Patents by Inventor Omer Y. Boehm
Omer Y. Boehm has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10152592Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: GrantFiled: December 11, 2015Date of Patent: December 11, 2018Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Yousef Shajrawi
-
Patent number: 10007787Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.Type: GrantFiled: December 28, 2015Date of Patent: June 26, 2018Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Nitzan Peleg
-
Patent number: 9734329Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: GrantFiled: April 19, 2016Date of Patent: August 15, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170185775Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.Type: ApplicationFiled: December 28, 2015Publication date: June 29, 2017Inventors: Omer Y. Boehm, Nitzan Peleg
-
Publication number: 20170169216Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: ApplicationFiled: December 11, 2015Publication date: June 15, 2017Inventors: Omer Y. Boehm, Yousef Shajrawi
-
Patent number: 9665717Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: GrantFiled: September 13, 2016Date of Patent: May 30, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9665710Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: GrantFiled: September 14, 2016Date of Patent: May 30, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091449Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: ApplicationFiled: April 19, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091456Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: ApplicationFiled: September 13, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091447Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: ApplicationFiled: September 14, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9576138Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: GrantFiled: September 30, 2015Date of Patent: February 21, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9367424Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.Type: GrantFiled: March 13, 2014Date of Patent: June 14, 2016Assignee: International Business Machines CorporationInventors: Omer Y Boehm, Anat Hashavit, Roy Levin, Yousef Shajrawi
-
Publication number: 20150261649Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.Type: ApplicationFiled: March 13, 2014Publication date: September 17, 2015Applicant: International Business Machines CorporationInventors: Omer Y. Boehm, Anat Hashavit, Roy Levin, Yousef Shajrawi