SG11201807964UA - System and methods for decrypting network traffic in a virtualized environment - Google Patents

System and methods for decrypting network traffic in a virtualized environment

Info

Publication number
SG11201807964UA
SG11201807964UA SG11201807964UA SG11201807964UA SG11201807964UA SG 11201807964U A SG11201807964U A SG 11201807964UA SG 11201807964U A SG11201807964U A SG 11201807964UA SG 11201807964U A SG11201807964U A SG 11201807964UA SG 11201807964U A SG11201807964U A SG 11201807964UA
Authority
SG
Singapore
Prior art keywords
international
pct
virtual machine
memory pages
methods
Prior art date
Application number
SG11201807964UA
Other languages
English (en)
Inventor
Radu Caragea
Original Assignee
Bitdefender Ipr Man Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bitdefender Ipr Man Ltd filed Critical Bitdefender Ipr Man Ltd
Publication of SG11201807964UA publication Critical patent/SG11201807964UA/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/154Networked environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
SG11201807964UA 2016-04-04 2017-03-29 System and methods for decrypting network traffic in a virtualized environment SG11201807964UA (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201662317804P 2016-04-04 2016-04-04
US15/471,981 US10116630B2 (en) 2016-04-04 2017-03-28 Systems and methods for decrypting network traffic in a virtualized environment
PCT/EP2017/057422 WO2017174418A1 (en) 2016-04-04 2017-03-29 System and methods for decrypting network traffic in a virtualized environment

Publications (1)

Publication Number Publication Date
SG11201807964UA true SG11201807964UA (en) 2018-10-30

Family

ID=59962053

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201807964UA SG11201807964UA (en) 2016-04-04 2017-03-29 System and methods for decrypting network traffic in a virtualized environment

Country Status (13)

Country Link
US (2) US10116630B2 (ko)
EP (1) EP3440584B1 (ko)
JP (1) JP6857193B2 (ko)
KR (1) KR102041584B1 (ko)
CN (1) CN108885665B (ko)
AU (1) AU2017247547B2 (ko)
CA (1) CA3018021C (ko)
ES (1) ES2827007T3 (ko)
HK (1) HK1257399A1 (ko)
IL (1) IL261826B (ko)
RU (1) RU2738021C2 (ko)
SG (1) SG11201807964UA (ko)
WO (1) WO2017174418A1 (ko)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10805331B2 (en) 2010-09-24 2020-10-13 BitSight Technologies, Inc. Information technology security assessment system
US9438615B2 (en) 2013-09-09 2016-09-06 BitSight Technologies, Inc. Security risk management
US10979328B2 (en) * 2017-03-31 2021-04-13 Intel Corporation Resource monitoring
US10462182B2 (en) * 2017-05-12 2019-10-29 Vmware, Inc. Thin agent-based SSL offloading
US10903985B2 (en) * 2017-08-25 2021-01-26 Keysight Technologies Singapore (Sales) Pte. Ltd. Monitoring encrypted network traffic flows in a virtual environment using dynamic session key acquisition techniques
US10565376B1 (en) 2017-09-11 2020-02-18 Palo Alto Networks, Inc. Efficient program deobfuscation through system API instrumentation
US10733290B2 (en) * 2017-10-26 2020-08-04 Western Digital Technologies, Inc. Device-based anti-malware
US10257219B1 (en) 2018-03-12 2019-04-09 BitSight Technologies, Inc. Correlated risk in cybersecurity
US11055411B2 (en) * 2018-05-10 2021-07-06 Acronis International Gmbh System and method for protection against ransomware attacks
US10893030B2 (en) 2018-08-10 2021-01-12 Keysight Technologies, Inc. Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element
US11374971B2 (en) * 2018-08-24 2022-06-28 Micro Focus Llc Deception server deployment
EP3623980B1 (en) * 2018-09-12 2021-04-28 British Telecommunications public limited company Ransomware encryption algorithm determination
EP3623982B1 (en) 2018-09-12 2021-05-19 British Telecommunications public limited company Ransomware remediation
US12008102B2 (en) 2018-09-12 2024-06-11 British Telecommunications Public Limited Company Encryption key seed determination
EP3853719A1 (en) * 2018-09-17 2021-07-28 Telefonaktiebolaget Lm Ericsson (Publ) Bit register in shared memory indicating the processor and the software handlers
US10949547B2 (en) * 2018-10-05 2021-03-16 Google Llc Enclave fork support
US11200323B2 (en) 2018-10-17 2021-12-14 BitSight Technologies, Inc. Systems and methods for forecasting cybersecurity ratings based on event-rate scenarios
US10521583B1 (en) * 2018-10-25 2019-12-31 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US11403409B2 (en) 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting
US11206128B2 (en) 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US11347869B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11222123B2 (en) 2019-04-22 2022-01-11 Cyberark Software Ltd. Securing privileged virtualized execution instances from penetrating a virtual host environment
US10735430B1 (en) * 2019-04-22 2020-08-04 Cyberark Software Ltd. Systems and methods for dynamically enrolling virtualized execution instances and managing secure communications between virtualized execution instances and clients
US20200403978A1 (en) * 2019-06-19 2020-12-24 Amazon Technologies, Inc. Hybrid key exchanges for double-hulled encryption
US10726136B1 (en) 2019-07-17 2020-07-28 BitSight Technologies, Inc. Systems and methods for generating security improvement plans for entities
US11956265B2 (en) 2019-08-23 2024-04-09 BitSight Technologies, Inc. Systems and methods for inferring entity relationships via network communications of users or user devices
US11032244B2 (en) 2019-09-30 2021-06-08 BitSight Technologies, Inc. Systems and methods for determining asset importance in security risk management
US10902705B1 (en) 2019-12-09 2021-01-26 Evan Chase Rose Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network
US10873578B1 (en) 2019-12-09 2020-12-22 Evan Chase Rose Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network
US11200548B2 (en) 2019-12-09 2021-12-14 Evan Chase Rose Graphical user interface and operator console management system for distributed terminal network
US11113665B1 (en) 2020-03-12 2021-09-07 Evan Chase Rose Distributed terminals network management, systems, interfaces and workflows
US10893067B1 (en) 2020-01-31 2021-01-12 BitSight Technologies, Inc. Systems and methods for rapidly generating security ratings
KR20210117682A (ko) * 2020-03-20 2021-09-29 라인 가부시키가이샤 메모리 맵을 활용한 멀웨어 탐지 방법 및 시스템
US11023585B1 (en) 2020-05-27 2021-06-01 BitSight Technologies, Inc. Systems and methods for managing cybersecurity alerts
US11611540B2 (en) * 2020-07-01 2023-03-21 Vmware, Inc. Protection of authentication data of a server cluster
WO2022081733A1 (en) * 2020-10-13 2022-04-21 BedRock Systems, Inc. A formally verified trusted computing base with active security and policy enforcement
US11734042B2 (en) 2020-12-10 2023-08-22 Red Hat, Inc. Providing supplemental information to a guest operating system by a hypervisor
CN112583591A (zh) * 2020-12-23 2021-03-30 维沃移动通信有限公司 应用程序控制方法及装置
CN114760153A (zh) * 2022-06-14 2022-07-15 北京升鑫网络科技有限公司 加密流量的实时解密方法、装置及电子设备

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7685635B2 (en) * 2005-03-11 2010-03-23 Microsoft Corporation Systems and methods for multi-level intercept processing in a virtual machine environment
US8001543B2 (en) * 2005-10-08 2011-08-16 International Business Machines Corporation Direct-memory access between input/output device and physical memory within virtual machine environment
FR2899749B1 (fr) * 2006-04-07 2008-07-04 Groupe Ecoles Telecomm Procede de protection d'identite, dispositifs, et produit programme d'ordinateur correspondants.
US8001381B2 (en) * 2008-02-26 2011-08-16 Motorola Solutions, Inc. Method and system for mutual authentication of nodes in a wireless communication network
US8090797B2 (en) * 2009-05-02 2012-01-03 Citrix Systems, Inc. Methods and systems for launching applications into existing isolation environments
US8327059B2 (en) * 2009-09-30 2012-12-04 Vmware, Inc. System and method to enhance memory protection for programs in a virtual machine environment
JP5717164B2 (ja) * 2009-10-07 2015-05-13 日本電気株式会社 コンピュータシステム、及びコンピュータシステムのメンテナンス方法
US8650565B2 (en) * 2009-12-14 2014-02-11 Citrix Systems, Inc. Servicing interrupts generated responsive to actuation of hardware, via dynamic incorporation of ACPI functionality into virtual firmware
WO2011152816A1 (en) * 2010-05-30 2011-12-08 Hewlett-Packard Development Company, L.P. Virtual machine code injection
US8489889B1 (en) * 2010-09-17 2013-07-16 Symantec Corporation Method and apparatus for restricting access to encrypted data
US9053053B2 (en) * 2010-11-29 2015-06-09 International Business Machines Corporation Efficiently determining identical pieces of memory used by virtual machines
IL209960A0 (en) * 2010-12-13 2011-02-28 Comitari Technologies Ltd Web element spoofing prevention system and method
US8862870B2 (en) * 2010-12-29 2014-10-14 Citrix Systems, Inc. Systems and methods for multi-level tagging of encrypted items for additional security and efficient encrypted item determination
US8984478B2 (en) * 2011-10-03 2015-03-17 Cisco Technology, Inc. Reorganization of virtualized computer programs
US8656482B1 (en) * 2012-08-20 2014-02-18 Bitdefender IPR Management Ltd. Secure communication using a trusted virtual machine
US9176838B2 (en) * 2012-10-19 2015-11-03 Intel Corporation Encrypted data inspection in a network environment
US9571507B2 (en) * 2012-10-21 2017-02-14 Mcafee, Inc. Providing a virtual security appliance architecture to a virtual cloud infrastructure
US9438488B2 (en) * 2012-11-09 2016-09-06 Citrix Systems, Inc. Systems and methods for appflow for datastream
US8910238B2 (en) 2012-11-13 2014-12-09 Bitdefender IPR Management Ltd. Hypervisor-based enterprise endpoint protection
US9396011B2 (en) * 2013-03-12 2016-07-19 Qualcomm Incorporated Algorithm and apparatus to deploy virtual machine monitor on demand
US9407519B2 (en) 2013-03-15 2016-08-02 Vmware, Inc. Virtual network flow monitoring
US9117080B2 (en) * 2013-07-05 2015-08-25 Bitdefender IPR Management Ltd. Process evaluation for malware detection in virtual machines
US9507727B2 (en) * 2013-07-17 2016-11-29 Bitdefender IPR Management Ltd. Page fault injection in virtual machines
US9602498B2 (en) 2013-10-17 2017-03-21 Fortinet, Inc. Inline inspection of security protocols
US9319380B2 (en) * 2014-03-20 2016-04-19 Bitdefender IPR Management Ltd. Below-OS security solution for distributed network endpoints
US20150288659A1 (en) * 2014-04-03 2015-10-08 Bitdefender IPR Management Ltd. Systems and Methods for Mutual Integrity Attestation Between A Network Endpoint And A Network Appliance
CN104461678B (zh) * 2014-11-03 2017-11-24 中国科学院信息工程研究所 一种在虚拟化环境中提供密码服务的方法和系统

Also Published As

Publication number Publication date
CA3018021C (en) 2021-12-28
RU2018132840A3 (ko) 2020-06-17
US20190068561A1 (en) 2019-02-28
IL261826B (en) 2021-02-28
JP6857193B2 (ja) 2021-04-14
RU2738021C2 (ru) 2020-12-07
IL261826A (en) 2018-10-31
WO2017174418A1 (en) 2017-10-12
KR20180129830A (ko) 2018-12-05
CN108885665B (zh) 2022-04-08
US20170289109A1 (en) 2017-10-05
KR102041584B1 (ko) 2019-11-06
HK1257399A1 (zh) 2019-10-18
JP2019516294A (ja) 2019-06-13
EP3440584B1 (en) 2020-07-29
EP3440584A1 (en) 2019-02-13
US10116630B2 (en) 2018-10-30
CA3018021A1 (en) 2017-10-12
US10257170B2 (en) 2019-04-09
AU2017247547A1 (en) 2018-10-11
RU2018132840A (ru) 2020-05-12
AU2017247547B2 (en) 2021-07-08
ES2827007T3 (es) 2021-05-19
CN108885665A (zh) 2018-11-23

Similar Documents

Publication Publication Date Title
SG11201807964UA (en) System and methods for decrypting network traffic in a virtualized environment
SG11202000097TA (en) Secure storage device
SG11201805390WA (en) System and methods for auditing a virtual machine
SG11201905456UA (en) Addressing a trusted execution environment using encryption key
SG11201809963XA (en) Application framework using blockchain-based asset ownership
SG11201804022SA (en) Systems and methods for digital identity management and permission controls within distributed network nodes
SG11201809866PA (en) Cryptographic applications for a blockchain system
SG11201905458WA (en) Addressing a trusted execution environment using signing key
SG11201905460SA (en) Data unsealing with a sealing enclave
SG11201804506RA (en) Systems and methods for rendering multiple levels of detail
SG11201907320YA (en) Trusted login method, server, and system
SG11201910054WA (en) Securely executing smart contract operations in a trusted execution environment
SG11201804697PA (en) Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography
SG11201905463TA (en) Abstract enclave identity
SG11201806650VA (en) Systems and methods for providing a personal distributed ledger
SG11201807025SA (en) Crispr/cas systems for c-1 fixing bacteria
SG11201905461VA (en) Data sealing with a sealing enclave
SG11201805919PA (en) Virtual network, hot swapping, hot scaling, and disaster recovery for containers
SG11201906575QA (en) Continuous learning for intrusion detection
SG11201805795WA (en) Systems and methods for securing and disseminating time sensitive information using a blockchain
SG11201806404SA (en) Systems and methods for storing and sharing transactional data using distributed computer systems
SG11201805986TA (en) Automated honeypot provisioning system
SG11201906482UA (en) Coding identifiers for motion constrained tile sets
SG11201710238QA (en) Autonomic incident triage prioritization by performance modifier and temporal decay parameters
SG11201808929PA (en) Systems and methods for secure storage of user information in a user profile