Patents by Inventor Benny Nissimov
Benny Nissimov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11893117Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.Type: GrantFiled: May 20, 2022Date of Patent: February 6, 2024Assignee: Twistlock Ltd.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Publication number: 20230362168Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.Type: ApplicationFiled: July 17, 2023Publication date: November 9, 2023Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Zin
-
Patent number: 11706220Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.Type: GrantFiled: June 20, 2022Date of Patent: July 18, 2023Assignee: Twistlock Ltd.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Zin
-
Patent number: 11489844Abstract: The disclosed serverless security access control system leverages static analysis information about application code and runtime information to create and assign on-the-fly transient serverless function roles. A default role can be initially assigned to serverless functions of the application. The default role allows the function to communicate with a security access broker. The access broker accesses least privilege information about an invoked serverless function and then creates and assigns a transient role to the serverless function based on that information. The short life of the role reduces and possibly eliminates the security risk of an over-permissive role. The access broker can update the least privilege information based on updated analysis of the application code and runtime information to allow flexibility and adaptation over executions.Type: GrantFiled: April 17, 2020Date of Patent: November 1, 2022Assignee: Twistlock Ltd.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Publication number: 20220329597Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.Type: ApplicationFiled: June 20, 2022Publication date: October 13, 2022Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Zin
-
Publication number: 20220277081Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.Type: ApplicationFiled: May 20, 2022Publication date: September 1, 2022Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Patent number: 11425127Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.Type: GrantFiled: February 20, 2020Date of Patent: August 23, 2022Assignee: TWISTLOCK LTD.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Zin
-
Patent number: 11372978Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.Type: GrantFiled: April 13, 2020Date of Patent: June 28, 2022Assignee: Twistlock Ltd.Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Publication number: 20210329003Abstract: The disclosed serverless security access control system leverages static analysis information about application code and runtime information to create and assign on-the-fly transient serverless function roles. A default role can be initially assigned to serverless functions of the application. The default role allows the function to communicate with a security access broker. The access broker accesses least privilege information about an invoked serverless function and then creates and assigns a transient role to the serverless function based on that information. The short life of the role reduces and possibly eliminates the security risk of an over-permissive role. The access broker can update the least privilege information based on updated analysis of the application code and runtime information to allow flexibility and adaptation over executions.Type: ApplicationFiled: April 17, 2020Publication date: October 21, 2021Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Publication number: 20210319108Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.Type: ApplicationFiled: April 13, 2020Publication date: October 14, 2021Inventors: Ory Segal, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Yosef Zin
-
Publication number: 20200267155Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.Type: ApplicationFiled: February 20, 2020Publication date: August 20, 2020Inventors: Ory SEGAL, Yuri Shapira, Avraham Shulman, Benny Nissimov, Shaked Zin