Patents by Inventor Michael Vu Le
Michael Vu Le has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12682069Abstract: A critical-object guided operating system fuzzing method, system, and computer program product for guiding an operating system fuzzer to find security-related bugs in a kernel space of the operating system that includes identifying critical/sensitive objects, determining binary code addresses that result in access to the critical/sensitive objects, and executing the operating system fuzzer based on the binary code addresses.Type: GrantFiled: March 15, 2023Date of Patent: July 14, 2026Assignee: International Business Machines CorporationInventors: Jinghao Jia, Michael Vu Le, Md Salman Ahmed, Hani Talal Jamjoom
-
Publication number: 20260195158Abstract: An example operation includes one or more of booting a confidential VM based on a predefined image in response to a request from a software application, and disabling network communications into and out of the confidential VM, mounting an encrypted disk inside the confidential VM based on the predefined image, importing an encrypted ML model into the confidential VM based on the request from the software application, importing a decryption key into the confidential VM and decrypting the encrypted ML model inside the confidential VM based on the decryption key, importing a second decryption key into the confidential VM and decrypting the encrypted disk inside the confidential VM, and launching a machine learning service with an executable instance of the encrypted ML model inside the confidential VM with an interface that enables the software application to input data to the executable instance of the encrypted ML model.Type: ApplicationFiled: January 3, 2025Publication date: July 9, 2026Inventors: Zhongshu Gu, Md Salman Ahmed, Michael Vu Le, Julian James Stephen, Pau-Chen Cheng, Enriquillo Valdez, Hani Talal Jamjoom
-
Patent number: 12625900Abstract: A method, computer system, and a computer program product for data processing, comprising obtaining a plurality of files from a data source. These files are analyzed the files for information about the content and in order to determine structural information of each file. Once the files have been analyzed, information in each file may be sorted and categorized by common content. Sensitive information may also be extracted and categorized separately. Information may then be then merged using the categories to create a single unified file.Type: GrantFiled: June 27, 2022Date of Patent: May 12, 2026Assignee: International Business Machines CorporationInventors: Youngja Park, Mohammed Fahd Alhamid, Stefano Braghin, Jing Xin Duan, Mokhtar Kandil, Michael Vu Le, Killian Levacher, Micha Gideon Moffie, Ian Michael Molloy, Walid Rjaibi, Ariel Farkash
-
Patent number: 12346453Abstract: A method to test an OS kernel interface, such as an eBPF helper function. The interface has a grammar that defines the kernel interface. Testing is carried out using eBPF code that invokes and tests the interface using a fuzzing engine. To facilitate the process, additional user space code is configured to generate at least one kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. After loading the eBPF code into the OS kernel, the user space code issues the kernel event that causes the eBPF code to run. In response, and as the fuzzing engine executes, the eBPF code records arguments sent to the OS kernel through the kernel interface. The arguments are passed through a data structure shared by the eBPF code and the user space code. By recording the arguments and other diagnostic information, the security of the kernel interface is evaluated.Type: GrantFiled: September 23, 2022Date of Patent: July 1, 2025Assignee: International Business Machines CorporationInventors: Anthony Saieva, Frederico Araujo, Sanjeev Das, Michael Vu Le, Jiyong Jang
-
Patent number: 12271484Abstract: Described are techniques for application hardening. The techniques include generating application traces using fuzzing for an application with a known security vulnerability, where the application traces include good traces that do not result in exploitation of the known security vulnerability and bad traces that result in exploitation of the known security vulnerability. The techniques further include identifying code segments that are executed by the bad traces and not executed by the good traces. The techniques further include modifying the identified code segments using binary rewriting.Type: GrantFiled: July 13, 2022Date of Patent: April 8, 2025Assignee: International Business Machines CorporationInventors: Michael Vu Le, Sanjeev Das
-
Publication number: 20240311491Abstract: A critical-object guided operating system fuzzing method, system, and computer program product for guiding an operating system fuzzer to find security-related bugs in a kernel space of the operating system that includes identifying critical/sensitive objects, determining binary code addresses that result in access to the critical/sensitive objects, and executing the operating system fuzzer based on the binary code addresses.Type: ApplicationFiled: March 15, 2023Publication date: September 19, 2024Inventors: Jinghao Jia, Michael Vu Le, Md Salman Ahmed, Hani Talal Jamjoom
-
Publication number: 20240297893Abstract: Described are techniques for dynamic quarantining of containers. The techniques include a system including a plurality of computing nodes configured to implement a plurality of queued containers. The system further includes a container scheduler comprising at least one plugin, where the at least one plugin is configured to cause the container scheduler to perform a method including assigning cybersecurity risk scores to the plurality of queued containers. The method further includes assigning cybersecurity risk tolerances to the plurality of computing nodes. The method further includes scheduling the plurality of queued containers to the plurality of computing nodes based on compatible combinations of the cybersecurity risk scores and the cybersecurity risk tolerances.Type: ApplicationFiled: March 5, 2023Publication date: September 5, 2024Inventors: Md Salman Ahmed, Michael Vu Le, Hani Talal Jamjoom
-
Publication number: 20240104221Abstract: A method to test an OS kernel interface, such as an eBPF helper function. The interface has a grammar that defines the kernel interface. Testing is carried out using eBPF code that invokes and tests the interface using a fuzzing engine. To facilitate the process, additional user space code is configured to generate at least one kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. After loading the eBPF code into the OS kernel, the user space code issues the kernel event that causes the eBPF code to run. In response, and as the fuzzing engine executes, the eBPF code records arguments sent to the OS kernel through the kernel interface. The arguments are passed through a data structure shared by the eBPF code and the user space code. By recording the arguments and other diagnostic information, the security of the kernel interface is evaluated.Type: ApplicationFiled: September 23, 2022Publication date: March 28, 2024Applicant: International Business Machines CorporationInventors: Anthony Saieva, Frederico Araujo, Sanjeev Das, Michael Vu Le, Jiyong Jang
-
Patent number: 11921885Abstract: A method, apparatus and computer program product for scheduling placement of containers in association with a set of hosts. The technique utilizes metrics that characterize container-specific risks. A first metric is a host interface risk for a container that quantifies how similar or dissimilar the container is relative to other containers running on a host. Preferably, host interface risk is derived with respect to a system call interface comprising a set of system calls, and the metric is based at least in part on a measure of dissimilarity among system calls. A second metric is a data sensitivity score that quantifies a degree to which sensitive data accesses are associated to the container. Based at least in part on the host interface risk scores and the data sensitivity scores, one or more containers are automatically scheduled for placement on the set of hosts to minimize security risk for the set of hosts.Type: GrantFiled: June 7, 2021Date of Patent: March 5, 2024Assignee: International Business Machines CorporationInventors: Michael Vu Le, Md Salman Ahmed, Hani Talal Jamjoom
-
Publication number: 20240020389Abstract: Described are techniques for application hardening. The techniques include generating application traces using fuzzing for an application with a known security vulnerability, where the application traces include good traces that do not result in exploitation of the known security vulnerability and bad traces that result in exploitation of the known security vulnerability. The techniques further include identifying code segments that are executed by the bad traces and not executed by the good traces. The techniques further include modifying the identified code segments using binary rewriting.Type: ApplicationFiled: July 13, 2022Publication date: January 18, 2024Inventors: Michael Vu Le, Sanjeev Das
-
Publication number: 20230418859Abstract: A method, computer system, and a computer program product for data processing, comprising obtaining a plurality of files from a data source. These files are analyzed the files for information about the content and in order to determine structural information of each file. Once the files have been analyzed, information in each file may be sorted and categorized by common content. Sensitive information may also be extracted and categorized separately. Information may then be then merged using the categories to create a single unified file.Type: ApplicationFiled: June 27, 2022Publication date: December 28, 2023Inventors: Youngja Park, MOHAMMED FAHD ALHAMID, Stefano Braghin, Jing Xin Duan, Mokhtar Kandil, Michael Vu Le, Killian Levacher, Micha Gideon Moffie, Ian Michael Molloy, Walid Rjaibi, ARIEL FARKASH
-
Patent number: 11709937Abstract: An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.Type: GrantFiled: August 25, 2021Date of Patent: July 25, 2023Assignee: International Business Machines CorporationInventors: Michael Vu Le, Hani Talal Jamjoom
-
Patent number: 11650801Abstract: Multiple execution traces of an application are accessed. The multiple execution traces have been collected at a basic block level. Basic blocks in the multiple execution traces are scored. Scores for the basic blocks represent benefits of performing binary slimming at the corresponding basic blocks. Runtime binary slimming is performed of the application based on the scores of the basic blocks.Type: GrantFiled: November 10, 2021Date of Patent: May 16, 2023Assignee: International Business Machines CorporationInventors: Michael Vu Le, Ian Michael Molloy, Taemin Park
-
Publication number: 20230069035Abstract: An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.Type: ApplicationFiled: August 25, 2021Publication date: March 2, 2023Inventors: Michael Vu Le, Hani Talal Jamjoom
-
Publication number: 20220391532Abstract: A method, apparatus and computer program product for scheduling placement of containers in association with a set of hosts. The technique utilizes metrics that characterize container-specific risks. A first metric is a host interface risk for a container that quantifies how similar or dissimilar the container is relative to other containers running on a host. Preferably, host interface risk is derived with respect to a system call interface comprising a set of system calls, and the metric is based at least in part on a measure of dissimilarity among system calls. A second metric is a data sensitivity score that quantifies a degree to which sensitive data accesses are associated to the container. Based at least in part on the host interface risk scores and the data sensitivity scores, one or more containers are automatically scheduled for placement on the set of hosts to minimize security risk for the set of hosts.Type: ApplicationFiled: June 7, 2021Publication date: December 8, 2022Applicant: International Business Machines CorporationInventors: Michael Vu Le, Md Salman Ahmed, Hani Talal Jamjoom
-
Patent number: 11522880Abstract: A method, system, and computer-usable medium for analyzing security data formatted in STIX™ format. Data related to actions performed by one or more users is captured. Individual tasks, such as analytics or extract, transform, load (ETL) tasks related to the captured data is created. Individual tasks are registered to a workflow for executing particular security threat or incident analysis. The workflow is executed and visualized to perform the security threat or incident analysis.Type: GrantFiled: July 9, 2020Date of Patent: December 6, 2022Assignee: International Business Machines CorporationInventors: Sulakshan Vajipayajula, Paul Coccoli, James Brent Peterson, Michael Vu Le, Ian Michael Molloy
-
Patent number: 11277434Abstract: Reducing attack surface by selectively collocating applications on host computers is provided. System resources utilized by each application running in a plurality of host computers of a data processing environment are measured. Which applications running in the plurality of host computers that utilize similar system resources are determined. Those applications utilizing similar system resources are collocated on respective host computers.Type: GrantFiled: March 24, 2020Date of Patent: March 15, 2022Assignee: International Business Machines CorporationInventors: Michael Vu Le, Hani Talal Jamjoom, Ian Michael Molloy
-
Publication number: 20220066757Abstract: Multiple execution traces of an application are accessed. The multiple execution traces have been collected at a basic block level. Basic blocks in the multiple execution traces are scored. Scores for the basic blocks represent benefits of performing binary slimming at the corresponding basic blocks. Runtime binary slimming is performed of the application based on the scores of the basic blocks.Type: ApplicationFiled: November 10, 2021Publication date: March 3, 2022Inventors: Michael Vu Le, Ian Michael Molloy, Taemin Park
-
Patent number: 11262993Abstract: Unused instructions and no longer used instructions in a target application binary are determined. The target application binary is rewritten before and after runtime execution of the target application binary to remove the unused and no longer used instructions to reduce binary attack surface area for the runtime execution of the target application binary. Methods, computer systems, and computer program products are disclosed.Type: GrantFiled: September 26, 2019Date of Patent: March 1, 2022Assignee: International Business Machines CorporationInventors: Michael Vu Le, Ian Michael Molloy, Jacob Tinkhauser
-
Publication number: 20220014531Abstract: A method, system, and computer-usable medium for analyzing security data formatted in STIX™ format. Data related to actions performed by one or more users is captured. Individual tasks, such as analytics or extract, transform, load (ETL) tasks related to the captured data is created. Individual tasks are registered to a workflow for executing particular security threat or incident analysis. The workflow is executed and visualized to perform the security threat or incident analysis.Type: ApplicationFiled: July 9, 2020Publication date: January 13, 2022Inventors: Sulakshan Vajipayajula, Paul Coccoli, James Brent Peterson, Michael Vu Le, Ian Michael Molloy