Patents by Inventor Azzedine Benameur
Azzedine Benameur has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9843594Abstract: The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: October 28, 2014Date of Patent: December 12, 2017Assignee: Symantec CorporationInventors: Nathan Evans, Azzedine Benameur, Yun Shen
-
Patent number: 9794275Abstract: Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.Type: GrantFiled: June 28, 2013Date of Patent: October 17, 2017Assignee: Symantec CorporationInventors: Azzedine Benameur, Nathan S. Evans
-
Patent number: 9612852Abstract: Techniques for redirecting input/output are disclosed. In one particular embodiment, the techniques may be realized as a method for redirecting input/output comprising the steps of method for redirecting input/output comprising configuring a first virtual machine with a recorder for library interposition, configuring a replica virtual machine with a player for library interposition, receiving a first recorded event from the first virtual machine, and transferring the first recorded event to the replica virtual machine for replay.Type: GrantFiled: December 18, 2012Date of Patent: April 4, 2017Assignee: Veritas Technologies LLCInventors: Azzedine Benameur, Nathan S. Evans
-
Patent number: 9582669Abstract: The disclosed computer-implemented method for detecting discrepancies in automobile-network data may include (1) receiving data that indicates at least one attribute of an automobile and that was conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile, (2) receiving additional data that indicates the same attribute of the automobile and that was not conveyed via any automobile-network message that was broadcast over the automobile network, (3) detecting a discrepancy between the data and the additional data, and (4) performing a security action in response to detecting the discrepancy between the data and the additional data. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: October 28, 2014Date of Patent: February 28, 2017Assignee: Symantec CorporationInventors: Yun Shen, Nathan Evans, Azzedine Benameur
-
Patent number: 9525665Abstract: A computer-implemented method for obscuring network services may include (1) identifying a local network comprising at least one client and at least one host, where the host provides a service that is not bound to any routable address on the local network and the client is expected to send messages to the service, (2) provisioning the client with a proxy that intercepts the messages directed to the service by the client, identifies the host that provides the service, and adds at least one layer of encryption to the messages, (3) configuring the proxy to route the messages through an onion routing network within the local network that comprises at least one onion routing node, and (4) configuring the onion routing network to remove the at least one layer of encryption from the messages before forwarding the messages. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: March 13, 2014Date of Patent: December 20, 2016Assignee: Symantec CorporationInventors: Nathan Evans, Azzedine Benameur, Matthew Elder
-
Patent number: 8640208Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.Type: GrantFiled: November 28, 2007Date of Patent: January 28, 2014Assignee: SAP AGInventors: Azzedine Benameur, Paul El Khoury, Cedric S. P. Ulmer
-
Patent number: 8527954Abstract: A method is provided for creating a behavior pattern of a computer program which comprises at least one source code with a plurality of program operations which are arranged in a logical succession and the source code is provided with annotations. Each annotation is referencing to a respective program operation and the annotations are read out automatically by a modeling tool, which is running on a processing unit and generating the behavior pattern of the computer program by arranging the annotations which have been read out according to the logical succession of the program operations and providing the generated behavior pattern, so that the generated behavior pattern can be represented via a representing unit. Furthermore, an appropriate server and an appropriate network system are provided.Type: GrantFiled: July 25, 2008Date of Patent: September 3, 2013Assignee: SAP AGInventors: Azzedine Benameur, Paul El Khoury
-
Patent number: 8495744Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.Type: GrantFiled: March 25, 2009Date of Patent: July 23, 2013Assignee: SAP AGInventors: Paul El Khoury, Azzedine Benameur, Smriti Kumar Sinha
-
Patent number: 8245045Abstract: The present description refers in particular to example computer-implemented methods, example computer program products, and example computer systems for automatically generating or verifying a digital signature for a message. The message may be representable in a hierarchical tree structure. An example computer-implemented method may comprise: selecting, from a message MT, a sub-message M to be signed, the sub-message M comprising at least one element; generating a well-formed context CMt for the sub-message M, wherein the well-formed context CMt defines a derivation path to the element in the message MT at a time t, the element being marked [M] in the well-formed context CMt; generating a message digest ?M from the sub-message M and a context digest ?C from the well-formed context CMt; and generating a signature S by applying a secret key SA of a user A to the message digest ?M and to the context digest ?C.Type: GrantFiled: September 28, 2009Date of Patent: August 14, 2012Assignee: SAP AGInventors: Azzedine Benameur, Smriti Kumar Sinha, Paul El Khoury
-
Publication number: 20100250476Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.Type: ApplicationFiled: March 25, 2009Publication date: September 30, 2010Inventors: PAUL EL KHOURY, Azzedine BENAMEUR, Smriti Kumar SINHA
-
Publication number: 20100162406Abstract: The present description refers in particular to a computer implemented method, computer program product, and computer system for dynamic separation of duties (SoD) during workflow execution. Based on at least one policy file, at a monitoring module, at least one node to be logged from a message in a message pipe of one or more messages exchanged when executing a workflow instance may be specified. Information on the at least one logged node may be passed to an enforcer. SoD violation for the at least one logged node may be checked at the enforcer. If, for the at least one logged node, SoD is violated, action may be taken based on the at least one policy file.Type: ApplicationFiled: June 12, 2009Publication date: June 24, 2010Applicant: SAP AGInventors: Azzedine Benameur, Paul El Khoury, Joana Da Trindade
-
Publication number: 20100082993Abstract: The present description refers in particular to a computer-implemented method, a computer program product, and a computer system for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure and to a computer-implemented method, a computer program product, and a computer system for automatically verifying a digital signature of a message, the message being representable in a hierarchical tree structure.Type: ApplicationFiled: September 28, 2009Publication date: April 1, 2010Applicant: SAP AGInventors: Azzedine Benameur, Smriti Kumar Sinha, Paul El Khoury
-
Publication number: 20090044271Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product for input validation and output validation to prevent SQL injections. In one aspect, an embodiment of the invention involves a service (e.g., a web service operating on a server) receiving a request message from a client over a network. The server includes a handler for checking the request message according to a first method, prior to sending the request message to the service. In addition, the handler checks a response message (from the service) according to the first method, prior to sending the response message to the client.Type: ApplicationFiled: July 17, 2008Publication date: February 12, 2009Applicant: SAP AGInventors: Azzedine Benameur, Paul El Khoury
-
Publication number: 20090037884Abstract: A method is provided for creating a behavior pattern of a computer program which comprises at least one source code with a plurality of program operations which are arranged in a logical succession and the source code is provided with annotations. Each annotation is referencing to a respective program operation and the annotations are read out automatically by a modeling tool, which is running on a processing unit and generating the behavior pattern of the computer program by arranging the annotations which have been read out according to the logical succession of the program operations and providing the generated behavior pattern, so that the generated behavior pattern can be represented via a representing unit. Furthermore, an appropriate server and an appropriate network system are provided.Type: ApplicationFiled: July 25, 2008Publication date: February 5, 2009Inventors: Azzedine Benameur, Paul El Khoury
-
Publication number: 20090025068Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.Type: ApplicationFiled: November 28, 2007Publication date: January 22, 2009Applicant: SAP AGInventors: Azzedine Benameur, Paul El Khoury, Cedric S.P. Ulmer