Patents by Inventor Dmitri Dodor
Dmitri Dodor has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11632380Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.Type: GrantFiled: March 17, 2020Date of Patent: April 18, 2023Assignee: International Business Machines CorporationInventors: Leonid Rodniansky, Peter Maniatis, Tania Butovsky, Dmitri Dodor
-
Patent number: 11562090Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.Type: GrantFiled: May 28, 2019Date of Patent: January 24, 2023Assignee: International Business Machines CorporationInventors: Dmitri Dodor, Peter A. Maniatis, Leonid Rodniansky
-
Patent number: 11347872Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.Type: GrantFiled: June 29, 2019Date of Patent: May 31, 2022Assignee: International Business Machines CorporationInventors: Dmitri Dodor, Leonid Rodniansky
-
Patent number: 11347871Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.Type: GrantFiled: January 16, 2018Date of Patent: May 31, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Dmitri Dodor, Leonid Rodniansky
-
Publication number: 20210297426Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.Type: ApplicationFiled: March 17, 2020Publication date: September 23, 2021Inventors: Leonid Rodniansky, Peter Maniatis, Tania Butovsky, Dmitri Dodor
-
Publication number: 20200380146Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.Type: ApplicationFiled: May 28, 2019Publication date: December 3, 2020Applicant: International Business Machines CorporationInventors: Dmitri Dodor, Peter A. Maniatis, Leonid Rodniansky
-
Publication number: 20190325150Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.Type: ApplicationFiled: June 29, 2019Publication date: October 24, 2019Applicant: International Business Machines CorporationInventors: Dmitri Dodor, Leonid Rodniansky
-
Publication number: 20190220607Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.Type: ApplicationFiled: January 16, 2018Publication date: July 18, 2019Applicant: International Business Machines CorporationInventors: Dmitri Dodor, Leonid Rodniansky