Patent Grant
12278819
The present disclosure relates generally to cybersecurity threat detection, and specifically to determining effective permissions of principals to determine cybersecurity threats.
Organizations are increasingly turning to hybrid and multi-cloud platform solutions. Such solutions utilize multiple public cloud computing environments, or combinations of private and public cloud computing environments. Cloud computing environments, such as Amazon® Web Services (AWS), Microsoft® Azure, Google® Cloud platform, and the like, may offer similar functionalities, but often have different implementations, even for similar technology stacks. For example, a container engine deployed in AWS is deployed differently than in Azure. However, each of these platforms may provide different benefits to an organization, which makes it worthwhile to maintain such structures.
A drawback of having a multi-cloud solution is that managing different cloud entities across multiple platforms has increased complexity, especially where the platforms do not offer a bridging solution. Managing access within a cloud computing environment, and between cloud computing environments is crucial for cybersecurity purposes, as mismanaged access can result in mistakes (e.g., a junior grade user shutting down a server) or active cybersecurity threats, such as data theft.
Cloud computing environments include cloud entities such as principals and resources. A principal is a cloud entity that may initiate actions in the cloud computing environment and act on resources. A principal may be a user account, for example. A resource is a cloud entity which provides access to computing resources such as storage, memory, processors, and the like, or services, such as web applications. In order to understand which of these cloud entities may access others, an administrator must check, for each cloud entity, whether it can access, or be accessed by, every other cloud entity.
For typical cloud computing environments, this can lead to a large and complicated calculation requiring large compute and memory resources to accomplish, and in most cases, it is not a feasible solution.
It would therefore be advantageous to provide a solution that would overcome the challenges noted above.
A summary of several example embodiments of the disclosure follows. This summary is provided for the convenience of the reader to provide a basic understanding of such embodiments and does not wholly define the breadth of the disclosure. This summary is not an extensive overview of all contemplated embodiments, and is intended to neither identify key or critical elements of all embodiments nor to delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more embodiments in a simplified form as a prelude to the more detailed description that is presented later. For convenience, the term “some embodiments” or “certain embodiments” may be used herein to refer to a single embodiment or multiple embodiments of the disclosure.
Certain embodiments disclosed herein include a method for detecting effective permissions of a principal in a cloud computing environment. The method comprises: detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; selecting a first principal node from the group of principal nodes; determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and associating the group of principal nodes with the determined permission.
Certain embodiments disclosed herein also include a non-transitory computer readable medium having stored thereon causing a processing circuitry to execute a process, the process comprising: detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; selecting a first principal node from the group of principal nodes; determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and associating the group of principal nodes with the determined permission.
Certain embodiments disclosed herein also include a system for detecting effective permissions of a principal in a cloud computing environment. The system comprises: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: detect a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; select a first principal node from the group of principal nodes;
The subject matter disclosed herein is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the disclosed embodiments will be apparent from the following detailed description taken in conjunction with the accompanying drawings.
It is important to note that the embodiments disclosed herein are only examples of the many advantageous uses of the innovative teachings herein. In general, statements made in the specification of the present application do not necessarily limit any of the various claimed embodiments. Moreover, some statements may apply to some inventive features but not to others. In general, unless otherwise indicated, singular elements may be in plural and vice versa with no loss of generality. In the drawings, like numerals refer to like parts through several views.
The various disclosed embodiments include a method and system for detecting permission misconfigurations by detecting effective permissions. Effective permissions are permissions which, for example, a principal has in practice. Effective permissions may or may not overlap with what permissions an administrator intends a principal to have. For example, a principal may have more permissions (i.e., higher permissions), than what an administrator intended to have. The system performs identity mapping for detecting the effective permissions, whereby principals and resources of a cloud computing environment, or of different cloud computing environments, are mapped into a security graph using a unified model. The unified model includes a principal data structure for defining a principal, and a resource data structure which defines a resource. Thus, principals from different cloud environments, for example, are defined using a principal data structure, which allows standardizing how a principal is defined. Principals and resources are cloud entities. A principal is a cloud entity which has permission to act on a resource, for example by initiating actions in or on the cloud computing environment. A principal may be, for example, a user account, a service account, a role, and the like. A resource is a cloud entity which provides access to hardware, such as processing, storage, memory, and the like, or provides access to a service, a virtualization, and the like. A resource may be, for example, a virtual machine, a container, a serverless function, a web application firewall, an application programming interface (API) gateway, a load balancer, a bucket, and the like.
Mapping principals to the security graph further includes detecting permissions accessed from the cloud environment. For example, an API of a cloud computing environment may be queried to determine security policies, permissions, rules, and the like which apply to principals, resources, and a combination thereof. Principals and resources are represented (i.e., mapped) in the security graph by nodes, each node generated based on the corresponding data structure. A permission may be represented in the security graph by an edge, such that an edge connecting a principal node (i.e., a node representing a principal) to a resource node (i.e., a node representing a resource) indicates a certain permission, whereby the principal has a permission with respect to the resource.
Traversing the security graph allows detection of cybersecurity threats, for example by detecting permission escalation potential between two or more principal nodes, detecting effective permissions of a principal, and the like. However, determining permissions for each principal on each resource is a processing intensive procedure. Therefore, in order to decrease complexity of the security graph, various optimizations, such as utilizing maximal biclique, are implemented when generating connections (i.e., representing permissions) in the graph between principals and resources. This allows to decrease memory usage and processing resources, resulting in a system with increased security utilizing less resources than the prior art.
It is noted in this regard that determining effective permissions is something a human can do. However, it is recognized that cloud computing environments contain many relationships between principals and resources, often exceeding thousands in number. Even where a human could conceivably determine what the effective permissions are for each principal acting on each resource, no human can compute this fast enough to be actionable in the context of a cybersecurity threat. Furthermore, these relationships constantly change as administrators are changing the environments, resources, such as containers, are spun up and spun down, all of which result in effective permissions being constantly subject to change.
Additionally, certain advantages disclosed herein, such as utilizing maximal bicliques, improve the operation of a computer system determining effective permissions, and as such cannot be performed by a human.
However, utilizing different cloud environments may lead to complicated security policies, which in turn can present vulnerabilities for an organization. In order to at least minimize these, it would be beneficial to have a single normalized (i.e., unified) model for all cloud computing environments, in order to more easily understand where potential threats and risks are.
Generally, every cloud environment includes principals, which act on resources. A principal may be a user account, service account, role, and the like, while a resource may be a virtual machine, container, serverless function, and the like. Each cloud computing environment may include different definitions and data structures for what constitutes a principal or a resource. For example, in some cloud environments code may execute as a user account rather than a service account, while in others code can only execute as a service account.
A first cloud computing environment 110 includes a plurality of user accounts 114, a plurality of resources 116, and a plurality of roles 118. A role 118 is a set of one or more permissions which may be associated with one or more user accounts 114. A user account 114 may be associated with a plurality of roles. The cloud computing environment 110 further includes a policy server 112, which includes one or more policies, each policy including one or more permissions which allow a user account 114, a role 118 or both, access to a resource 116. A policy may be implemented, for example, as a JSON file including therein text which indicates what certain permissions are. A policy may include wildcards, allowing, for example, every user account having an email address at a first domain access to a first resource, and user accounts having an email address at a second domain access to the first resource and to a second resource.
A second cloud computing environment 120 includes a plurality of user accounts 124, a plurality of resources 126, and an API server 122. The API server 122 may provide upon request data including user accounts, applications, resources, and relationships (i.e., permissions) between them.
Each of the cloud computing environments 110 and 120 are communicatively connected to a unifying identity mapper 130. In an embodiment, the unifying identity mapper 130 may be implemented in a security environment 131. The security environment 131 may be implemented as a cloud computing environment, such as Azure. The security environment 131 further includes a graph database 132, on which a security graph may be stored. A security graph is configured to represent a plurality of cloud computing environments. For example, the unifying identity mapper 130 may store identities as nodes in the security graph, where a node represents an identity. An identity may be, for example, a unique user account, unique service account, and the like.
In an embodiment, the first cloud computing environment 110 and the second cloud computing environment 120 may be the same type of cloud environment, or different types of cloud environments. For example, a first cloud computing environment may be deployed in AWS, while the second cloud computing environment is deployed in Azure. As another example, the first and second cloud computing environments 110 and 120 may be both deployed in AWS, as separate environments under the same cloud computing architecture. For example, each cloud computing environment may be deployed as a virtual private cloud (VPC) in AWS.
In some embodiments, the unifying identity mapper 130 (also referred to as mapper 130) may be implemented in the first cloud computing environment 110, the second cloud computing environment 120, or a different networked or cloud computing environment. The mapper 130 is configured to receive from each cloud computing environment data pertaining to principals, user accounts, service accounts, resources, roles, policies, permissions, and the like.
Receiving such data may be different based on the cloud environment architecture. For example, Google® Cloud Platform provides such information by accessing an API. In an embodiment the mapper 130 is configured to call the API with a request to receive the data. As another example, AWS utilizes policies which may be requested as JSON files. In an embodiment the mapper 130 is configured to read data from the JSON file. The mapper 130 is further configured to map the received data into a security graph. Mapping the received data may include generating nodes in the security graph representing principals, and resources, and connecting the nodes (i.e., generating edges) based on permissions which are read from the received data. This is discussed in more detail in
Each identity 210 may be connected to a plurality of attributes, such as a first attribute 212, a second attribute 214, and third attribute 216. While three attributes are used in this example, it is readily understood that any number of attributes may define an identity node, and that each identity node may be defined by one or more attributes. An attribute may be metadata. For example, a role identifier (e.g., “admin”) may be an attribute of an identity node (e.g., indicating an identity is an administrator).
At S310, identity data is received from a cloud computing environment. Identity data may include information relating to principals, resources, and connections between principals and resources. For example, information may be identifiers, such as username, account name, role identifier, service account identifier, network address, IP address, and the like. Connections between principals and resources may be defined by policies, permissions, and the like. For example, a policy may indicate that a user account associated with a certain predefined role may access a first plurality of resources in a cloud computing environment.
At S320, a plurality of principals from the cloud computing environment are each mapped to a corresponding principal node of a security graph. In an embodiment mapping includes generating the principal node and associating it with the principal. Associating a principal with a principal node may include, for example, storing a unique identifier of the principal on the principal node. A principal node may be, for example, an identity node. For example, a user account is a principal, and the user account is mapped to a principal node representing the user account. The security graph may further store metadata associated with the user account, such as a username.
At S330 a plurality of resources from the cloud computing environment are each mapped to a corresponding resource node of the security graph. In an embodiment, mapping is performed by generating a resource node and associating it with the resource. Associating may be performed by storing a unique identifier of the resource on the resource node. A resource node may be, for example, a node representing a virtual machine, a container, a serverless function, a software application, an operating system, a WAF, a gateway, a load balancer, and the like.
In an embodiment, a generated resource node, and a generated principal node, may each store information, for example as data attributes, which points to a corresponding identity, resource, and the like, to which they are mapped, enabling a trace between the representation (e.g., principal node) and the represented object (specific username). In some embodiments, an object (i.e., cloud entity) in a cloud computing environment may be a principal, and also a resource to other principals. For example, a load balancer may be a resource for a user account, but a principal for a web server which utilizes the load balancer. The security graph may further store metadata for a resource node, such as IP address, name in a namespace, etc.
At S340 a connection is determined between a first cloud entity and a second cloud entity in the cloud computing environment. The first cloud entity and the second cloud entity each may be a principal, or a resource. In an embodiment, determining a connection includes reading a policy, a permission, and the like, and determining a relationship between a first cloud entity and a second cloud entity, wherein the cloud entities form a condition of the policy, permission, and the like. In an embodiment, a cloud entity may be a role, and associated with a role node, implemented as a type of principal node. A role node is associated with a specific role (i.e., set of one or more permissions relating to a resource). Determining a connection may include reading data from a policy in order to determine if a permission exists to allow communication between the principal node and another principal node or a resource node. In an embodiment, a determined connection is stored as an edge in the security graph. For example, a connection indicating that a principal can access a resource may be stored as a principal node connected by an edge to a resource node, wherein the edge indicates a “can access” type connection.
At S350 a check is performed if additional data is received. If yes, execution continues at S310. Otherwise, execution may terminate. In some embodiments, a check may be performed to determine if additional principals need to be mapped. If yes, execution continues at S320. In yet other embodiments, a check may be performed to determine if additional resources need to be mapped. If yes, execution may continue at S330.
In order to determine effective permissions, permissions need to be determined for each principal on each resource, e.g., determining if each principal can access each resource. Performing such a calculation is processing intensive, as well as requiring large amounts of memory due to the volume of both principals and resources in a cloud computing environment. This complication is compounded when also taking into account that certain service accounts may assume other service accounts (for example across different cloud platforms), certain user accounts may assume other user accounts, and certain resources may also be principals. The disclosed embodiments reduce the burden of processing and memory usage, for example by reducing the amount of checks performed for each principal-resource combination, while still maintaining complete information on effective permissions.
At S410, a group of a plurality of principals is detected in a security graph. The security graph, as detailed above, represents a cloud computing environment of which principals and resources are represented as nodes in the security graph. Detecting a group of principals may be performed, for example, by utilizing vertex maximal bicliques. A biclique is maximal when it is the largest size, based on number of nodes (vertex maximum biclique) or number of edges (edge maximum biclique). A biclique is a bipartite graph where every node of the first set (principals) is connected to every node of the second set (resources). Each principal in the group has the same permissions to act on each of the resources. By only determining in the next steps permissions for one principal as a representative of the group, redundant determinations are not performed, thereby decreasing processing and memory requirements.
At S420, permissions are determined for a first principal of the group with respect to a resource. In an embodiment, permissions may be associated with a resource, a plurality of resources, and the like. A permission may be an access policy, an access rule, and the like. Permissions may include a permission set, which is a group of permissions which together define access to a particular resource, group of resources, action, actions, and the like. For example, a first permission set (i.e., role) may be associated with a first resource, a second permission set may be associated with a second resource, and so on.
At S430 the first group of principals is associated with the determined permissions. In an embodiment, associating a group of principals with the determined permissions includes generating a node representing the effective permissions in the security graph. An edge is generated between each of the principal nodes representing the first group of principals, to the node representing the effective permissions. By associating all the principals based on determining permissions for a single principal, many redundant calculations are not performed, thereby reducing compute and memory resources required for computing and storing the redundant information. In other embodiments, a principal group node may be generated, to represent the first group of principals. The principal group node may be associated with the permission, for example by connecting the principal group node to the resource node with an edge representing the permission. Each of the principal nodes may be in turn connected to the principal group node.
In order to determine effective permissions, permissions need to be determined for each resource on each other resource, e.g., determining if each resource can access each other resource. Performing such a calculation is processing intensive, as well as requiring large amounts of memory due to the volume of both principals and resources in a cloud computing environment. This complication is compounded when also taking into account that certain service accounts may assume other service accounts (for example across different cloud platforms), certain user accounts may assume other user accounts, and certain resources may also be principals. The disclosed embodiments reduce the burden of processing and memory usage, for example by reducing the amount of checks performed for each principal-resource combination, while still maintaining complete information on effective permissions.
At 510 a first group of a plurality of resources is detected in a security graph. The security graph, as detailed above, represents a cloud computing environment of which principals and resources are represented as nodes in the security graph. Detecting a group of resources may be performed, for example, by utilizing vertex maximal bicliques. A biclique is maximal when it is the largest size, based on number of nodes (vertex maximum biclique) or number of edges (edge maximum biclique). A biclique is a bipartite graph where every node of the first set (resources) is connected to every node of the second set (other resources). Each resource in the group has the same permissions to act on each of the other resources. By only determining in the next steps permissions for one resource as a representative of the group, redundant determinations are not performed, thereby decreasing processing and memory requirements.
At S520 permissions are determined for a first resource of the first group. The permissions may be associated with one or more resources or principals. For example, a first permission set (i.e., role) may be associated with a first resource, a second permission set may be associated with a second resource, etc. A permission may be, for example, permission to read data from a storage, and permission to write data to the storage.
For example, a first group may have permission to read from the storage, while a second group may have permissions to read and write to the storage. As another example, a serverless function may have permission to write to a storage of a distributed storage system, which includes multiple storage devices. As the multiple storage devices share a common policy, the serverless function has permission to write to any of the multiple storage devices. By grouping the storage devices (i.e., utilizing maximal bicliques), less memory is required to indicate that the serverless function has permission to write to any of the multiple storage devices.
At 530 the first group of resources is associated with the determined permissions. In an embodiment, associating a group of resources with the determined permissions includes generating a node representing the effective permissions in the security graph. An edge is generated between each of the resource nodes representing the first group of resources, to the node representing the effective permissions. By associating all the resources based on determining permissions for a single resource, many redundant calculations are not performed, thereby reducing compute and memory resources required for storing the redundant information.
At S610 a second principal node is detected for a first principal node in a security graph. The second principal (represented by the second principal node) is able to assume the first principal (represented by the first principal node), i.e., the second principal may act as the first principal, in some, or all aspects. Permissions of a principal may change when acting through (i.e., assuming) another principal. For example, an application may have permission to perform a wide variety of operations in a cloud computing environment. However, a user account operating the application may only access limited permissions of all the permissions available to the application.
In an embodiment, detecting the second principal node may be performed by querying the security graph to detect principal nodes which are connected to the first principal node.
At S620, a permission escalation event is detected based on determined permissions of the first principal node and the second principal node. In an embodiment, detecting a permission escalation event may occur when an access occurs which involves a principal which is not authorized for the access. For example, the second principal is not authorized to access a resource which the first principal is authorized to access. When the second principal is allowed to assume the first principal, the second principal has an effective permission to access the first resource, which should not be permitted.
As another example, the second principal may assume a role of the first principal node, and as the first principal node grant additional permissions to the second principal which were not previously available. The additional permissions are stored on the security graph and can be detected, for example by querying the security graph to detect permissions granted by a first principal to a second principal, where the second principal can assume a role of the first principal.
This detection is possible by tracing the connection between the access and the principal utilizing the security graph described above.
At S630, a permission associated with the second principal is revoked. Revoking a permission is performed in an attempt to prevent the escalation event. In another embodiment, a notification may be generated to an administrator account to notify that a potential permission escalation may occur.
The processing element 710 is coupled via a bus 705 to a memory 720. The memory 720 may include a memory portion 722 that contains instructions that when executed by the processing element 710 performs the method described in more detail herein. The memory 720 may be further used as a working scratch pad for the processing element 710, a temporary storage, and others, as the case may be. The memory 720 may be a volatile memory such as, but not limited to random access memory (RAM), or non-volatile memory (NVM), such as, but not limited to, Flash memory.
The processing element 710 may be coupled to a network interface controller (NIC) 730, which provides connectivity to one or more cloud computing environments, via a network.
The processing element 710 may be further coupled with a storage 740. Storage 740 may be used for the purpose of holding a copy of the method executed in accordance with the disclosed technique. The storage 740 may include a storage portion 745 containing a security graph model (i.e., a data structure for a principal, and a data structure for a resource) into which principals and resources of a cloud environment are mapped to corresponding nodes, and connections between the nodes are determined based on data received from the cloud environment indicating permissions of each principal to act on one or more resources.
The processing element 710 and/or the memory 720 may also include machine-readable media for storing software. Software shall be construed broadly to mean any type of instructions, whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise. Instructions may include code (e.g., in source code format, binary code format, executable code format, or any other suitable format of code). The instructions, when executed by the one or more processors, cause the processing system to perform the various functions described in further detail herein.
It should be understood that the embodiments described herein are not limited to the specific architecture illustrated in
The various embodiments disclosed herein can be implemented as hardware, firmware, software, or any combination thereof. Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage unit or computer readable medium consisting of parts, or of certain devices and/or a combination of devices. The application program may be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (“CPUs”), a memory, and input/output interfaces. The computer platform may also include an operating system and microinstruction code. The various processes and functions described herein may be either part of the microinstruction code or part of the application program, or any combination thereof, which may be executed by a CPU, whether or not such a computer or processor is explicitly shown. In addition, various other peripheral units may be connected to the computer platform such as an additional data storage unit and a printing unit. Furthermore, a non-transitory computer readable medium is any computer readable medium except for a transitory propagating signal.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the principles of the disclosed embodiment and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the disclosed embodiments, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure.
It should be understood that any reference to an element herein using a designation such as “first,” “second,” and so forth does not generally limit the quantity or order of those elements. Rather, these designations are generally used herein as a convenient method of distinguishing between two or more elements or instances of an element. Thus, a reference to first and second elements does not mean that only two elements may be employed there or that the first element must precede the second element in some manner. Also, unless stated otherwise, a set of elements comprises one or more elements.
As used herein, the phrase “at least one of” followed by a listing of items means that any of the listed items can be utilized individually, or any combination of two or more of the listed items can be utilized. For example, if a system is described as including “at least one of A, B, and C,” the system can include A alone; B alone; C alone; 2A; 2B; 2C; 3A; A and B in combination; B and C in combination; A and C in combination; A, B, and C in combination; 2A and C in combination; A, 3B, and 2C in combination; and the like.
This application claims the benefit of U.S. Provisional Application No. 63/222,714 filed on Jul. 16, 2021, the contents of which are hereby incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6910132 | Bhattacharya | Jun 2005 | B1 |
| 7627652 | Commons et al. | Dec 2009 | B1 |
| 7784101 | Verbowski et al. | Aug 2010 | B2 |
| 8200965 | Fujibayashi et al. | Jun 2012 | B2 |
| 8352431 | Protopopov et al. | Jan 2013 | B1 |
| 8412688 | Armangau et al. | Apr 2013 | B1 |
| 8413239 | Sutton | Apr 2013 | B2 |
| 8417967 | Foster et al. | Apr 2013 | B2 |
| 8499354 | Satish et al. | Jul 2013 | B1 |
| 8595822 | Schrecker et al. | Nov 2013 | B2 |
| 8701200 | Naldurg et al. | Apr 2014 | B2 |
| 8789049 | Hutchins et al. | Jul 2014 | B2 |
| 8813234 | Bowers et al. | Aug 2014 | B1 |
| 8898481 | Osburn, III et al. | Nov 2014 | B1 |
| 8914406 | Haugsnes | Dec 2014 | B1 |
| 9009836 | Yarykin et al. | Apr 2015 | B1 |
| 9094379 | Miller | Jul 2015 | B1 |
| 9119017 | Sinha | Aug 2015 | B2 |
| 9165142 | Sanders et al. | Oct 2015 | B1 |
| 9172621 | Dippenaar | Oct 2015 | B1 |
| 9185136 | Dulkin et al. | Nov 2015 | B2 |
| 9330273 | Khetawat et al. | May 2016 | B2 |
| 9369433 | Paul | Jun 2016 | B1 |
| 9419996 | Porat | Aug 2016 | B2 |
| 9438634 | Ross et al. | Sep 2016 | B1 |
| 9467473 | Jayaraman | Oct 2016 | B2 |
| 9544327 | Sharma et al. | Jan 2017 | B1 |
| 9563385 | Kowalski et al. | Feb 2017 | B1 |
| 9569328 | Pavlov et al. | Feb 2017 | B2 |
| 9582662 | Messick et al. | Feb 2017 | B1 |
| 9596235 | Badam et al. | Mar 2017 | B2 |
| 9607104 | Turner | Mar 2017 | B1 |
| 9646172 | Hahn | May 2017 | B1 |
| 9661009 | Karandikar et al. | May 2017 | B1 |
| 9672355 | Titonis et al. | Jun 2017 | B2 |
| 9712503 | Ahmed | Jul 2017 | B1 |
| 9892261 | Joram et al. | Feb 2018 | B2 |
| 10002247 | Suarez et al. | Jun 2018 | B2 |
| 10032032 | Suarez et al. | Jul 2018 | B2 |
| 10135826 | Reddy | Nov 2018 | B2 |
| 10229125 | Goodman et al. | Mar 2019 | B2 |
| 10255370 | Carpenter et al. | Apr 2019 | B2 |
| 10360025 | Foskett et al. | Jul 2019 | B2 |
| 10412103 | Haugsnes | Sep 2019 | B2 |
| 10412109 | Loureiro et al. | Sep 2019 | B2 |
| 10459664 | Dreier et al. | Oct 2019 | B1 |
| 10536471 | Derbeko et al. | Jan 2020 | B1 |
| 10540499 | Wailly et al. | Jan 2020 | B2 |
| 10552610 | Vashisht et al. | Feb 2020 | B1 |
| 10554507 | Siddiqui et al. | Feb 2020 | B1 |
| 10567468 | Perlmutter | Feb 2020 | B2 |
| 10572226 | Biskup et al. | Feb 2020 | B2 |
| 10574675 | Peppe et al. | Feb 2020 | B2 |
| 10623386 | Bernat et al. | Apr 2020 | B1 |
| 10630642 | Clark et al. | Apr 2020 | B2 |
| 10664619 | Marelas | May 2020 | B1 |
| 10691636 | Tabaaloute et al. | Jun 2020 | B2 |
| 10721260 | Schlarp et al. | Jul 2020 | B1 |
| 10725775 | Suarez et al. | Jul 2020 | B2 |
| 10735430 | Stoler | Aug 2020 | B1 |
| 10735442 | Swackhamer | Aug 2020 | B1 |
| 10791138 | Siddiqui et al. | Sep 2020 | B1 |
| 10803188 | Rajput et al. | Oct 2020 | B1 |
| 10831898 | Wagner | Nov 2020 | B1 |
| 10915626 | Tang | Feb 2021 | B2 |
| 10924503 | Pereira et al. | Feb 2021 | B1 |
| 10972484 | Swackhamer | Apr 2021 | B1 |
| 10997293 | Wiest et al. | May 2021 | B2 |
| 11005860 | Glyer et al. | May 2021 | B1 |
| 11016954 | Babocichin et al. | May 2021 | B1 |
| 11044118 | Reed et al. | Jun 2021 | B1 |
| 11055414 | Claes | Jul 2021 | B2 |
| 11064032 | Yang et al. | Jul 2021 | B1 |
| 11099976 | Khakare et al. | Aug 2021 | B2 |
| 11102231 | Kraning et al. | Aug 2021 | B2 |
| 11165652 | Byrne | Nov 2021 | B1 |
| 11245730 | Bailey | Feb 2022 | B2 |
| 11271961 | Berger | Mar 2022 | B1 |
| 11334670 | Franco et al. | May 2022 | B2 |
| 11366897 | Ramanathan et al. | Jun 2022 | B1 |
| 11388183 | Hoopes et al. | Jul 2022 | B2 |
| 11397808 | Prabhu et al. | Jul 2022 | B1 |
| 11405426 | Nguyen | Aug 2022 | B2 |
| 11444974 | Shakhzadyan | Sep 2022 | B1 |
| 11483317 | Bolignano et al. | Oct 2022 | B1 |
| 11496498 | Wright et al. | Nov 2022 | B2 |
| 11496519 | Gupta et al. | Nov 2022 | B1 |
| 11503063 | Rao | Nov 2022 | B2 |
| 11507672 | Pagnozzi et al. | Nov 2022 | B1 |
| 11516222 | Srinivasan et al. | Nov 2022 | B1 |
| 11520907 | Borowiec et al. | Dec 2022 | B1 |
| 11546360 | Woodford et al. | Jan 2023 | B2 |
| 11556659 | Kumar et al. | Jan 2023 | B1 |
| 11558401 | Vashisht et al. | Jan 2023 | B1 |
| 11558423 | Gordon et al. | Jan 2023 | B2 |
| 11567751 | Cosentino et al. | Jan 2023 | B2 |
| 11570090 | Shen et al. | Jan 2023 | B2 |
| 11575696 | Ithal et al. | Feb 2023 | B1 |
| 11606378 | Delpont et al. | Mar 2023 | B1 |
| 11614956 | Tsirkin et al. | Mar 2023 | B2 |
| 11645390 | Vijayvargiya et al. | May 2023 | B2 |
| 11662928 | Kumar et al. | May 2023 | B1 |
| 11663340 | Wu et al. | May 2023 | B2 |
| 11669386 | Abrol | Jun 2023 | B1 |
| 11700233 | St. Pierre | Jul 2023 | B2 |
| 11750566 | Montilla Lugo | Sep 2023 | B1 |
| 11757844 | Xiao | Sep 2023 | B2 |
| 11770398 | Erlingsson | Sep 2023 | B1 |
| 11792284 | Nanduri | Oct 2023 | B1 |
| 11799874 | Lichtenstein et al. | Oct 2023 | B1 |
| 11803766 | Srinivasan | Oct 2023 | B1 |
| 11831670 | Molls et al. | Nov 2023 | B1 |
| 11841945 | Fogel | Dec 2023 | B1 |
| 11914707 | Ramanathan et al. | Feb 2024 | B1 |
| 11922220 | Haghighat et al. | Mar 2024 | B2 |
| 11936785 | Shemesh et al. | Mar 2024 | B1 |
| 12019770 | Nilsson et al. | Jun 2024 | B2 |
| 12050696 | Pieno et al. | Jul 2024 | B2 |
| 12058177 | Crabtree et al. | Aug 2024 | B2 |
| 20030188194 | Currie et al. | Oct 2003 | A1 |
| 20030217039 | Kurtz et al. | Nov 2003 | A1 |
| 20050050365 | Seki et al. | Mar 2005 | A1 |
| 20050251863 | Sima | Nov 2005 | A1 |
| 20050283645 | Turner et al. | Dec 2005 | A1 |
| 20070271360 | Sahita et al. | Nov 2007 | A1 |
| 20080075283 | Takahashi | Mar 2008 | A1 |
| 20080221833 | Brown et al. | Sep 2008 | A1 |
| 20080307020 | Ko et al. | Dec 2008 | A1 |
| 20090106256 | Safari et al. | Apr 2009 | A1 |
| 20090271863 | Govindavajhala et al. | Oct 2009 | A1 |
| 20100242082 | Keene et al. | Sep 2010 | A1 |
| 20100281275 | Lee et al. | Nov 2010 | A1 |
| 20110055361 | Dehaan | Mar 2011 | A1 |
| 20110276806 | Casper et al. | Nov 2011 | A1 |
| 20120110651 | Van Biljon | May 2012 | A1 |
| 20120297206 | Nord et al. | Nov 2012 | A1 |
| 20130054890 | Desai et al. | Feb 2013 | A1 |
| 20130124669 | Anderson et al. | May 2013 | A1 |
| 20130160119 | Sartin | Jun 2013 | A1 |
| 20130160129 | Sartin | Jun 2013 | A1 |
| 20140096134 | Barak | Apr 2014 | A1 |
| 20140115578 | Cooper et al. | Apr 2014 | A1 |
| 20140237537 | Manmohan | Aug 2014 | A1 |
| 20140317677 | Vaidya | Oct 2014 | A1 |
| 20140337613 | Martini | Nov 2014 | A1 |
| 20150033305 | Shear | Jan 2015 | A1 |
| 20150055647 | Roberts | Feb 2015 | A1 |
| 20150095995 | Bhalerao | Apr 2015 | A1 |
| 20150163192 | Jain | Jun 2015 | A1 |
| 20150172321 | Kirti et al. | Jun 2015 | A1 |
| 20150254364 | Piduri et al. | Sep 2015 | A1 |
| 20150310215 | McBride et al. | Oct 2015 | A1 |
| 20150319160 | Ferguson et al. | Nov 2015 | A1 |
| 20160078231 | Bach et al. | Mar 2016 | A1 |
| 20160103669 | Gamage et al. | Apr 2016 | A1 |
| 20160105454 | Li | Apr 2016 | A1 |
| 20160140352 | Nickolov | May 2016 | A1 |
| 20160156664 | Nagaratnam | Jun 2016 | A1 |
| 20160224600 | Munk | Aug 2016 | A1 |
| 20160299708 | Yang et al. | Oct 2016 | A1 |
| 20160366185 | Lee et al. | Dec 2016 | A1 |
| 20170026416 | Carpenter et al. | Jan 2017 | A1 |
| 20170070506 | Reddy | Mar 2017 | A1 |
| 20170104755 | Arregoces | Apr 2017 | A1 |
| 20170111384 | Loureiro et al. | Apr 2017 | A1 |
| 20170185784 | Madou | Jun 2017 | A1 |
| 20170187743 | Madou | Jun 2017 | A1 |
| 20170223024 | Desai | Aug 2017 | A1 |
| 20170230179 | Mannan et al. | Aug 2017 | A1 |
| 20170237560 | Mueller et al. | Aug 2017 | A1 |
| 20170257347 | Yan | Sep 2017 | A1 |
| 20170285978 | Manasse | Oct 2017 | A1 |
| 20170300690 | Ladnai et al. | Oct 2017 | A1 |
| 20170034198 | Powers et al. | Dec 2017 | A1 |
| 20170374136 | Ringdahl | Dec 2017 | A1 |
| 20180004950 | Gupta | Jan 2018 | A1 |
| 20180026995 | Dufour et al. | Jan 2018 | A1 |
| 20180027009 | Santos | Jan 2018 | A1 |
| 20180063290 | Yang | Mar 2018 | A1 |
| 20180150412 | Manasse | May 2018 | A1 |
| 20180159882 | Brill | Jun 2018 | A1 |
| 20180181310 | Feinberg | Jun 2018 | A1 |
| 20180191726 | Luukkala | Jul 2018 | A1 |
| 20180219888 | Apostolopoulos | Aug 2018 | A1 |
| 20180234459 | Kung | Aug 2018 | A1 |
| 20180239902 | Godard | Aug 2018 | A1 |
| 20180260566 | Chaganti et al. | Sep 2018 | A1 |
| 20180270268 | Gorodissky et al. | Sep 2018 | A1 |
| 20180278639 | Bernstein et al. | Sep 2018 | A1 |
| 20180288129 | Joshi et al. | Oct 2018 | A1 |
| 20180309747 | Sweet et al. | Oct 2018 | A1 |
| 20180321993 | McClory | Nov 2018 | A1 |
| 20180341768 | Marshall et al. | Nov 2018 | A1 |
| 20180359058 | Kurian | Dec 2018 | A1 |
| 20180359059 | Kurian | Dec 2018 | A1 |
| 20180367548 | Stokes, III et al. | Dec 2018 | A1 |
| 20190007271 | Rickards et al. | Jan 2019 | A1 |
| 20190043201 | Strong et al. | Feb 2019 | A1 |
| 20190058722 | Levin et al. | Feb 2019 | A1 |
| 20190068617 | Coleman | Feb 2019 | A1 |
| 20190068627 | Thampy | Feb 2019 | A1 |
| 20190081963 | Waghorn | Mar 2019 | A1 |
| 20190104140 | Gordeychik et al. | Apr 2019 | A1 |
| 20190116111 | Izard et al. | Apr 2019 | A1 |
| 20190121986 | Stopel et al. | Apr 2019 | A1 |
| 20190132350 | Smith et al. | May 2019 | A1 |
| 20190149604 | Jahr | May 2019 | A1 |
| 20190166129 | Gaetjen et al. | May 2019 | A1 |
| 20190171811 | Daniel et al. | Jun 2019 | A1 |
| 20190191417 | Baldemair et al. | Jun 2019 | A1 |
| 20190205267 | Richey et al. | Jul 2019 | A1 |
| 20190207966 | Vashisht et al. | Jul 2019 | A1 |
| 20190220575 | Boudreau et al. | Jul 2019 | A1 |
| 20190245883 | Gorodissky et al. | Aug 2019 | A1 |
| 20190260764 | Document | Aug 2019 | A1 |
| 20190278928 | Rungta et al. | Sep 2019 | A1 |
| 20190354675 | Gan et al. | Nov 2019 | A1 |
| 20190377988 | Qi et al. | Dec 2019 | A1 |
| 20200007314 | Vouk | Jan 2020 | A1 |
| 20200007569 | Dodge et al. | Jan 2020 | A1 |
| 20200012818 | Levin et al. | Jan 2020 | A1 |
| 20200028862 | Lin | Jan 2020 | A1 |
| 20200044916 | Kaufman et al. | Feb 2020 | A1 |
| 20200050440 | Chuppala et al. | Feb 2020 | A1 |
| 20200082094 | McAllister et al. | Mar 2020 | A1 |
| 20200106782 | Sion | Apr 2020 | A1 |
| 20200125352 | Kannan | Apr 2020 | A1 |
| 20200145405 | Bosch et al. | May 2020 | A1 |
| 20200244678 | Shua | Jul 2020 | A1 |
| 20200244692 | Shua | Jul 2020 | A1 |
| 20200259852 | Wolff et al. | Aug 2020 | A1 |
| 20200320845 | Livny et al. | Oct 2020 | A1 |
| 20200336489 | Wuest et al. | Oct 2020 | A1 |
| 20200382556 | Woolward et al. | Dec 2020 | A1 |
| 20200387357 | Mathon et al. | Dec 2020 | A1 |
| 20200389431 | St. Pierre | Dec 2020 | A1 |
| 20200389469 | Litichever et al. | Dec 2020 | A1 |
| 20200409741 | Dornemann et al. | Dec 2020 | A1 |
| 20210014265 | Hadar et al. | Jan 2021 | A1 |
| 20210026932 | Boudreau et al. | Jan 2021 | A1 |
| 20210042263 | Zdornov et al. | Feb 2021 | A1 |
| 20210089662 | Muniswamy-Reddy et al. | Mar 2021 | A1 |
| 20210105304 | Kraning et al. | Apr 2021 | A1 |
| 20210144517 | Guim Bernat et al. | May 2021 | A1 |
| 20210149788 | Downie | May 2021 | A1 |
| 20210158835 | Hill et al. | May 2021 | A1 |
| 20210168150 | Ross | Jun 2021 | A1 |
| 20210176123 | Plamondon | Jun 2021 | A1 |
| 20210176164 | Kung et al. | Jun 2021 | A1 |
| 20210185073 | Ewaida et al. | Jun 2021 | A1 |
| 20210200881 | Joshi et al. | Jul 2021 | A1 |
| 20210203684 | Maor | Jul 2021 | A1 |
| 20210211453 | Cooney | Jul 2021 | A1 |
| 20210216630 | Karr | Jul 2021 | A1 |
| 20210218567 | Richards et al. | Jul 2021 | A1 |
| 20210226812 | Park | Jul 2021 | A1 |
| 20210226928 | Crabtree et al. | Jul 2021 | A1 |
| 20210234889 | Burle et al. | Jul 2021 | A1 |
| 20210263802 | Gottemukkula et al. | Aug 2021 | A1 |
| 20210297447 | Crabtree et al. | Sep 2021 | A1 |
| 20210306416 | Mukhopadhyay et al. | Sep 2021 | A1 |
| 20210314342 | Oberg | Oct 2021 | A1 |
| 20210320794 | Auh et al. | Oct 2021 | A1 |
| 20210329019 | Shua et al. | Oct 2021 | A1 |
| 20210334386 | AlGhamdi et al. | Oct 2021 | A1 |
| 20210357246 | Kumar et al. | Nov 2021 | A1 |
| 20210360032 | Crabtree et al. | Nov 2021 | A1 |
| 20210368045 | Verma | Nov 2021 | A1 |
| 20210382995 | Massiglia et al. | Dec 2021 | A1 |
| 20210382997 | Yi et al. | Dec 2021 | A1 |
| 20210406365 | Neil et al. | Dec 2021 | A1 |
| 20210409486 | Martinez | Dec 2021 | A1 |
| 20220012771 | Gustafson | Jan 2022 | A1 |
| 20220030020 | Huffman | Jan 2022 | A1 |
| 20220053011 | Rao et al. | Feb 2022 | A1 |
| 20220060497 | Crabtree et al. | Feb 2022 | A1 |
| 20220086173 | Document | Mar 2022 | A1 |
| 20220131888 | Kanso | Apr 2022 | A1 |
| 20220156396 | Bednash et al. | May 2022 | A1 |
| 20220179964 | Qiao et al. | Jun 2022 | A1 |
| 20220182403 | Mistry | Jun 2022 | A1 |
| 20220188273 | Koorapati et al. | Jun 2022 | A1 |
| 20220197926 | Passey et al. | Jun 2022 | A1 |
| 20220210053 | Du | Jun 2022 | A1 |
| 20220215101 | Rioux et al. | Jul 2022 | A1 |
| 20220232024 | Kapoor | Jul 2022 | A1 |
| 20220232042 | Crabtree et al. | Jul 2022 | A1 |
| 20220247791 | Duminuco et al. | Aug 2022 | A1 |
| 20220263656 | Moore | Aug 2022 | A1 |
| 20220284362 | Bellinger | Sep 2022 | A1 |
| 20220309166 | Shenoy et al. | Sep 2022 | A1 |
| 20220326861 | Shachar et al. | Oct 2022 | A1 |
| 20220327119 | Gasper et al. | Oct 2022 | A1 |
| 20220342690 | Shua | Oct 2022 | A1 |
| 20220342997 | Watanabe et al. | Oct 2022 | A1 |
| 20220345481 | Shua | Oct 2022 | A1 |
| 20220350931 | Shua | Nov 2022 | A1 |
| 20220357992 | Karpovsky | Nov 2022 | A1 |
| 20220374519 | Botelho et al. | Nov 2022 | A1 |
| 20220400128 | Kfir | Dec 2022 | A1 |
| 20220407841 | Karpowicz | Dec 2022 | A1 |
| 20220407889 | Narigapalli | Dec 2022 | A1 |
| 20220413879 | Passey et al. | Dec 2022 | A1 |
| 20220414103 | Upadhyay et al. | Dec 2022 | A1 |
| 20220417011 | Shua | Dec 2022 | A1 |
| 20220417219 | Sheriff | Dec 2022 | A1 |
| 20230007014 | Narayan | Jan 2023 | A1 |
| 20230011957 | Panse et al. | Jan 2023 | A1 |
| 20230040635 | Narayan | Feb 2023 | A1 |
| 20230075355 | Twigg | Mar 2023 | A1 |
| 20230087093 | Ithal et al. | Mar 2023 | A1 |
| 20230095756 | Wilkinson et al. | Mar 2023 | A1 |
| 20230110080 | Hen | Apr 2023 | A1 |
| 20230123477 | Luttwak et al. | Apr 2023 | A1 |
| 20230125134 | Raleigh et al. | Apr 2023 | A1 |
| 20230134674 | Quinn et al. | May 2023 | A1 |
| 20230135240 | Cody et al. | May 2023 | A1 |
| 20230136839 | Sundararajan et al. | May 2023 | A1 |
| 20230161614 | Herzberg et al. | May 2023 | A1 |
| 20230164148 | Narayan | May 2023 | A1 |
| 20230164164 | Herzberg et al. | May 2023 | A1 |
| 20230164182 | Kothari et al. | May 2023 | A1 |
| 20230169165 | Williams et al. | Jun 2023 | A1 |
| 20230171271 | Williams et al. | Jun 2023 | A1 |
| 20230192418 | Horowitz et al. | Jun 2023 | A1 |
| 20230208870 | Yellapragada et al. | Jun 2023 | A1 |
| 20230224319 | Isoyama et al. | Jul 2023 | A1 |
| 20230231867 | Rampura Venkatachar | Jul 2023 | A1 |
| 20230237068 | Sillifant et al. | Jul 2023 | A1 |
| 20230254330 | Singh | Aug 2023 | A1 |
| 20230297666 | Atamli et al. | Sep 2023 | A1 |
| 20230325814 | Vijayan et al. | Oct 2023 | A1 |
| 20230336550 | Lidgi et al. | Oct 2023 | A1 |
| 20230336578 | Lidgi et al. | Oct 2023 | A1 |
| 20230376586 | Shemesh et al. | Nov 2023 | A1 |
| 20240007492 | Shen et al. | Jan 2024 | A1 |
| 20240037229 | Pabón et al. | Feb 2024 | A1 |
| 20240045838 | Reiss et al. | Feb 2024 | A1 |
| 20240073115 | Chakraborty et al. | Feb 2024 | A1 |
| 20240080329 | Reed et al. | Mar 2024 | A1 |
| 20240080332 | Ganesh et al. | Mar 2024 | A1 |
| 20240146818 | Cody et al. | May 2024 | A1 |
| 20240241752 | Crabtree et al. | Jul 2024 | A1 |
| Number | Date | Country |
|---|---|---|
| 4160983 | Apr 2023 | EP |
| 4254869 | Oct 2023 | EP |
| 2421792 | Jun 2011 | RU |
| 10202009702X | Apr 2021 | SG |
| Entry |
|---|
| Ali Gholami; Security and Privacy of Sensitive Data in Cloud Computing: a Survey of Recent Developments; ARIX:2016; pp. 131-150. |
| Christos Kyrkou; Towards artificial-intelligence-based cybersecurity for robustifying automated driving systems against camera sensor attacks; IEEE 2020; pp. 476-481. |
| Guo, yu et al. Enabling Encrypted Rich Queries in Distributed Key-Value Stores. IEEE Transactions on Parallel and Distributed Systems, vol. 30, Issue: 6. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8567979 (Year: 2019). |
| Henry Hanping Feng; Anomaly Detection Using Call Stack Information; IEEE: Year:2003; pp. 1-14. |
| International Search Report for PCT Application No. PCT/IB2022/060940 dated Feb. 1, 2023. The International Bureau of WIPO. |
| International Search Report for PCT/IB2023/050848, dated May 9, 2023. International Bureau of WIPO. |
| International Search Report of PCT/IB2023/058074, dated Nov. 20, 2023. Searching Authority United States Patent and Trademark Office, Alexandria, Virginia. |
| International Search Report, PCT/IB23/55312. ISA/US, Commissioner for Patents, Alexandria, Virginia. Dated Aug. 30, 2023. |
| Kumar, Anuj et al. A New Approach for Security in Cloud Data Storage for IOT Applications Using Hybrid Cryptography Technique. 2020 International Conference on Power Electronics & IoT Applications in Renewable Energy and its Control. https://ieeexplore. ieee.org/stamp/stamp.jsp?tp=&arnumber=9087010 (Year: 2020). |
| Microsoft Build. “Introduction to Azure managed disks”. Aug. 21, 2023, https://docs.microsoft. com/en-US/azure/virtual-machines/managed-disks-overview. |
| Microsoft Docs. “Create a VM from a managed image”. Article. Jan. 5, 2022. https://docs.microsoft. com/en-us/azure/virtual-machines/windows/create-vm-generalized-managed. |
| Mishra, Bharati; Jena, Debasish et al. Securing Files in the Cloud. 2016 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7819669 (Year: 2016). |
| Shuvo, Arfatul Mowla et al. Storage Efficient Data Security Model for Distributed Cloud Storage. 2020 IEEE 8th R10 Humanitarian Technology Conference (R10-HTC). https://ieeexplore.IEEE.org/stamp/stamp.jsp?tp=&arnumber=9356962 (Year: 2020). |
| Written Opinion of the International Searching Authority for PCT Application No. PCT/IB2022/060940 dated Feb. 1, 2023. The International Bureau of WIPO. |
| Written Opinion of the International Searching Authority, PCT/IB23/55312. ISA/US Commissioner for Patents, Alexandria, Virginia. Dated Aug. 30, 2023. |
| Written Opinion of the Searching Authority for PCT/IB2023/050848, dated May 9, 2023. International Bureau of WIPO. |
| Written Opinion of the Searching Authority of PCT/IB2023/058074, dated Nov. 20, 2023. Searching Authority United States Patent and Trademark Office, Alexandria, Virginia. |
| Zhang et al. BMC Bioinformatics 2014. “On finding bicliques in bipartite graphs: a novel algorithm and its application to the integration of diverse biological data types”. http://www.biomedcentral.com/1471-2105/15/110. |
| Chang, Bing et al. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp= &arnumber=8416506 (Year: 2018). |
| Islam, Md Shihabul et al. Secure Real-Time Heterogeneous IoT Data Management System. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). https://ieeexplore.ieee.org/stamp/ stamp.jsp?tp=&arnumber=9014355 (Year: 2019). |
| Jordan, M. et al. Enabling pervasive encryption through IBM Z stack innovations. IBM Journal of Research and Development, vol. 62 Issue: 2/3, https://ieeexplore.ieee.org/stamp/stamp.jsp?tp&arnumber=8270590 (Year: 2018). |
| Leibenger, Dominik et al. EncFS goes multi-user: Adding access control to an encrypted file system. 2016 IEEE Conference on Communications and Network Security (CNS). https://ieeexoplore.IEEE.org/stamp/stamp.jsp?tp=&arnumber=7860544 (Year: 2016). |
| Safaryan, Olga A. et al. Cryptographic Algorithm Implementation for Data Encryption in DBMS MS SQL Server. 2020 IEEE East-West Design & Test Symposium (EWDTS). https://ieeexplore.IEEE.org/stamp/stamp.jsp?tp=&arnumber=9224775 (Year: 2020). |
| Sahil Suneja; Safe Inspection of Live Virtual Machines; IEEE; Year:2017; pp. 97-111. |
| Siqi Ma; Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services; ACM; Year: 2021; pp. 320-331. |
| Wassermann, Sarah et al. ViCrypt to the Rescue: Real-Time, Machine-Learning-Driven Video-QoE Monitoring for Encrypted Streaming Traffic. IEEE Transactions on Network and Service Management, vol. 17, Issue: 4. https:// ieeexplore.IEEE.org/stamp/ stamp.jsp?tp=&arnumber=9250645 (Year: 2020). |
| Number | Date | Country | |
|---|---|---|---|
| 63222714 | Jul 2021 | US |
