Patents by Inventor Angelos Keromytis
Angelos Keromytis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10237059Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.Type: GrantFiled: November 20, 2015Date of Patent: March 19, 2019Assignee: The Trustees of Columbia University in the City of New YorkInventors: Lakshminarasimhan Sethumadhavan, Kanad Sinha, Angelos Keromytis, Vasileios Pappas, Vasileios Kemerlis
-
Patent number: 9495541Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.Type: GrantFiled: September 17, 2012Date of Patent: November 15, 2016Assignee: The Trustees of Columbia University in the City of New YorkInventors: Michalis Polychronakis, Angelos Keromytis
-
Publication number: 20160119137Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.Type: ApplicationFiled: November 20, 2015Publication date: April 28, 2016Applicant: The Trustees of Columbia University in the City of New YorkInventors: Lakshminarasimhan SETHUMADHAVAN, Kanad SINHA, Angelos KEROMYTIS, Vasilis PAPPAS, Vasileios KEMERLIS
-
Publication number: 20140344932Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.Type: ApplicationFiled: September 17, 2012Publication date: November 20, 2014Inventors: Michalis Polychronakis, Angelos Keromytis
-
Patent number: 7996325Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.Type: GrantFiled: December 7, 2009Date of Patent: August 9, 2011Assignee: AT&T Intellectual Property II, LPInventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
-
Publication number: 20100094644Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.Type: ApplicationFiled: December 7, 2009Publication date: April 15, 2010Applicant: AT&T Corp.Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
-
Patent number: 7650313Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.Type: GrantFiled: June 12, 2004Date of Patent: January 19, 2010Assignee: AT&T Corp.Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
-
Publication number: 20070214505Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.Type: ApplicationFiled: October 20, 2006Publication date: September 13, 2007Inventors: Angelos Stavrou, Angelos Keromytis, Jason Nieh, Vishal Misra, Daniel Rubenstein
-
Publication number: 20060195745Abstract: In accordance with the present invention, computer implemented methods and systems are provided that allow an application to automatically recover from software failures and attacks. Using one or more sensors, failures may be detected in the application. In response to detecting the failure, the portion of the application's code that caused the failure is isolated. Using the input vectors that caused the failure, information regarding the failure (e.g., the type of failure), a core dump file (e.g., stack trace), etc., an emulator-based vaccine that repairs the failure is constructed. In response to verifying that the vaccine repaired the failure, the application is automatically updated with the emulator-based vaccine without user intervention. Application community features that efficiently use the resources available in software monoculture is also provided.Type: ApplicationFiled: June 1, 2005Publication date: August 31, 2006Inventors: Angelos Keromytis, Michael Locasto, Stylianos Sidiroglou
-
Publication number: 20050257264Abstract: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.Type: ApplicationFiled: June 9, 2004Publication date: November 17, 2005Inventors: Salvatore Stolfo, Tal Malkin, Angelos Keromytis, Vishal Misra, Michael Locasto, Janak Parekh
-
Patent number: 6789068Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.Type: GrantFiled: November 8, 1999Date of Patent: September 7, 2004Assignee: AT&T Corp.Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis