View All Documents & Correspondence
Technologies For Distributed Detection Of Security Anomalies
Abstract: Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter virtual network function network or an inter virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.
Notices, Deadlines & Correspondence
Patent Information
Applicants
INTEL CORPORATION
Inventors
1. SOOD, Kapil
2. ERGIN, Mesut A.
3. FASTABEND, John R.
4. WOO, Shinae
5. SHAW, Jeffrey B.
6. SKERRY, JR. Brian J.
Specification
I/WE CLAIM:
1. A computing device for distributed detection of security anomalies,
the computing device comprising:
a trusted execution environment module to (i) establish a trusted relationship with a security server, (ii) read one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishment of the trusted relationship, and (iii) perform a security threat assessment of the one or more packets; and
a communication module to transmit the security threat assessment to the security server.
2. The computing device of claim 1, wherein to establish the trusted
relationship comprises to establish the trusted relationship with a corresponding
trusted execution environment module of the security server.
3. The computing device of claim 2, wherein to transmit the security
threat assessment comprises to transmit the security threat assessment to the
corresponding trusted execution environment module of the security server over
an out-of-band communication channel established between the trusted execution
environment module of the computing device and the corresponding trusted
execution environment module of the security server.
4. The computing device of claim 1, wherein to establish the trusted
relationship comprises to exchange cryptographic keys with the security server.
5. The computing device of claim 1, wherein to establish the trusted
relationship comprises to utilize at least one of a root of trust or a fuse key of the
computing device.
6. The computing device of claim 1, wherein the trusted execution
environment module is further to establish a trusted tunnel with the security server based on the trusted relationship.
7. The computing device of claim 6, wherein to establish the trusted
tunnel further comprises to transmit a security policy of the computing device to
the security server.
8. The computing device of claim 6, wherein to establish the trusted
tunnel further comprises to transmit heuristic code of the computing device to the
security server.
9. The computing device of claim 6, wherein to establish the trusted
tunnel further comprises to receive heuristic code from the security server.
10. The computing device of claim 1, wherein the trusted execution
environment module is further to boot the computing device in response to
establishment of the trusted relationship.
11. The computing device of claim 10, wherein to boot the computing
device comprises to retrieve a configuration policy of the computing device.
12. The computing device of claim 1, wherein the trusted execution
environment module is further to determine a runtime posture of the computing
device; and
wherein to perform the security threat assessment comprises to perform the security threat assessment of the one or more packets based on the runtime posture.
13. The computing device of claim 12, wherein to determine the
runtime posture of the computing device comprises to determine a runtime posture
of a virtual network function of the computing device.
14. The computing device of claim 1, wherein the communication
module is further to receive a remediation action instruction for the one or more
packets from the security server.
15. The computing device of claim 14, wherein the trusted execution
environment module is further to enforce a remediation action corresponding with
the remediation action instruction.
16. A method for distributed detection of security anomalies by a
computing device, the method comprising:
establishing, by the computing device, a trusted relationship with a security server;
reading, by the computing device, one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship;
performing, by the computing device, a security threat assessment of the one or more packets; and
transmitting, by the computing device, the security threat assessment to the security server.
17. The method of claim 16, wherein establishing the trusted
relationship comprises establishing the trusted relationship with a corresponding
trusted execution environment module of the security server.
18. The method of claim 17, wherein transmitting the security threat
assessment comprises transmitting the security threat assessment to the
corresponding trusted execution environment module of the security server over
an out-of-band communication channel established between the trusted execution
environment module of the computing device and the corresponding trusted
execution environment module of the security server.
19. The method of claim 16, further comprising determining, by the
computing device, a runtime posture of a virtual network function of the
computing device; and
wherein performing the security threat assessment comprises performing the security threat assessment of the one or more packets based on the runtime posture.
20. The method of claim 16, further comprising:
receiving, by the computing device, a remediation action instruction for the one or more packets from the security server; and
enforcing, by the computing device, a remediation action corresponding with the remediation action instruction.
21. A security server for distributed detection of security anomalies,
the security server comprising:
a trusted execution environment module to establish a trusted relationship with a computing device; and
a communication module to receive, from the computing device, a security threat assessment of one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network of the computing device;
wherein the trusted execution environment module is further to correlate the security threat assessment with a security threat database of the security server to determine whether the one or more packets pose a security threat.
22. The security server of claim 21, wherein to establish the trusted
relationship comprises to establish the trusted relationship with a corresponding
trusted execution environment module of the computing device; and
wherein to receive the security threat assessment comprises to receive the security threat assessment from the corresponding trusted execution environment
module of the computing device over an out-of-band communication channel established between the trusted execution environment module of the security server and the corresponding trusted execution environment module of the computing device.
23. The security server of claim 21, wherein the trusted execution
environment module is further to establish a trusted tunnel with the computing
device based on the trusted relationship.
24. The security server of claim 21, wherein the trusted execution
environment module is further to determine a remediation action in response to
identification of a security threat based on correlation of the security threat
assessment with the security threat database.
25. The security server of claim 24, wherein to determine the
remediation action comprises to:
request a remediation determination from a remediation server; and receive a remediation instruction associated with the remediation
determination from the remediation server; and
wherein the communication module is further to transmit the remediation
instruction to the computing device.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | Priority Document [10-02-2017(online)].pdf | 2017-02-10 |
| 2 | Form 5 [10-02-2017(online)].pdf | 2017-02-10 |
| 3 | Drawing [10-02-2017(online)].pdf | 2017-02-10 |
| 4 | Description(Complete) [10-02-2017(online)].pdf_213.pdf | 2017-02-10 |
| 5 | Description(Complete) [10-02-2017(online)].pdf | 2017-02-10 |
| 6 | Form 18 [15-02-2017(online)].pdf | 2017-02-15 |
| 7 | Form5_After Filling_20-02-2017.pdf | 2017-02-20 |
| 8 | 201747004904.pdf | 2017-02-20 |
| 9 | Form 26 [20-03-2017(online)].pdf | 2017-03-20 |
| 10 | Correspondence by Agent_Power of Attorney_24-03-2017.pdf | 2017-03-24 |
| 11 | Form 3 [28-03-2017(online)].pdf | 2017-03-28 |
| 12 | Other Patent Document [01-04-2017(online)].pdf | 2017-04-01 |
| 13 | Correspondence by Agent_Proof Of Right_11-04-2017.pdf | 2017-04-11 |
| 14 | Other Document [21-04-2017(online)].pdf | 2017-04-21 |
| 15 | Marked Copy [21-04-2017(online)].pdf | 2017-04-21 |
| 16 | Form 13 [21-04-2017(online)].pdf | 2017-04-21 |
| 17 | 201747004904-FER.pdf | 2019-05-31 |
| 18 | 201747004904-FORM 3 [21-11-2019(online)].pdf | 2019-11-21 |
| 19 | 201747004904-PETITION UNDER RULE 137 [29-11-2019(online)].pdf | 2019-11-29 |
| 20 | 201747004904-OTHERS [29-11-2019(online)].pdf | 2019-11-29 |
| 21 | 201747004904-FER_SER_REPLY [29-11-2019(online)].pdf | 2019-11-29 |
| 22 | 201747004904-CLAIMS [29-11-2019(online)].pdf | 2019-11-29 |
| 23 | 201747004904-PatentCertificate05-10-2023.pdf | 2023-10-05 |
| 24 | 201747004904-IntimationOfGrant05-10-2023.pdf | 2023-10-05 |
Search Strategy
| 1 | searchstrategy_17-05-2019.pdf |