through those. Ahmed challenges traditional thinking and enables organizations to think different. Great resource to have on any team."
Shailaja K. Shankar, SVP /GM, Security Business Group, Cisco
"Ahmed is quite simply one of the smartest people I know, period, and one of the nicest as well. Extremely detail-oriented, he takes the time to work through complex problems methodically and thoroughly, and he is happy to take the time to explain it to others. An extremely hard worker, he's probably the best Windows internals guy I know. One of my best hires ever."
Joe Telafici, Vice President of McAfee Labs
"Ahmed embodies a rare combination of profound security domain knowledge, creativity, and business acumen. This triple of skills allows for making the progression from invention (ideas) to innovation (reduction to practice & shipping). "
Vincent Zimmer, Senior Principal Engineer, Intel Corporation
"Ahmed is one of the true industry experts when it comes to Windows system level architecture and security. He continuously strives to provide innovative solutions to the ever increasing complexity of security threats."
Carl Banzhof, VP of Engineering at RocketCyber
"Ahmed possesses a profound depth of knowledge around security threats, vulnerabilities and attacks coupled with the unique ability to invent innovative security capabilities to detect, prevent and recover from attacks. I have had the pleasure of working with Ahmed for the past 5 years and learn something new every time I talk to him. He is a deep thinker with a long history of experience that he calls on to improve the security ecosystem time and again."
Alan Ross, Distinguished Engineer at Splunk
"Ahmed is a gifted security professional with the exceptional breadth of knowledge about computer security. I had a privilege to work with him on multiple projects and it was always a pleasure. His focus on the goal along with the professionalism and communication always yields great results."
Prof. Igor Muttik, Anti-Malware Industry Guru
"Ahmed was a key contributor to the Office of the CTO at McAfee, he was not only one of our most prolific inventors, but also one of the most active and eager mentors within the technical community. He was renowned for his expansive and deep knowledge but also his ability to "connect the dots" between exotic tech, and business results. I immensely enjoyed my time working with Ahmed and his contribution to the success of McAfee was immeasurable."
Simon Hunt, EVP Cyber Product Innovation, Mastercard
"Ahmed has a strong understanding of operating systems, systems programming, security issues and how malware can subvert security mechanisms. He is very good at coming up with ways to prevent such subversion. His understanding of machine and assembly language is key to doing that."
John Millard, 27 years at Symantec Corporation
Mr. Ahmed Sallam's Issued Patents (sole inventorship)
Mr. Sallam is the sole inventor of 50+ Issued US Patents:
Method and system for proactive detection of malicious shared libraries via a …
US US9886579B2 Ahmed S. Sallam Mcafee, Llc
Priority 2010-01-27 • Filed 2014-12-23 • Granted 2018-02-06 • Published 2018-02-06
A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the …
System and method for below-operating system regulation and control of self- …
US US8813227B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2014-08-19 • Published 2014-08-19
A system for securing an electronic device may include a memory, a processor; one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic …
Method and system for discrete stateful behavioral analysis
US US9679136B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-01-27 • Filed 2015-11-17 • Granted 2017-06-13 • Published 2017-06-13
A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system …
System and method for securing memory and storage of an electronic device with …
US US9262246B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2016-02-16 • Published 2016-02-16
A security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory or a storage of the electronic device may be further configured to: (i) access one or more security rules to determine a criteria by which an …
System and method for below-operating system trapping and securing loading of …
US US9530001B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2015-05-18 • Granted 2016-12-27 • Published 2016-12-27
A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of a resource of the …
Click here for more
Method and system for detection of malware that connect to network destinations …
US US20170034188A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-01-27 • Filed 2016-10-12 • Published 2017-02-02
A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a …
Systems and methods for identifying hidden processes
US US8549648B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2013-10-01 • Published 2013-10-01
A security module may be configured to execute on the electronic device at a level below all of the operating systems of an electronic device accessing the one or more system resources. The security module may be configured to: trap one or more attempts to access system resources of the electronic …
System and method for below-operating system modification of malicious code on …
US US8925089B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2014-12-30 • Published 2014-12-30
A system for securing an electronic device, may include a memory, a processor, one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic …
System and method for protecting and securing storage devices using below- …
US US8621620B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2013-12-31 • Published 2013-12-31
In one embodiment, a system for securing a storage device includes an electronic device comprising a processor, a storage device communicatively coupled to the processor, and a security agent. The security agent is configured to execute at a level below all of the operating systems of the …
System and method for proactive detection of malware device drivers via kernel …
US US9147071B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-07-20 • Filed 2010-07-20 • Granted 2015-09-29 • Published 2015-09-29
A method for detecting malware device drivers includes the steps of identifying one or more device drivers loaded on an electronic device, analyzing the device drivers to determine suspicious device drivers, accessing information about the suspicious device drivers in a reputation system, and …
System and method for below-operating system protection of an operating system …
US US8650642B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2014-02-11 • Published 2014-02-11
A below-operating system security agent may be configured to: (i) trap attempted accesses to the components of the operating system and the set of drivers executing on the electronic device; (ii) in response to trapping an attempted access, compare contextual information associated with the …
System and method for virtual machine monitor based anti-malware security
WO EP CN JP KR AU EP2691908B1 Ahmed Said Sallam McAfee, LLC
Priority 2011-03-28 • Filed 2012-03-27 • Granted 2018-12-05 • Published 2018-12-05
A method for securing an electronic device (204) against malware, comprising: using a first security agent (216) embodied in microcode of a processor of an electronic device (204) to intercept a communication comprising a request made by an operating system (212) to a resource (214) of the …
System and method for securing an input/output path of an application against …
US US8966624B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2015-02-24 • Published 2015-02-24
A system for securing an electronic device may include a memory, a processor, one or more operating systems residing in the memory for execution by the processor, an input-output (I/O) device of the electronic device coupled to the operating system; and a security agent configured to execute on …
System and method for firmware based anti-malware security
US US9747443B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-28 • Filed 2016-04-15 • Granted 2017-08-29 • Published 2017-08-29
A system for securing an electronic device includes a non-volatile memory, a processor coupled to the non-volatile memory, a resource of the electronic device, firmware residing in the non-volatile memory and executed by the processor, and a firmware security agent residing in the firmware. The …
System and method for below-operating system trapping of driver loading and …
US US8966629B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2015-02-24 • Published 2015-02-24
A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of one or more …
Atomic detection and repair of kernel memory
US US9703957B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-09-02 • Filed 2016-12-13 • Granted 2017-07-11 • Published 2017-07-11
A method for detecting memory modifications includes allocating a contiguous block of a memory of an electronic device, and loading instructions for detecting memory modifications into the contiguous block of memory. The electronic device includes a plurality of processing entities. The method …
System and method for securing access to system calls
US US8863283B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2014-10-14 • Published 2014-10-14
In one embodiment, a system for securing access to system calls includes a memory, an operating system configured to execute on an electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources associated …
System and method for providing a secured operating system execution …
US US9087199B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Granted 2015-07-21 • Published 2015-07-21
In one embodiment, a system for launching a security architecture includes an electronic device comprising a processor and one or more operating systems, a security agent, and a launching module. The launching module comprises a boot manager and a secured launching agent. The boot manager is …
System and method for below-operating system trapping and securing of …
US US8959638B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2015-02-17 • Published 2015-02-17
In one embodiment, a system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access by …
System, method, and computer program product for populating a list of known …
US US8527978B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2008-03-31 • Filed 2008-03-31 • Granted 2013-09-03 • Published 2013-09-03
A system, method, and computer program product are provided for populating a list of known wanted data. In use, an update to data is identified. In addition, a list of known wanted data is populated with the data, in response to the update.
Detecting computer worms as they arrive at local computers through open network …
US US7509680B1 Ahmed Sallam Symantec Corporation
Priority 2004-09-01 • Filed 2004-09-01 • Granted 2009-03-24 • Published 2009-03-24
A worm detection manager detects computer worms when they arrive at target computers via open network shares. The worm detection manager monitors incoming file system traffic, and determines the source of incoming files. The worm detection manager determines that an incoming file is infected with …
Systems and method for regulating software access to security-sensitive …
US US8549644B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-28 • Filed 2011-03-28 • Granted 2013-10-01 • Published 2013-10-01
A method for protecting an electronic device against malware includes consulting one or more security rules to determine a processor resource to protect, in a module below the level of all operating systems of the electronic device, intercepting an attempted access of the processor resource, …
Monitoring and controlling services
US US7797733B1 Ahmed Sallam Symantec Corporation
Priority 2004-01-08 • Filed 2004-01-08 • Granted 2010-09-14 • Published 2010-09-14
A service manager ( 101 ) monitors and controls services ( 111 ), thereby providing protection against associated security vulnerabilities. The service manager ( 101 ) intercepts calls ( 105 ) to service related operations made by acting applications ( 103 ) and determines which acting application ( 103 ) …
Method and system for detecting windows rootkit that modifies the kernel mode …
US US8281393B2 Ahmed Sallam Mcafee, Inc.
Priority 2006-11-08 • Filed 2006-11-08 • Granted 2012-10-02 • Published 2012-10-02
A method, system, and computer program product for detecting a kernel-mode rootkit that hooks the System Service Dispatch Table (SSDT) is secure, avoids false positives, and does not disable security applications. A method for detecting a rootkit comprises the steps of calling a function that …
Method and system for the detection of file system filter driver based rootkits
US US7647308B2 Ahmed Sallam Mcafee, Inc.
Priority 2006-11-08 • Filed 2006-11-08 • Granted 2010-01-12 • Published 2010-01-12
A method, system, and computer program product for detecting hidden files and folders that may be installed by or as part of a rootkit provides the capability to identify the method that is used to hide the files and folders, will continue working even if the operating system is modified, and is …
Regulating remote registry access over a computer network
US US7735100B1 Ahmed Sallam Symantec Corporation
Priority 2004-04-22 • Filed 2004-04-22 • Granted 2010-06-08 • Published 2010-06-08
Within the context of a system of networked computers, a remote registry access manager regulates remote registry access. In some embodiments, the remote registry access manager runs on a first computer and detects attempts by processes on the first computer to remotely access a second computer's …
Lightweight hooking mechanism for kernel level operations
US US7571448B1 Ahmed S. Sallam Symantec Corporation
Priority 2004-07-28 • Filed 2004-07-28 • Granted 2009-08-04 • Published 2009-08-04
A hooking control manager hooks kernel level operations. The kernel level hooking control manager identifies a kernel level component for which to filter outgoing kernel level system calls. For each of a select set of outgoing kernel level system calls imported by the kernel level component, the …
System and method for below-operating system trapping of driver filter …
US US9032525B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Granted 2015-05-12 • Published 2015-05-12
A system for protecting an electronic system against malware includes an operating system configured to execute on the electronic device, a driver coupled to the operating system, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one …
System and method for proactive detection and repair of malware memory …
US US8474039B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-01-27 • Filed 2010-01-27 • Granted 2013-06-25 • Published 2013-06-25
A method for detecting malware memory infections includes the steps of scanning a memory on an electronic device, determining a suspicious entry present in the memory, accessing information about the suspicious entry in a reputation system, and evaluating whether the suspicious entry indicates a …
System and method for securing access to the objects of an operating system
US US20120255003A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-31 • Filed 2011-03-31 • Published 2012-10-04
In one embodiment, a system for protecting an electronic device against malware includes an object-oriented operating system configured to execute on the electronic device and a below-operating-system security agent. The below-operating-system security agent may be configured to trap an attempted …
System and method for below-operating system repair of related malware-infected …
US US20120255014A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-29 • Filed 2011-03-29 • Published 2012-10-04
A security agent may be configured to: (i) execute on an electronic device at a level below all of the operating systems of the electronic device accessing a memory or processor resources of the electronic device; (ii) trap attempted accesses to the memory or the processor resources associated …
System and method for virtual machine monitor based anti-malware security
US US20120254993A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-28 • Filed 2011-03-28 • Published 2012-10-04
A system for securing an electronic device includes a memory, a processor, one or more operating systems residing in the memory for execution by the processor, a resource of the electronic device communicatively coupled to the operating system, a virtual machine monitor configured to execute on …
System and method for securing memory using below-operating system trapping
US US20120255031A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2011-03-28 • Filed 2011-03-28 • Published 2012-10-04
In one embodiment, a system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more …
Method and system for protection against unknown malicious activities observed …
US US20110185428A1 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-01-27 • Filed 2010-01-27 • Published 2011-07-28
A method for monitoring an application includes the steps of detecting the download of an application that originates from a website, identifying the domain of the website, and querying a database to select one or more behavioral analysis rules to apply to the application. The behavioral analysis …
Method and system for discrete stateful behavioral analysis
US US8307434B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2010-01-27 • Filed 2010-01-27 • Granted 2012-11-06 • Published 2012-11-06
A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system …
Behavioral analysis apparatus and associated method that utilizes a system …
US US7840501B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2007-07-12 • Filed 2007-07-12 • Granted 2010-11-23 • Published 2010-11-23
A behavioral analysis technique is provided that utilizes a system selected based on a level of data. In use, a level associated with data is identified. In addition, a behavioral analysis is performed on the data utilizing one of a plurality of systems that is selected based on the identified …
Using mobility tokens to observe malicious mobile code
US US7337327B1 Ahmed Sallam Symantec Corporation
Priority 2004-03-30 • Filed 2004-03-30 • Granted 2008-02-26 • Published 2008-02-26
One or more mobility token managers ( 101 ) track movement of files ( 105 ) within a network. A mobility token manager ( 101 ) on a source computer ( 113 ) detects an attempt to write a file ( 105 ) to a target computer ( 117 ). Responsive to the detection, the mobility token manager ( 101 ) writes a mobility …
Conducting online meetings using user behavior models based on predictive …
US US20160277242A1 Ahmed Said Sallam Citrix Systems, Inc.
Priority 2015-03-18 • Filed 2015-03-18 • Published 2016-09-22
Conducting online meetings using natural language processing for automated …
US US20160337413A1 Ahmed Said Sallam Citrix Systems, Inc.
Priority 2015-05-11 • Filed 2015-05-11 • Published 2016-11-17
A computer-implemented method of conducting an online meeting includes maintaining, by processing circuitry, an enterprise content management system storing metadata describing computer-renderable stored content items. The method further includes continually recognizing and analyzing, by the …
Enterprise computing environment with continuous user authentication
US US20160337328A1 Ahmed Said Sallam Citrix Systems, Inc.
Priority 2015-05-11 • Filed 2015-05-11 • Published 2016-11-17
Continuous user authentication includes receiving authentication event information including (1) transaction information describing authentication transactions, the transaction information received from authentication providers and including identification of users and instances of authentication …
Content Management of Public/Private Content, Including Use of Digital …
US US20080222419A1 Ahmed Tewfik Ahmed Tewfik
Priority 2001-04-30 • Filed 2007-10-31 • Published 2008-09-11
A public version of content includes information to access a private version. The private version is typically of higher value, as it is a complete version and/or of higher audio or video quality than the public version. The public version can be shared or played without restriction, which enables …
Duplicating handles of target processes without having debug privileges
US US7334163B1 Ahmed Sallam Symantec Corporation
Priority 2004-06-16 • Filed 2004-06-16 • Granted 2008-02-19 • Published 2008-02-19
A source process duplicates handles owned by a target process, without the source process having debug privileges. A handle duplication manager running in kernel space receives requests from source processes for duplicates of handles owned by remote target processes. In response to a request, the …
System and method for correlating network traffic and corresponding file input/ …
US US7441042B1 Ahmed Sallam Symanetc Corporation
Priority 2004-08-25 • Filed 2004-08-25 • Granted 2008-10-21 • Published 2008-10-21
A correlation manager correlates network traffic with corresponding file input/output activity. In some embodiments, a correlation manager filters both remote network traffic received by a kernel level fileserver and file input/output operations executed by the kernel level fileserver. The …
Using behavior blocking mobility tokens to facilitate distributed worm …
US US7690034B1 Ahmed Sallam Symantec Corporation
Priority 2004-09-10 • Filed 2004-09-10 • Granted 2010-03-30 • Published 2010-03-30
Behavior blocking mobility token managers track movement of suspicious files within a network. A behavior blocking mobility token manager on a source computer detects an attempt by a process on the source computer to write a file to a target computer. The behavior blocking mobility token manager …
Robustly regulating access to executable class registry entries
US US8108937B1 Ahmed Sallam Symantec Corporation
Priority 2004-04-26 • Filed 2004-04-26 • Granted 2012-01-31 • Published 2012-01-31
System, method, and computer program product for terminating a hidden kernel …
US US8613006B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2007-08-17 • Filed 2011-12-15 • Granted 2013-12-17 • Published 2013-12-17
A system, method, and computer program product are provided for terminating a hidden kernel process. In use, a hidden kernel process structure associated with a hidden kernel process is identified. In addition, the hidden kernel process structure is inserted into an active process list. Further, …
System, method, and computer program product for copying a modified page table …
US US8285958B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2007-08-10 • Filed 2007-08-10 • Granted 2012-10-09 • Published 2012-10-09
A system, method, and computer program product are provided for copying a modified page table entry to a translation look aside buffer. In use, a page table entry corresponding to an original page associated with original code is identified. In addition, a page mapping in a translation look aside …
Conducting online meetings with intelligent environment configuration
US US9917867B2 Ahmed Said Sallam Citrix Systems, Inc.
Priority 2015-05-11 • Filed 2015-05-11 • Granted 2018-03-13 • Published 2018-03-13
A computer-implemented method of conducting online meetings includes gathering sensed environment information from a set of intelligent sensor devices in physical user environments, along with meeting information describing online meetings in which the users participate while located in the …
System, method and computer program product for inserting an emulation layer in …
US US8863159B2 Ahmed Said Sallam Mcafee, Inc.
Priority 2006-07-11 • Filed 2006-07-11 • Granted 2014-10-14 • Published 2014-10-14
A system, method and computer program product are provided. In use, a COM server dynamic link library is identified. Further, an emulation layer is inserted in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library. As an option, …
System, method and computer program product for sending unwanted activity …
US US8365276B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2007-12-10 • Filed 2007-12-10 • Granted 2013-01-29 • Published 2013-01-29
A system, method and computer program product are provided for sending, to a central system, information associated with unwanted activity. In use, information associated with unwanted activity is identified utilizing a plurality of different types of security systems. Further, the information is …
Conducting online meetings using augmented equipment environment
US US20160277456A1 Ahmed Said Sallam Citrix Systems, Inc.
Priority 2015-03-18 • Filed 2015-03-18 • Published 2016-09-22
Techniques for conducting online meetings involve expanding the scope of devices beyond basic peripheral devices, such as built-in cameras or displays, that are part of user computing devices serving as clients in online meeting sessions. A disclosed technique includes gathering device information …
System, method, and computer program product for determining whether a hook is …
US US8458794B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2007-09-06 • Filed 2007-09-06 • Granted 2013-06-04 • Published 2013-06-04
A system, method, and computer program product are provided for determining whether a hook is associated with potentially unwanted activity. In use, a hook is identified in a data section or a code section. Additionally, a first enumeration of objects associated with the data section or the code …
System, method, and computer program product for detecting unwanted activity …
US US8291494B1 Ahmed Said Sallam Mcafee, Inc.
Priority 2008-07-08 • Filed 2008-07-08 • Granted 2012-10-16 • Published 2012-10-16
A system, method, and computer program product are provided for detecting unwanted activity associated with an object, based on an attribute associated with the object. In use, an object is labeled with an attribute of a predetermined behavior based on detection of the predetermined behavior in …
US US20040174996A1 Ahmed Tewfik Ahmed Tewfik
Priority 1996-08-30 • Filed 2001-04-30 • Published 2004-09-09
Mr. Ahmed Sallam Conference Talks
Desktop of the Future, CTO Office talk, Citrix Synergy, 2014.
Intel Developers’ Conference, BYOD and Consumerization Panel, 2013 (link)
The CTO Keynote talk, Citrix Synergy Barcelona, 2013
XenClient and future of client virtualization management and security, Citrix Synergy 2012
Hosted client virtualization security, Intel IDF 2012
Consumerization of IT, Citrix Synergy panel, 2012
Synergy San Francisco, CTO Talk, Future of Virtual Desktops, Citrix, 2013
Click here for more
Synergy Barcelona, Geek Speak Opening session, Citrix Systems, 2012
Synergy Barcelona, Day Two Super Session Keynote, Citrix Systems, 2012
Intel Developer’s Forum, CTO Panel, 2013
ARM TechCon, Micro-Server Launch, keynote talk, 2012
ARM TechCon, Citrix Open Source and Future of Scale-Out Architecture, 2013
VIP guest speaker, Intel Trend Spotter annual conference, 2011
Keynote co-speaker with Justin Ratner, Intel Labs annual conference, 2011
Main speaker, Intel Trend Spotter Conference, 2011
Main speaker, Intel Council of Corporate Senior Fellows, 2011
Main speaker, Operation Aurora and the hacking of Corporate America, Intel Security Event, 2009.
Windows Code Shredded, RSA Conference, San Francisco, March 2009
Security and the Cloud, VMWare VMworld September 2009
Windows Kernel Design and Rootkits DKOM attacks, Virus Bulletin Conference 2009
Virtualization Security Mistakes, SANS Webinar, September 2009
Distributed Social Immunity, RSA Conference Europe 2008
Termination of Windows hidden stealth processes, Virus Bulletin Conference, 2007.
Mr. Ahmed Sallam's Blogs and Publications
Citrix® Enterprise Mobility Management Support for Intel® Device Protection Technology.
Red Hat, Xen, Java, Cloudera prepped for 64-bit ARM.
ARM SEC filing, reference to contribution towards development of ARM Microserver ecosystem.
Citrix collaboration with ARM Holdings unifying ARM v8A 64-bits Server Architecture.
Intel and Citrix white paper for nested of virtualization through VMCS shadowing.
XenClient XT as an open extensible platform of innovation for virtualization systems security
Intelligent Desktop Virtualization as an enabler for next generation computing experience
The New Era of Mega Trends: Hardware Rooted Security.
McAfee DeepSAFE Below OS Security, Intel Publication, 2011
DeepSAFE, new parading shift, Security below the OS.
Click here for more
Citrix imagines Desktop of the Future, video interview.
Intel Corp, Root Out Rootkits, an inside look at McAfee® Deep Defender.
Ahmed Sallam, Citrix CTO / VP, Virtualization, Security and Hardware blog articles series.
Citrix Platforms as a Secure End-to-End Online Voting Solution.
Hosted Desktop and Evolving Hardware Server Technologies, Citrix 2014 Edition
Hosted Desktop and Evolving Hardware Server Technologies, Citrix 2015 Edition
Nested Hypervisors via VMCS Shadowing paper, Intel Corp, 2012
4th gen Intel’s processor nested virtualization and security microvisors, Intel publication, 2012.
The new Era of Mega Trends, Hardware-Rooted Security, Citrix 2014
Root Out Rootkits An inside look at McAfee® Deep Defender.
Intel and Citrix collaboration to bring support for hardware accelerated nesting of hypervisors into market.
McAfee podcast on Rootkits protection (2007), Episode1 and Episode2.
The truths and myths about Blue Pill and virtualized malware, McAfee Labs, 2007.
Rootkits: A Technical Prime, McAfee labs, September 2006