Jiang F Wang

US Patent:

20090125902, May 14, 2009

Filed:

Feb 26, 2008

Appl. No.:

12/037412

Inventors:

Anup K. Ghosh - Centreville VA, US
Sushil Jajodia - Oakton VA, US
Yih Huang - Fairfax VA, US
Jiang Wang - Fairfax VA, US

International Classification:

G06F 9/455

US Classification:

718 1

Abstract:

An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

US Patent:

20100122343, May 13, 2010

Filed:

Sep 14, 2009

Appl. No.:

12/558841

Inventors:

Anup Ghosh - Centreville VA, US
Yih Huang - Fairfax VA, US
Jiang Wang - Fairfax VA, US
Angelos Stavrou - Springfield VA, US

International Classification:

G06F 11/00

US Classification:

726 23

Abstract:

Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

US Patent:

20110167492, Jul 7, 2011

Filed:

Jun 30, 2010

Appl. No.:

12/827203

Inventors:

Anup K. Ghosh - Centreville VA, US
Sushil Jajodia - Oakton VA, US
Yih Huang - Fairfax VA, US
Jiang Wang - Fairfax VA, US

International Classification:

G06F 21/00
G06F 3/048
G06F 15/16

US Classification:

726 23, 715733

Abstract:

An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.

US Patent:

20120297057, Nov 22, 2012

Filed:

Nov 15, 2011

Appl. No.:

13/296312

Inventors:

Anup K. Ghosh - Centreville VA, US
Kun Sun - Fairfax VA, US
Jiang Wang - Fairfax VA, US
Angelos Stavrou - Springfield VA, US

International Classification:

G06F 15/173

US Classification:

709224

Abstract:

A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.

US Patent:

20120297177, Nov 22, 2012

Filed:

Nov 15, 2011

Appl. No.:

13/296303

Inventors:

Anup K. Ghosh - Centerville VA, US
Kun Sun - Fairfax VA, US
Jiang Wang - Fairfax VA, US
Angelos Stavrou - Springfield VA, US

International Classification:

G06F 15/177

US Classification:

713 2

Abstract:

An interoperable firmware memory containing a Basic Input Output System (BIOS) and a trusted platform module (TPSM). The BIOS includes CPU System Management Mode (SMM) firmware configured as read-only at boot. The SMM firmware configured to control switching subsequent to boot between at least: a first memory and second isolated memory; and a first and second isolated non-volatile storage device. The first memory including a first operating system and the second memory including a second operating system. The first non-volatile storage device configured to be used by the first operating system and the second non-volatile storage device configured to be used by the second operating system. The trusted platform module (TPSM) configured to check the integrity of the CPU system Management Mode (SMM) during the boot process.

US Patent:

20200267173, Aug 20, 2020

Filed:

Feb 13, 2020

Appl. No.:

16/789973

Inventors:

- Fairfax VA, US
Yih HUANG - Fairfax VA, US
Jiang WANG - Fairfax VA, US
Angelos STAVROU - Springfield VA, US

Assignee:

George Mason Research Foundation, Inc. - Fairfax VA

International Classification:

H04L 29/06
G06F 21/55
G06F 9/455
G06F 21/53

Abstract:

Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

US Patent:

20190158523, May 23, 2019

Filed:

Jan 17, 2019

Appl. No.:

16/250006

Inventors:

- Fairfax VA, US
Yih HUANG - Fairfax VA, US
Jiang WANG - Fairfax VA, US
Angelos STAVROU - Springfield VA, US

Assignee:

George Mason Research Foundation, Inc. - Fairfax VA

International Classification:

H04L 29/06
G06F 9/455
G06F 21/53
G06F 21/55

Abstract:

Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

US Patent:

20180103053, Apr 12, 2018

Filed:

Dec 14, 2017

Appl. No.:

15/841913

Inventors:

- Fairfax VA, US
Yih HUANG - Fairfax VA, US
Jiang WANG - Fairfax VA, US
Angelos STAVROU - Springfield VA, US

Assignee:

George Mason Research Foundation, Inc. - Fairfax VA

International Classification:

H04L 29/06
G06F 21/55
G06F 21/53
G06F 9/455

Abstract:

Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OSVM. A detection module operates under the guest OSVM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.