Patents by Inventor Jeffrey M. Uehling
Jeffrey M. Uehling has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11334686Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.Type: GrantFiled: December 3, 2019Date of Patent: May 17, 2022Assignee: International Business Machines CorporationInventors: Mark J. Anderson, Scott Forstie, Jeffrey M. Uehling
-
Patent number: 10990664Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a privileged storage of a computing system, wherein at least a portion of the privileged storage stores a microcode of the computing system, determining, based on the monitoring, that a first location of the privileged storage includes an instruction, determining that the first location is designated as an unused location of the privileged storage, and performing a predefined operation to remove the instruction from the first location of the privileged storage.Type: GrantFiled: November 20, 2017Date of Patent: April 27, 2021Assignee: International Business Machines CorporationInventors: Jeffrey M. Uehling, Michael J. Brinker, Daniel M. Hursh
-
Patent number: 10650156Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.Type: GrantFiled: April 26, 2017Date of Patent: May 12, 2020Assignee: International Business Machines CorporationInventors: Mark J. Anderson, Scott Forstie, Jeffrey M. Uehling
-
Publication number: 20200104532Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.Type: ApplicationFiled: December 3, 2019Publication date: April 2, 2020Inventors: Mark J. ANDERSON, Scott FORSTIE, Jeffrey M. UEHLING
-
Patent number: 10540523Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.Type: GrantFiled: April 26, 2017Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Mark J. Anderson, Scott Forstie, Jeffrey M. Uehling
-
Patent number: 10346625Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.Type: GrantFiled: October 31, 2016Date of Patent: July 9, 2019Assignee: International Business Machines CorporationInventors: Mark J. Anderson, Carol S. Budnik, Anna P. Dietenberger, Scott Forstie, Brian J. Hasselbeck, Allen K. Mei, Ellen B. Streifel, Jeffrey M. Uehling
-
Publication number: 20190156021Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a privileged storage of a computing system, wherein at least a portion of the privileged storage stores a microcode of the computing system, determining, based on the monitoring, that a first location of the privileged storage includes an instruction, determining that the first location is designated as an unused location of the privileged storage, and performing a predefined operation to remove the instruction from the first location of the privileged storage.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: Jeffrey M. UEHLING, Michael J. BRINKER, Daniel M. HURSH
-
Publication number: 20180314843Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.Type: ApplicationFiled: April 26, 2017Publication date: November 1, 2018Inventors: Mark J. ANDERSON, Scott FORSTIE, Jeffrey M. UEHLING
-
Publication number: 20180314845Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.Type: ApplicationFiled: April 26, 2017Publication date: November 1, 2018Inventors: Mark J. ANDERSON, Scott FORSTIE, Jeffrey M. UEHLING
-
Publication number: 20180121665Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.Type: ApplicationFiled: October 31, 2016Publication date: May 3, 2018Inventors: Mark J. ANDERSON, Carol S. BUDNIK, Anna P. DIETENBERGER, Scott FORSTIE, Brian J. HASSELBECK, Allen K. MEI, Ellen B. STREIFEL, Jeffrey M. UEHLING
-
Patent number: 9928365Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from a first application to obtain a set of call information based on runtime stack information related to calls of the first application requesting access to the file, storing the set of call information in a data file, receiving a request for access to the file from a second application, obtaining call information from a runtime stack from the second application, comparing the call information with the set of call information, determining the request for access is an abnormal request based on the comparing, and taking an action based on the determination.Type: GrantFiled: October 31, 2016Date of Patent: March 27, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark J. Anderson, Carol S. Budnik, Anna P. Dietenberger, Scott Forstie, Brian J. Hasselbeck, Allen K. Mei, Ellen B. Streifel, Jeffrey M. Uehling
-
Patent number: 9830469Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.Type: GrantFiled: October 31, 2016Date of Patent: November 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark J. Anderson, Carol S. Budnik, Anna P. Dietenberger, Scott Forstie, Brian J. Hasselbeck, Allen K. Mei, Ellen B. Streifel, Jeffrey M. Uehling
-
Patent number: 8225105Abstract: Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state.Type: GrantFiled: August 13, 2007Date of Patent: July 17, 2012Assignee: International Business Machines CorporationInventors: Michael J. Brinker, Rick D. Hemmer, Daniel M. Hursh, Jeffrey M. Uehling
-
Publication number: 20090049309Abstract: Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state.Type: ApplicationFiled: August 13, 2007Publication date: February 19, 2009Inventors: Michael J. Brinker, Rick D. Hemmer, Daniel M. Hursh, Jeffrey M. Uehling
-
Publication number: 20080184368Abstract: Methods, systems, and products are disclosed for preventing false positive detections in an intrusion detection system that include: establishing one or more activity profiles for an intrusion detection system, each activity profile specifying system activity for detection by the intrusion detection system; receiving, in the intrusion detection system, an exception notification for a specific activity profile, the exception notification specifying that the specific activity profile represents authorized system activity; determining, by the intrusion detection system, whether current system activity matches the specific activity profile; and administering, by the intrusion detection system, the current system activity if current system activity matches the specific activity profile.Type: ApplicationFiled: January 31, 2007Publication date: July 31, 2008Inventors: James R. Coon, Daniel P. Kolz, Jeffrey M. Uehling