Intellectual Property

Issued Patents

Sole inventor of 50+ Issued US Patents:

Issuance # Patent title

  1. 10,740,463 Method and system for proactive detection of malicious shared libraries via a remote reputation system

  2. RE48,043 Method and system for proactive detection of malicious shared libraries via a remote reputation system

  3. 9,917,867 Conducting online meetings with intelligent environment configuration

  4. 9,886,579 Method and system for proactive detection of malicious shared libraries via a remote reputation system

  5. 9,781,090 Enterprise computing environment with continuous user authentication

  6. 9,769,200 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation

  7. 9,747,443 System and method for firmware based anti-malware security

  8. 9,703,957 Atomic detection and repair of kernel memory

  9. 9,679,136 Method and system for discrete stateful behavioral analysis

  10. 9,536,089 Atomic detection and repair of kernel memory

  11. 9,530,001 System and method for below-operating system trapping and securing loading of code into memory

  12. 9,479,530 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation

  13. 9,392,016 System and method for below-operating system regulation and control of self-modifying code

  14. 9,317,690 System and method for firmware based anti-malware security

  15. 9,262,246 System and method for securing memory and storage of an electronic device with a below-operating system security agent

  16. 9,202,048 Method and system for discrete stateful behavioral analysis

  17. 9,147,071 System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system

  18. 9,087,199 System and method for providing a secured operating system execution environment

  19. 9,038,176 System and method for below-operating system trapping and securing loading of code into memory

  20. 9,032,525 System and method for below-operating system trapping of driver filter attachment

  21. 8,966,629 System and method for below-operating system trapping of driver loading and unloading

  22. 8,966,624 System and method for securing an input/output path of an application against malware with a below-operating system security agent

  23. 8,959,638 System and method for below-operating system trapping and securing of interdriver communication

  24. 8,955,131 Method and system for proactive detection of malicious shared libraries via a remote reputation system

  25. 8,925,089 System and method for below-operating system modification of malicious code on an electronic device

  26. 8,863,283 System and method for securing access to system calls

  27. 8,863,159 System, method and computer program product for inserting an emulation layer in association with a COM server DLL

  28. 8,819,826 Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation

  29. 8,813,227 System and method for below-operating system regulation and control of self-modifying code

  30. 8,650,642 System and method for below-operating system protection of an operating system kernel

  31. 8,621,620 System and method for protecting and securing storage devices using below-OS trapping

  32. 8,613,006 System, method, and computer program product for terminating a hidden kernel process

  33. 8,549,648 Systems and methods for identifying hidden processes

  34. 8,549,644 Systems and method for regulating software access to security-sensitive processor resources

  35. 8,527,978 System, method, and computer program product for populating a list of known wanted data

  36. 8,474,039 System and method for proactive detection and repair of malware memory infection via a remote memory reputation system

  37. 8,458,794 System, method, and computer program product for determining whether a hook is associated with potentially unwanted activity

  38. 8,365,276 System, method and computer program product for sending unwanted activity information to a central system

  39. 8,307,434 Method and system for discrete stateful behavioral analysis

  40. 8,291,494 System, method, and computer program product for detecting unwanted activity associated with an object, based on an attribute associated with the object

  41. 8,285,958 System, method, and computer program product for copying a modified page table entry to a translation look aside buffer

  42. 8,281,393 Method and system for detecting windows rootkit that modifies the kernel mode system service dispatch table

  43. 8,108,937 Robustly regulating access to executable class registry entries

  44. 8,099,740 System, method, and computer program product for terminating a hidden kernel process

  45. 7,966,490 Using mobility tokens to observe malicious mobile code

  46. 7,840,501 Behavioral analysis apparatus and associated method that utilizes a system selected based on a level of data

  47. 7,797,733 Monitoring and controlling services

  48. 7,735,100 Regulating remote registry access over a computer network

  49. 7,690,034 Using behavior blocking mobility tokens to facilitate distributed worm detection

  50. 7,647,308 Method and system for the detection of file system filter driver based rootkits

  51. 7,571,448 Lightweight hooking mechanism for kernel level operations

  52. 7,509,680 Detecting computer worms as they arrive at local computers through open network shares

  53. 7,441,042 System and method for correlating network traffic and corresponding file input/output traffic

  54. 7,337,327 Using mobility tokens to observe malicious mobile code

  55. 7,334,163 Duplicating handles of target processes without having debug privileges

Conference Talks

  • Desktop of the Future, CTO Office talk, Citrix Synergy, 2014.

  • Intel Developers’ Conference, BYOD and Consumerization Panel, 2013 (link)

  • The CTO Keynote talk, Citrix Synergy Barcelona, 2013

  • XenClient and future of client virtualization management and security, Citrix Synergy 2012

  • Hosted client virtualization security, Intel IDF 2012

  • Consumerization of IT, Citrix Synergy panel, 2012

  • Synergy San Francisco, CTO Talk, Future of Virtual Desktops, Citrix, 2013

  • Synergy Barcelona, Geek Speak Opening session, Citrix Systems, 2012

  • Synergy Barcelona, Day Two Super Session Keynote, Citrix Systems, 2012

  • Intel Developer’s Forum, CTO Panel, 2013

  • ARM TechCon, Micro-Server Launch, keynote talk, 2012

  • ARM TechCon, Citrix Open Source and Future of Scale-Out Architecture, 2013

  • VIP guest speaker, Intel Trend Spotter annual conference, 2011

  • Keynote co-speaker with Justin Ratner, Intel Labs annual conference, 2011

  • Main speaker, Intel Trend Spotter Conference, 2011

  • Main speaker, Intel Council of Corporate Senior Fellows, 2011

  • Main speaker, Operation Aurora and the hacking of Corporate America, Intel Security Event, 2009.

  • Windows Code Shredded, RSA Conference, San Francisco, March 2009

  • Security and the Cloud, VMWare VMworld September 2009

  • Windows Kernel Design and Rootkits DKOM attacks, Virus Bulletin Conference 2009

  • Virtualization Security Mistakes, SANS Webinar, September 2009

  • Distributed Social Immunity, RSA Conference Europe 2008

  • Termination of Windows hidden stealth processes, Virus Bulletin Conference, 2007.


Blogs and Publications