Patents by Inventor Angelos Keromytis

Angelos Keromytis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10237059
    Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: March 19, 2019
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Lakshminarasimhan Sethumadhavan, Kanad Sinha, Angelos Keromytis, Vasileios Pappas, Vasileios Kemerlis
  • Patent number: 9495541
    Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.
    Type: Grant
    Filed: September 17, 2012
    Date of Patent: November 15, 2016
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Michalis Polychronakis, Angelos Keromytis
  • Publication number: 20160119137
    Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.
    Type: Application
    Filed: November 20, 2015
    Publication date: April 28, 2016
    Applicant: The Trustees of Columbia University in the City of New York
    Inventors: Lakshminarasimhan SETHUMADHAVAN, Kanad SINHA, Angelos KEROMYTIS, Vasilis PAPPAS, Vasileios KEMERLIS
  • Publication number: 20140344932
    Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.
    Type: Application
    Filed: September 17, 2012
    Publication date: November 20, 2014
    Inventors: Michalis Polychronakis, Angelos Keromytis
  • Patent number: 7996325
    Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.
    Type: Grant
    Filed: December 7, 2009
    Date of Patent: August 9, 2011
    Assignee: AT&T Intellectual Property II, LP
    Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
  • Publication number: 20100094644
    Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.
    Type: Application
    Filed: December 7, 2009
    Publication date: April 15, 2010
    Applicant: AT&T Corp.
    Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
  • Patent number: 7650313
    Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.
    Type: Grant
    Filed: June 12, 2004
    Date of Patent: January 19, 2010
    Assignee: AT&T Corp.
    Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis
  • Publication number: 20070214505
    Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.
    Type: Application
    Filed: October 20, 2006
    Publication date: September 13, 2007
    Inventors: Angelos Stavrou, Angelos Keromytis, Jason Nieh, Vishal Misra, Daniel Rubenstein
  • Publication number: 20060195745
    Abstract: In accordance with the present invention, computer implemented methods and systems are provided that allow an application to automatically recover from software failures and attacks. Using one or more sensors, failures may be detected in the application. In response to detecting the failure, the portion of the application's code that caused the failure is isolated. Using the input vectors that caused the failure, information regarding the failure (e.g., the type of failure), a core dump file (e.g., stack trace), etc., an emulator-based vaccine that repairs the failure is constructed. In response to verifying that the vaccine repaired the failure, the application is automatically updated with the emulator-based vaccine without user intervention. Application community features that efficiently use the resources available in software monoculture is also provided.
    Type: Application
    Filed: June 1, 2005
    Publication date: August 31, 2006
    Inventors: Angelos Keromytis, Michael Locasto, Stylianos Sidiroglou
  • Publication number: 20050257264
    Abstract: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
    Type: Application
    Filed: June 9, 2004
    Publication date: November 17, 2005
    Inventors: Salvatore Stolfo, Tal Malkin, Angelos Keromytis, Vishal Misra, Michael Locasto, Janak Parekh
  • Patent number: 6789068
    Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.
    Type: Grant
    Filed: November 8, 1999
    Date of Patent: September 7, 2004
    Assignee: AT&T Corp.
    Inventors: Matthew A. Blaze, John Ioannidis, Angelos Keromytis