Patents by Inventor IOSIF V. ONUT
IOSIF V. ONUT has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11886596Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.Type: GrantFiled: March 3, 2020Date of Patent: January 30, 2024Assignee: International Business Machines CorporationInventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Patent number: 11574063Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: GrantFiled: February 15, 2022Date of Patent: February 7, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Publication number: 20220171862Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: ApplicationFiled: February 15, 2022Publication date: June 2, 2022Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Patent number: 11288375Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: GrantFiled: November 10, 2017Date of Patent: March 29, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Patent number: 11275798Abstract: A computer-implemented method and/or computer program product selectively assigns a task using a hybrid task assignment process. One or more processors direct a working hardware node in a network to crawl a particular application, thus causing the working hardware node to encounter a task in the particular application. The processor(s) selectively handle the task according to whether the task is reserved for dynamic assignment to an other hardware node in the network, such that in response to a determination that the task encountered is not reserved, the task is handled by the working hardware node that is crawling the particular application, and in response to a determination that the task encountered is reserved, the task encountered is sent to a central unit for dynamic assignment to the other hardware node in the network.Type: GrantFiled: January 9, 2019Date of Patent: March 15, 2022Assignee: International Business Machines CorporationInventors: Gregor Von Bochmann, Guy-Vincent R. Jourdan, Iosif V. Onut, Seyed M. Mir Taheri
-
Patent number: 11132409Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.Type: GrantFiled: May 24, 2018Date of Patent: September 28, 2021Assignee: International Business Machines CorporationInventors: Gregor von Bochmann, Paul Ionescu, Guy-Vincent Jourdan, Seyed Ali Moosavi Byooki, Iosif V. Onut, Omer Tripp
-
Patent number: 10819730Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.Type: GrantFiled: December 5, 2017Date of Patent: October 27, 2020Assignee: International Business Machines CorporationInventors: Russell L. Couturier, Michael Hanner, Iosif V. Onut, Ronald B. Williams
-
Publication number: 20200202010Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.Type: ApplicationFiled: March 3, 2020Publication date: June 25, 2020Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Patent number: 10621360Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621359Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621361Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: GrantFiled: January 30, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
-
Patent number: 10621358Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.Type: GrantFiled: January 2, 2019Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Patent number: 10614221Abstract: Technical solutions are described for testing a computer program product. An example method includes intercepting an instance of a request sent for execution by the computer program product, the request being one from a plurality of requests in a sequential flow. The method also includes storing a unique identifier for the request, and initializing a current test request index in response to the request being a first instance of a starting request of the sequential flow. The method also includes selecting a test task from a set of test tasks corresponding to the request in response to determining that the request is a current test-request based on an index of the request matching the current test request index. The method also includes modifying the instance of the request according to the selected test task, and sending the modified instance of the request to the computer program product for execution.Type: GrantFiled: November 16, 2016Date of Patent: April 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul Ionescu, Iosif V. Onut, Shahar Sperling, Omer Tripp
-
Patent number: 10572635Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.Type: GrantFiled: December 5, 2018Date of Patent: February 25, 2020Assignee: International Business Machines CorporationInventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Publication number: 20200026583Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.Type: ApplicationFiled: December 5, 2018Publication date: January 23, 2020Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Publication number: 20190268365Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.Type: ApplicationFiled: May 10, 2019Publication date: August 29, 2019Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Publication number: 20190268364Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.Type: ApplicationFiled: May 10, 2019Publication date: August 29, 2019Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Patent number: 10333957Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.Type: GrantFiled: September 20, 2016Date of Patent: June 25, 2019Assignee: International Business Machines CorporationInventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
-
Publication number: 20190173908Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.Type: ApplicationFiled: December 5, 2017Publication date: June 6, 2019Inventors: Russell L. Couturier, Michael Hanner, Iosif V. Onut, Ronald B. Williams
-
Publication number: 20190163919Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.Type: ApplicationFiled: January 30, 2019Publication date: May 30, 2019Inventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams