Intellectual Property
Issued Patents
Sole inventor of 50+ Issued US Patents:
Issuance # Patent title
9,917,867 Conducting online meetings with intelligent environment configuration
9,886,579 Method and system for proactive detection of malicious shared libraries via a remote reputation system
9,781,090 Enterprise computing environment with continuous user authentication
9,769,200 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation
9,747,443 System and method for firmware based anti-malware security
9,679,136 Method and system for discrete stateful behavioral analysis
9,530,001 System and method for below-operating system trapping and securing loading of code into memory
9,479,530 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation
9,392,016 System and method for below-operating system regulation and control of self-modifying code
9,317,690 System and method for firmware based anti-malware security
9,262,246 System and method for securing memory and storage of an electronic device with a below-operating system security agent
9,202,048 Method and system for discrete stateful behavioral analysis
9,147,071 System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system
9,087,199 System and method for providing a secured operating system execution environment
9,038,176 System and method for below-operating system trapping and securing loading of code into memory
9,032,525 System and method for below-operating system trapping of driver filter attachment
8,966,629 System and method for below-operating system trapping of driver loading and unloading
8,966,624 System and method for securing an input/output path of an application against malware with a below-operating system security agent
8,959,638 System and method for below-operating system trapping and securing of interdriver communication
8,955,131 Method and system for proactive detection of malicious shared libraries via a remote reputation system
8,925,089 System and method for below-operating system modification of malicious code on an electronic device
8,863,283 System and method for securing access to system calls
8,863,159 System, method and computer program product for inserting an emulation layer in association with a COM server DLL
8,819,826 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation
8,813,227 System and method for below-operating system regulation and control of self-modifying code
8,650,642 System and method for below-operating system protection of an operating system kernel
8,621,620 System and method for protecting and securing storage devices using below-OS trapping
8,613,006 System, method, and computer program product for terminating a hidden kernel process
8,549,648 Systems and methods for identifying hidden processes
8,549,644 Systems and method for regulating software access to security-sensitive processor resources
8,527,978 System, method, and computer program product for populating a list of known wanted data
8,474,039 System and method for proactive detection and repair of malware memory infection via a remote memory reputation system
8,458,794 System, method, and computer program product for determining whether a hook is associated with potentially unwanted activity
8,365,276 System, method and computer program product for sending unwanted activity information to a central system
8,307,434 Method and system for discrete stateful behavioral analysis
8,291,494 System, method, and computer program product for detecting unwanted activity associated with an object, based on an attribute associated with the object
8,285,958 System, method, and computer program product for copying a modified page table entry to a translation look aside buffer
8,281,393 Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table
8,108,937 Robustly regulating access to executable class registry entries
8,099,740 System, method, and computer program product for terminating a hidden kernel process
7,966,490 Using mobility tokens to observe malicious mobile code
7,840,501 Behavioral analysis apparatus and associated method that utilizes a system selected based on a level of data
7,735,100 Regulating remote registry access over a computer network
7,690,034 Using behavior blocking mobility tokens to facilitate distributed worm detection
7,647,308 Method and system for the detection of file system filter driver based rootkits
7,571,448 Lightweight hooking mechanism for kernel level operations
7,509,680 Detecting computer worms as they arrive at local computers through open network shares
7,441,042 System and method for correlating network traffic and corresponding file input/output traffic
7,337,327 Using mobility tokens to observe malicious mobile code
7,334,163 Duplicating handles of target processes without having debug privileges
Conference Talks
Desktop of the Future, CTO Office talk, Citrix Synergy, 2014.
Intel Developers’ Conference, BYOD and Consumerization Panel, 2013 (link)
The CTO Keynote talk, Citrix Synergy Barcelona, 2013
XenClient and future of client virtualization management and security, Citrix Synergy 2012
Hosted client virtualization security, Intel IDF 2012
Consumerization of IT, Citrix Synergy panel, 2012
Synergy San Francisco, CTO Talk, Future of Virtual Desktops, Citrix, 2013
Synergy Barcelona, Geek Speak Opening session, Citrix Systems, 2012
Synergy Barcelona, Day Two Super Session Keynote, Citrix Systems, 2012
Intel Developer’s Forum, CTO Panel, 2013
ARM TechCon, Micro-Server Launch, keynote talk, 2012
ARM TechCon, Citrix Open Source and Future of Scale-Out Architecture, 2013
VIP guest speaker, Intel Trend Spotter annual conference, 2011
Keynote co-speaker with Justin Ratner, Intel Labs annual conference, 2011
Main speaker, Intel Trend Spotter Conference, 2011
Main speaker, Intel Council of Corporate Senior Fellows, 2011
Main speaker, Operation Aurora and the hacking of Corporate America, Intel Security Event, 2009.
Windows Code Shredded, RSA Conference, San Francisco, March 2009
Security and the Cloud, VMWare VMworld September 2009
Windows Kernel Design and Rootkits DKOM attacks, Virus Bulletin Conference 2009
Virtualization Security Mistakes, SANS Webinar, September 2009
Distributed Social Immunity, RSA Conference Europe 2008
Termination of Windows hidden stealth processes, Virus Bulletin Conference, 2007.
Blogs and Publications
Citrix® Enterprise Mobility Management Support for Intel® Device Protection Technology.
Red Hat, Xen, Java, Cloudera prepped for 64-bit ARM.
ARM SEC filing, reference to contribution towards development of ARM Microserver ecosystem.
Citrix collaboration with ARM Holdings unifying ARM v8A 64-bits Server Architecture.
Intel and Citrix white paper for nested of virtualization through VMCS shadowing.
XenClient XT as an open extensible platform of innovation for virtualization systems security
Intelligent Desktop Virtualization as an enabler for next generation computing experience
The New Era of Mega Trends: Hardware Rooted Security.
McAfee DeepSAFE Below OS Security, Intel Publication, 2011
DeepSAFE, new parading shift, Security below the OS.
Citrix imagines Desktop of the Future, video interview.
Intel Corp, Root Out Rootkits, an inside look at McAfee® Deep Defender.
Ahmed Sallam, Citrix CTO / VP, Virtualization, Security and Hardware blog articles series.
Citrix Platforms as a Secure End-to-End Online Voting Solution.
Hosted Desktop and Evolving Hardware Server Technologies, Citrix 2014 Edition
Hosted Desktop and Evolving Hardware Server Technologies, Citrix 2015 Edition
Nested Hypervisors via VMCS Shadowing paper, Intel Corp, 2012
4th gen Intel’s processor nested virtualization and security microvisors, Intel publication, 2012.
The new Era of Mega Trends, Hardware-Rooted Security, Citrix 2014
Root Out Rootkits An inside look at McAfee® Deep Defender.
Intel and Citrix collaboration to bring support for hardware accelerated nesting of hypervisors into market.
McAfee podcast on Rootkits protection (2007), Episode1 and Episode2.
The truths and myths about Blue Pill and virtualized malware, McAfee Labs, 2007.
Rootkits: A Technical Prime, McAfee labs, September 2006