Patents by Inventor IOSIF V. ONUT

IOSIF V. ONUT has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190163921
    Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.
    Type: Application
    Filed: January 30, 2019
    Publication date: May 30, 2019
    Inventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
  • Publication number: 20190163919
    Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.
    Type: Application
    Filed: January 30, 2019
    Publication date: May 30, 2019
    Inventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
  • Publication number: 20190147004
    Abstract: A computer-implemented method and/or computer program product selectively assigns a task using a hybrid task assignment process. One or more processors direct a working hardware node in a network to crawl a particular application, thus causing the working hardware node to encounter a task in the particular application. The processor(s) selectively handle the task according to whether the task is reserved for dynamic assignment to an other hardware node in the network, such that in response to a determination that the task encountered is not reserved, the task is handled by the working hardware node that is crawling the particular application, and in response to a determination that the task encountered is reserved, the task encountered is sent to a central unit for dynamic assignment to the other hardware node in the network.
    Type: Application
    Filed: January 9, 2019
    Publication date: May 16, 2019
    Inventors: Gregor Von Bochmann, Guy-Vincent R. Jourdan, Iosif V. Onut, Seyed M. Mir Taheri
  • Publication number: 20190138733
    Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.
    Type: Application
    Filed: January 2, 2019
    Publication date: May 9, 2019
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Patent number: 10268825
    Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: April 23, 2019
    Assignee: International Business Machines Corporation
    Inventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
  • Patent number: 10262065
    Abstract: A computer-implemented method for hybrid task assignment is presented. A working hardware node crawls a particular application and encounters a task. A mapping function is used to determine whether the task encountered is reserved. In response to a determination the task encountered is not reserved, the task is handled by the working node, and in response to a determination the task encountered is reserved, the task encountered is sent to a central unit. A determination is made as to whether the working node is idle. In response to a determination the working node is idle, another task is requested from the central unit by the working node. In response to a determination the working node is not idle, as determination is made as to whether all tasks are complete. In response to a determination all tasks are not complete, the task is handled by the working node.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: April 16, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gregor Von Bochmann, Guy-Vincent R. Jourdan, Iosif V. Onut, Seyed M. Mir Taheri
  • Patent number: 10235218
    Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.
    Type: Grant
    Filed: May 3, 2016
    Date of Patent: March 19, 2019
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Patent number: 10210336
    Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: February 19, 2019
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Patent number: 10146749
    Abstract: An embodiment for tracking JavaScript actions in a rich Internet application, receives a document object model (DOM) representative of a particular page of an application at a particular time and analyzes the DOM received to identify each JavaScript action on the particular page for which each JavaScript action identified, a JavaScript action characteristics ID is calculated and stored. Responsive to a determination multiple instances of a same ID exist, collecting a list of JavaScript actions corresponding to each ID corresponding to a multiple JavaScript action and removing from memory JavaScript action entries for the multiple instances of the same ID. A neighbor influence is computed for a member of the list of JavaScript actions remaining and the JavaScript action ID calculated for the member of the list of JavaScript actions remaining is stored. Responsive to a determination there are no more multiple JavaScript actions, return all JavaScript action IDs stored.
    Type: Grant
    Filed: January 6, 2015
    Date of Patent: December 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Khalil A. Ayoub, Gregor V. Bochmann, Nevon C. Brake, Mustafa E. Dincturk, Paul Ionescu, Guy-Vincent Jourdan, Iosif V. Onut
  • Publication number: 20180285572
    Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.
    Type: Application
    Filed: November 10, 2017
    Publication date: October 4, 2018
    Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
  • Publication number: 20180285571
    Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.
    Type: Application
    Filed: March 28, 2017
    Publication date: October 4, 2018
    Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
  • Publication number: 20180268060
    Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.
    Type: Application
    Filed: May 24, 2018
    Publication date: September 20, 2018
    Inventors: Gregor von Bochmann, Paul Ionescu, Guy-Vincent Jourdan, Seyed Ali Moosavi Byooki, Iosif V. Onut, Omer Tripp
  • Patent number: 10078698
    Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.
    Type: Grant
    Filed: April 15, 2014
    Date of Patent: September 18, 2018
    Assignee: International Business Machines Corporation
    Inventors: Gregor von Bochmann, Paul Ionescu, Guy-Vincent Jourdan, Seyed Ali Moosavi Byooki, Iosif V. Onut, Omer Tripp
  • Patent number: 10079848
    Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: September 18, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Patent number: 9998482
    Abstract: An attack upon a web interface is detected in real-time. The web interface is one of many web interfaces across many ports across many computer systems within a network. Data on the attack is gathered. The attack data includes traffic data. Variants of the attack are determined based on data of the attack. The variants are selected from a predetermined set of attack variants. The attacked interface is scanned with the selected attack variants. The web interface is identified as vulnerable to at least one variant of the attack. In response to this identification, the attack is responded to without human intervention.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut
  • Publication number: 20180157842
    Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.
    Type: Application
    Filed: December 1, 2016
    Publication date: June 7, 2018
    Inventors: Elizabeth A. Holz, Iosif V. Onut, Joni E. Saylor, Hyun Kyu Seo, Ronald B. Williams
  • Publication number: 20180139226
    Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.
    Type: Application
    Filed: February 5, 2018
    Publication date: May 17, 2018
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Publication number: 20180137286
    Abstract: Technical solutions are described for testing a computer program product. An example method includes intercepting an instance of a request sent for execution by the computer program product, the request being one from a plurality of requests in a sequential flow. The method also includes storing a unique identifier for the request, and initializing a current test request index in response to the request being a first instance of a starting request of the sequential flow. The method also includes selecting a test task from a set of test tasks corresponding to the request in response to determining that the request is a current test-request based on an index of the request matching the current test request index. The method also includes modifying the instance of the request according to the selected test task, and sending the modified instance of the request to the computer program product for execution.
    Type: Application
    Filed: November 16, 2016
    Publication date: May 17, 2018
    Inventors: Paul Ionescu, Iosif V. Onut, Shahar Sperling, Omer Tripp
  • Patent number: 9940479
    Abstract: A method of classifying privacy relevance of an application programming interface (API) comprises analyzing a set of input applications to identify a plurality of custom APIs and generating a respective taint specification for each identified custom API. The method further comprises generating taint flows based on each taint specification and matching features and associated feature values from the taint flows to a set of feature templates. The method also comprises correlating the matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features. The method further comprises detecting a candidate API, extracting features from the candidate API and comparing the extracted features to the set of privacy relevant features. Based on the comparison, a label is assigned to the candidate API indicating privacy relevance of the candidate API.
    Type: Grant
    Filed: October 20, 2015
    Date of Patent: April 10, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp
  • Publication number: 20180083991
    Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.
    Type: Application
    Filed: September 20, 2016
    Publication date: March 22, 2018
    Inventors: Paul Ionescu, Iosif V. Onut, Omer Tripp