Patents by Inventor Azzedine Benameur

Azzedine Benameur has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190141058
    Abstract: Implementations are directed to methods for detecting and identifying advanced persistent threats (APTs) in networks, including receiving first domain activity data from a first network domain and second domain activity data from a second network domain, including multiple alerts from the respective first and second network domains and where each alert of the multiple alerts results from one or more detected events in the respective first or second network domains. A classification determined for each alert of the multiple alerts with respect to a cyber kill chain. A dependency is then determined for each of one or more pairs of alerts and a graphical visualization of the multiple alerts is generated, where the graphical visualization includes multiple nodes and edges between the nodes, each node corresponding to the cyber kill chain and representing at least one alert, and each edge representing a dependency between alerts.
    Type: Application
    Filed: November 9, 2017
    Publication date: May 9, 2019
    Inventors: Amin Hassanzadeh, Azzedine Benameur, Robin Lynn Burkett, Apoorv Krishak, Chien An Chen, Nahid Farhady Ghalaty
  • Patent number: 10278074
    Abstract: The disclosed computer-implemented method for categorizing mobile devices as rooted may include (1) gathering a set of metadata describing a plurality of rooted mobile devices that have been modified to allow a user to alter protected systems and an additional set of metadata describing a plurality of unrooted mobile devices that have not been modified to allow the user to alter the protected systems, (2) comparing the set of metadata with the additional set of metadata to determine at least one feature that differentiates the rooted mobile devices from the unrooted mobile devices, (3) determining whether the feature is present in metadata that describes an uncategorized mobile device, and (4) categorizing the uncategorized mobile device as a rooted mobile device based on the presence of the feature in the metadata that describes the uncategorized mobile device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 22, 2015
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Yun Shen, Azzedine Benameur, Nathan Evans
  • Patent number: 10243963
    Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans, Yun Shen
  • Patent number: 10225284
    Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: March 5, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan S. Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10185838
    Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: January 22, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10146893
    Abstract: A computer-implemented method for evaluating electronic control units within vehicle emulations may include (1) connecting an actual electronic control unit for a vehicle to a vehicle bus that emulates network traffic rather than actual network traffic generated by operation of the vehicle, (2) manipulating input to the actual electronic control unit to test how safely the actual electronic control unit and the emulated electronic control unit respond to the manipulated input, (3) detecting an output from the actual electronic control unit that indicates a response, from the actual electronic control unit, to manipulating the input, and (4) evaluating a safety level of at least one of the actual electronic control unit and the emulated electronic control unit based on detecting the output from the actual electronic control unit. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: December 4, 2018
    Assignee: Symantec Corporation
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10114947
    Abstract: The disclosed computer-implemented method for logging processes within containers may include (i) detecting creation of a new container that comprises a lightweight platform-independent filesystem capable of executing at least one process that is isolated from a host computing device that hosts the container, (ii) launching, within the new container, a monitoring process that maintains a log of events associated with a process that will be executing within the new container, (iii) recording to the log, by the monitoring process, data about at least one event associated with the process executing within the container, and (iv) exporting, by the monitoring process, the log to the host computing device that hosts the new container. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans, Yun Shen
  • Patent number: 9953158
    Abstract: The disclosed computer-implemented method for enforcing secure software execution may include (1) providing at least one known benign input to an executable file that is susceptible to abnormal code execution, (2) observing a series of function calls made by the executable file as the executable file processes the known benign input, (3) storing the series of function calls as a control flow graph that represents known safe function call pathways for the executable file, and (4) forcing a subsequent execution of the executable file to follow the series of function calls stored in the control flow graph to protect the executable file against abnormal code execution. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: April 24, 2018
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans
  • Patent number: 9898615
    Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: February 20, 2018
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 9898272
    Abstract: The present disclosure relates to systems and methods based at least in part on managing electronic device configuration and/or features. In some embodiments, a method may include identifying a first configuration state at a first time; generating a virtual configuration state based at least in part on the first configuration state at the first time; determining a first modification to be made to the first configuration state based at least in part on a first characteristic of a first application; modifying the virtual configuration state based at least in part on the determined first modification; and/or modifying the first configuration state at a second time after the first time based at least in part on the determined first modification.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: February 20, 2018
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans, Yun Shen
  • Patent number: 9843594
    Abstract: The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: December 12, 2017
    Assignee: Symantec Corporation
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 9794275
    Abstract: Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: October 17, 2017
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan S. Evans
  • Patent number: 9612852
    Abstract: Techniques for redirecting input/output are disclosed. In one particular embodiment, the techniques may be realized as a method for redirecting input/output comprising the steps of method for redirecting input/output comprising configuring a first virtual machine with a recorder for library interposition, configuring a replica virtual machine with a player for library interposition, receiving a first recorded event from the first virtual machine, and transferring the first recorded event to the replica virtual machine for replay.
    Type: Grant
    Filed: December 18, 2012
    Date of Patent: April 4, 2017
    Assignee: Veritas Technologies LLC
    Inventors: Azzedine Benameur, Nathan S. Evans
  • Patent number: 9582669
    Abstract: The disclosed computer-implemented method for detecting discrepancies in automobile-network data may include (1) receiving data that indicates at least one attribute of an automobile and that was conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile, (2) receiving additional data that indicates the same attribute of the automobile and that was not conveyed via any automobile-network message that was broadcast over the automobile network, (3) detecting a discrepancy between the data and the additional data, and (4) performing a security action in response to detecting the discrepancy between the data and the additional data. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: February 28, 2017
    Assignee: Symantec Corporation
    Inventors: Yun Shen, Nathan Evans, Azzedine Benameur
  • Patent number: 9525665
    Abstract: A computer-implemented method for obscuring network services may include (1) identifying a local network comprising at least one client and at least one host, where the host provides a service that is not bound to any routable address on the local network and the client is expected to send messages to the service, (2) provisioning the client with a proxy that intercepts the messages directed to the service by the client, identifies the host that provides the service, and adds at least one layer of encryption to the messages, (3) configuring the proxy to route the messages through an onion routing network within the local network that comprises at least one onion routing node, and (4) configuring the onion routing network to remove the at least one layer of encryption from the messages before forwarding the messages. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 13, 2014
    Date of Patent: December 20, 2016
    Assignee: Symantec Corporation
    Inventors: Nathan Evans, Azzedine Benameur, Matthew Elder
  • Patent number: 8640208
    Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.
    Type: Grant
    Filed: November 28, 2007
    Date of Patent: January 28, 2014
    Assignee: SAP AG
    Inventors: Azzedine Benameur, Paul El Khoury, Cedric S. P. Ulmer
  • Patent number: 8527954
    Abstract: A method is provided for creating a behavior pattern of a computer program which comprises at least one source code with a plurality of program operations which are arranged in a logical succession and the source code is provided with annotations. Each annotation is referencing to a respective program operation and the annotations are read out automatically by a modeling tool, which is running on a processing unit and generating the behavior pattern of the computer program by arranging the annotations which have been read out according to the logical succession of the program operations and providing the generated behavior pattern, so that the generated behavior pattern can be represented via a representing unit. Furthermore, an appropriate server and an appropriate network system are provided.
    Type: Grant
    Filed: July 25, 2008
    Date of Patent: September 3, 2013
    Assignee: SAP AG
    Inventors: Azzedine Benameur, Paul El Khoury
  • Patent number: 8495744
    Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.
    Type: Grant
    Filed: March 25, 2009
    Date of Patent: July 23, 2013
    Assignee: SAP AG
    Inventors: Paul El Khoury, Azzedine Benameur, Smriti Kumar Sinha
  • Patent number: 8245045
    Abstract: The present description refers in particular to example computer-implemented methods, example computer program products, and example computer systems for automatically generating or verifying a digital signature for a message. The message may be representable in a hierarchical tree structure. An example computer-implemented method may comprise: selecting, from a message MT, a sub-message M to be signed, the sub-message M comprising at least one element; generating a well-formed context CMt for the sub-message M, wherein the well-formed context CMt defines a derivation path to the element in the message MT at a time t, the element being marked [M] in the well-formed context CMt; generating a message digest ?M from the sub-message M and a context digest ?C from the well-formed context CMt; and generating a signature S by applying a secret key SA of a user A to the message digest ?M and to the context digest ?C.
    Type: Grant
    Filed: September 28, 2009
    Date of Patent: August 14, 2012
    Assignee: SAP AG
    Inventors: Azzedine Benameur, Smriti Kumar Sinha, Paul El Khoury
  • Publication number: 20100250476
    Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.
    Type: Application
    Filed: March 25, 2009
    Publication date: September 30, 2010
    Inventors: PAUL EL KHOURY, Azzedine BENAMEUR, Smriti Kumar SINHA