Patents by Inventor Dimitrios Pendarakis
Dimitrios Pendarakis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160006703Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: September 15, 2015Publication date: January 7, 2016Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquilo Valdez
-
Patent number: 9152223Abstract: Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element.Type: GrantFiled: November 2, 2012Date of Patent: October 6, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David L. Cohn, Guerney D. H. Hunt, James Randal Moulic, Dimitrios Pendarakis
-
Publication number: 20150271180Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.Type: ApplicationFiled: April 14, 2015Publication date: September 24, 2015Inventors: MIHAI CHRISTODORESCU, DIMITRIOS PENDARAKIS, KAPIL K. SINGH
-
Patent number: 9098709Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.Type: GrantFiled: November 13, 2012Date of Patent: August 4, 2015Assignee: International Business Machines CorporationInventors: Mihai Christodorescu, Dimitrios Pendarakis, Kapil K. Singh
-
Publication number: 20150074392Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: September 12, 2013Publication date: March 12, 2015Applicant: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 8949797Abstract: A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system.Type: GrantFiled: April 16, 2010Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Najwa Aaraj, Mihai Christodorescu, Dimitrios Pendarakis, Reiner Sailer, Douglas L. Schales
-
Patent number: 8924189Abstract: A system and method for workload generation include a processor for identifying a workload model by determining each of a hierarchy for workload generation, time scales for workload generation, and states and transitions at each of the time scales, and defining a parameter by determining each of fields for user specific attributes, application specific attributes, network specific attributes, content specific attributes, and a probability distribution function for each of the attributes; a user level template unit corresponding to a relatively slow time scale in signal communication with the processor; an application level template corresponding to a relatively faster time scale in signal communication with the processor; a stream level template corresponding to a relatively fastest time scale in signal communication with the processor; and a communications adapter in signal communication with the processor for defining a workload generating unit responsive to the template units.Type: GrantFiled: May 29, 2008Date of Patent: December 30, 2014Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Eric P. Bouillet, Parijat Dube, Zhen Liu, Dimitrios Pendarakis
-
Patent number: 8839345Abstract: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.Type: GrantFiled: March 17, 2008Date of Patent: September 16, 2014Assignee: International Business Machines CorporationInventors: John L. Griffin, Dimitrios Pendarakis, Ronald Perez, Reiner Sailer, Enriquillo Valdez
-
Publication number: 20140137181Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.Type: ApplicationFiled: November 15, 2012Publication date: May 15, 2014Applicant: International Business Machines CorporationInventors: Mihai Christodorescu, Dimitrios Pendarakis, Kapil K. Singh
-
Publication number: 20140137179Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.Type: ApplicationFiled: November 13, 2012Publication date: May 15, 2014Applicant: International Business Machines CorporationInventors: Mihai Christodorescu, Dimitrios Pendarakis, Kapil K. Singh
-
Publication number: 20140108784Abstract: A method to verify a geographic location of a virtual disk image executing at a data center server within a data center. One embodiment includes a cryptoprocessor proximate the data center server, a hypervisor configured to send a disk image hash value of the virtual disk image, a digital certificate issued to the cryptoprocessor, an endorsement key to a data center tenant and a location provider. The method includes sending a disk image hash value of the virtual disk image, an endorsement key unique to a cryptoprocessor proximate the data center server to a data center tenant, and a digital certificate to a data center tenant. Next, the location provider sends the geographic location of the cryptoprocessor matching the endorsement key to the data center tenant.Type: ApplicationFiled: October 12, 2012Publication date: April 17, 2014Applicant: International Business Machines CorporationInventors: Dimitrios Pendarakis, Arvind Seshadri
-
Patent number: 8694786Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.Type: GrantFiled: October 4, 2011Date of Patent: April 8, 2014Assignee: International Business Machines CorporationInventors: Rajiv Augu, Steven A. Bade, Jeb R Linton, Dimitrios Pendarakis, George C. Wilson, Lee Hardy Wilson
-
Patent number: 8625538Abstract: A method for association of a mobile terminal with an access point (AP) includes determining a set of available APs. The AP from among the available APs that has the coverage area that is likely to encompass the mobile terminal for the greatest period of time or distance is selected. The selected AP is associated with the mobile terminal.Type: GrantFiled: November 13, 2007Date of Patent: January 7, 2014Assignee: International Business Machines CorporationInventors: Minkyong Kim, Zhen Liu, Srinivasan Parthasarathy, Dimitrios Pendarakis, Hao Yang
-
Publication number: 20130232238Abstract: Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element.Type: ApplicationFiled: November 2, 2012Publication date: September 5, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David L. Cohn, Guerney D.H. Hunt, James Randal Moulic, Dimitrios Pendarakis
-
Patent number: 8489722Abstract: Techniques for transmitting data according to at least one quality of service requirement. A message path is calculated specifying a sequence of broker computers selected from a network of interconnected broker computers. The message path is statistically estimated to fulfill the at least one quality of service requirement. Quality of service metrics are received about the network of interconnected broker computers. If the message path is determined not to fulfill the quality of service requirement, a new message path is calculated specifying a new sequence of broker computers selected from the network of interconnected broker computers. The new message path is statistically estimated to fulfill the at least one quality of service requirement.Type: GrantFiled: November 24, 2009Date of Patent: July 16, 2013Assignee: International Business Machines CorporationInventors: Kyriakos Karenos, Minkyong Kim, Hui Lei, Dimitrios Pendarakis, Hao Yang, Fan Ye
-
Patent number: 8473602Abstract: Systems and methods are provided to determine an allocation of network resources in a distributed on-demand information technology (IT) systems using existing control mechanisms for other operating system resources in order to achieve a desired operating point within the IT system. This desired operating point is obtained by optimizing a goal-based objective function while taking into account system constraints. The relationship between utilization of all system resources, i.e. network resources and processing resources, and attainment of performance objectives is autonomously obtained for a plurality of actions that could be required by a range of system applications. This relationship is used to allocate network resources to applications while maintaining desired performance objectives. The allocation is enforced using existing control mechanisms.Type: GrantFiled: June 11, 2005Date of Patent: June 25, 2013Assignee: Intellectual Business Machines CorporationInventors: Zhen Liu, Dimitrios Pendarakis, Jeremy I. Silber, Laura Wynter
-
Publication number: 20130086383Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.Type: ApplicationFiled: October 4, 2011Publication date: April 4, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rajiv Augusto Santos Galvao de Andrade, Steven A. Bade, Jeb R. Linton, Dimitrios Pendarakis, George C. Wilson, Lee H. Wilson
-
Publication number: 20130061058Abstract: An apparatus includes a memory to store a secure object comprising at least one of code and data that is encrypted when stored in the memory and a central processing unit (CPU) that is capable of executing an EnterSecureMode (esm) instruction that enables the decryption of the secure object's information when the secure object information is retrieved from the memory into the CPU. The CPU further comprises a feature to protect the secure object from code received from other software.Type: ApplicationFiled: September 6, 2011Publication date: March 7, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Harold Boivie, Dimitrios Pendarakis
-
Patent number: 8185352Abstract: A system, method, and computer program product for benchmarking a stream processing system are disclosed. The method comprises generating a plurality of correlated test streams. A semantically related data set is embedded within each of the test streams in the plurality of correlated test streams. The plurality of correlated test streams is provided to at least one stream processing system. A summary is generated for each of the semantically related embedded data sets. A common identifier, which is transparent to the system being tested, is embedded within each stream in the plurality of correlated test streams. The common identifier is extracted from the output data set generated by the stream processing system. At least one of the stored copies of the summaries and the common identifier are compared to an output data set including a set of zero or more correlation results generated by the stream processing system.Type: GrantFiled: June 17, 2008Date of Patent: May 22, 2012Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Joseph P. Bigus, Eric Bouillet, Parijat Dube, Zhen Liu, Dimitrios Pendarakis
-
Publication number: 20110258610Abstract: A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system.Type: ApplicationFiled: April 16, 2010Publication date: October 20, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Najwa Aaraj, Mihai Christodorescu, Dimitrios Pendarakis, Reiner Sailer, Douglas L. Schales