Patents by Inventor Karl D. Schmitz

Karl D. Schmitz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11010479
    Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: May 18, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bryan Childs, Peter Relson, Karl D. Schmitz, Michael P. Kasper, Kathryn Voss, Kin Choi
  • Patent number: 10915640
    Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: February 9, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Michael P. Kasper, Bryan Childs, Kin Choi, Karl D. Schmitz, Kathryn Voss
  • Publication number: 20200104507
    Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.
    Type: Application
    Filed: October 1, 2018
    Publication date: April 2, 2020
    Inventors: Michael P. Kasper, Bryan Childs, Kin Choi, Karl D. Schmitz, Kathryn Voss
  • Publication number: 20200104508
    Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.
    Type: Application
    Filed: October 1, 2018
    Publication date: April 2, 2020
    Inventors: Bryan Childs, Peter Relson, Karl D. Schmitz, Michael P. Kasper, Kathryn Voss, Kin Choi
  • Patent number: 10319457
    Abstract: Embodiments include methods, and computer system, and computer program products for testing directly and indirectly anchored interfaces for vulnerabilities regarding storage protection keys.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: June 11, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bryan C. Childs, Karl D. Schmitz
  • Publication number: 20170271027
    Abstract: Embodiments include methods, and computer system, and computer program products for testing directly and indirectly anchored interfaces for vulnerabilities regarding storage protection keys.
    Type: Application
    Filed: March 21, 2016
    Publication date: September 21, 2017
    Inventors: Bryan C. Childs, Karl D. Schmitz
  • Patent number: 8918885
    Abstract: A technique is provided for detecting vulnerabilities in system code on a computer. Supervisor call routines and program call routines of the system code are analyzed to determine which are available to a caller program that is an unauthorized program and has a PSW key 8-15. Predefined input parameters are provided to test cases for use by the supervisor call routines and the program call routines in order to generate an output for analysis. The output is analyzed to determine when supervisor call routines and/or program call routines performed a potential vulnerability action. The potential vulnerability action include reading from fetch protected storage, writing to system key (key 0-7) storage, and attempting to access unallocated storage while running with a PSW key 0-7.
    Type: Grant
    Filed: February 9, 2012
    Date of Patent: December 23, 2014
    Assignee: International Business Machines Corporation
    Inventors: James G. McClure, Karl D. Schmitz, Peter G. Spera
  • Publication number: 20130212682
    Abstract: A technique is provided for detecting vulnerabilities in system code on a computer. Supervisor call routines and program call routines of the system code are analyzed to determine which are available to a caller program that is an unauthorized program and has a PSW key 8-15. Predefined input parameters are provided to test cases for use by the supervisor call routines and the program call routines in order to generate an output for analysis. The output is analyzed to determine when supervisor call routines and/or program call routines performed a potential vulnerability action. The potential vulnerability action include reading from fetch protected storage, writing to system key (key 0-7) storage, and attempting to access unallocated storage while running with a PSW key 0-7.
    Type: Application
    Filed: February 9, 2012
    Publication date: August 15, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: James G. McClure, Karl D. Schmitz, Peter G. Spera
  • Patent number: 5212793
    Abstract: In order to reduce operating system overhead and to reduce the amount of time that work is queued in a computer operating system environment, flexibility enhancements are made to initiator address spaces allowing them to be created, destroyed, assigned, reassigned and reclaimed. Furthermore, initiator structures are provided with tailorable features which allow them to be readily tuned and honed for computer work associated with the particular classes or groups of work. A method for deployment of initiator address spaces is provided so as to meet response time goals set by system programmers and/or managers. Additionally, system operators are freed from the chore of real-time initiator management.
    Type: Grant
    Filed: September 4, 1991
    Date of Patent: May 18, 1993
    Assignee: International Business Machines Corp.
    Inventors: Patricia A. Donica, Stanley R. Shubert, Karl D. Schmitz