Patents by Inventor Nitzan Peleg
Nitzan Peleg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11928605Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.Type: GrantFiled: August 6, 2019Date of Patent: March 12, 2024Assignee: International Business Machines CorporationInventors: Oleg Blinder, Nitzan Peleg, Omri Soceanu
-
Publication number: 20210042631Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.Type: ApplicationFiled: August 6, 2019Publication date: February 11, 2021Inventors: Oleg Blinder, Nitzan Peleg, Omri Soceanu
-
Patent number: 10831474Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.Type: GrantFiled: February 19, 2018Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Alain C. Azagury, Ilsiyar I. Gaynutdinov, Erez Hadad, Sadek Jbara, Igor Khapov, Alexey Miroshkin, Nitzan Peleg, Indrajit Poddar, Michael Rodeh
-
Patent number: 10762199Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: GrantFiled: May 9, 2018Date of Patent: September 1, 2020Assignee: International Business Machines CorporationInventors: Ayman Jarrous, Dov Murik, Omer-Yehuda Boehm, Nitzan Peleg
-
Patent number: 10607003Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.Type: GrantFiled: June 29, 2017Date of Patent: March 31, 2020Assignee: International Business Machines CorporationInventor: Nitzan Peleg
-
Patent number: 10210328Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.Type: GrantFiled: December 20, 2017Date of Patent: February 19, 2019Assignee: International Business Machines CorporationInventor: Nitzan Peleg
-
Publication number: 20190005231Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.Type: ApplicationFiled: December 20, 2017Publication date: January 3, 2019Inventor: Nitzan Peleg
-
Publication number: 20190005230Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventor: Nitzan Peleg
-
Publication number: 20180260559Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: ApplicationFiled: May 9, 2018Publication date: September 13, 2018Inventors: AYMAN JARROUS, Dov Murik, Omer-Yehuda Boehm, Nitzan Peleg
-
Patent number: 10007787Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.Type: GrantFiled: December 28, 2015Date of Patent: June 26, 2018Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Nitzan Peleg
-
Publication number: 20180173524Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.Type: ApplicationFiled: February 19, 2018Publication date: June 21, 2018Inventors: Alain C. Azagury, Ilsiyar I. Gaynutdinov, Erez Hadad, Sadek Jbara, Igor Khapov, Alexey Miroshkin, Nitzan Peleg, Indrajit Poddar, Michael Rodeh
-
Patent number: 9928062Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.Type: GrantFiled: March 4, 2016Date of Patent: March 27, 2018Assignee: International Business Machines CorporationInventors: Alain C. Azagury, Ilsiyar I. Gaynutdinov, Erez Hadad, Sadek Jbara, Igor Khapov, Alexey Miroshkin, Nitzan Peleg, Indrajit Poddar, Michael Rodeh
-
Publication number: 20170255462Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.Type: ApplicationFiled: March 4, 2016Publication date: September 7, 2017Inventors: Alain C. Azagury, Ilsiyar I. Gaynutdinov, Erez Hadad, Sadek Jbara, Igor Khapov, Alexey Miroshkin, Nitzan Peleg, Indrajit Poddar, Michael Rodeh
-
Patent number: 9710354Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.Type: GrantFiled: August 31, 2015Date of Patent: July 18, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Moshe Klausner, Nitzan Peleg
-
Patent number: 9710350Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.Type: GrantFiled: October 21, 2015Date of Patent: July 18, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Moshe Klausner, Nitzan Peleg
-
Patent number: 9703667Abstract: A method comprising: counting each occurrence of a hardware event by a Performance Monitoring Counter of a hardware processor during the execution of a target program code; orderly and continuously storing in a buffer of a Taken Branch Trace (TBT) Facility of said hardware processor a predefined TBT size of last taken branches of said target program code during its execution; every time said counting equals a sampling rate, triggering sampling of said buffer, to receive a TBT comprising current said predefined TBT size of last taken branches; constructing a full branch trace for each said TBT based on said target program code; extracting a predefined Chopped Branch Trace (CBT) size of last branches from each said full branch trace, to receive a chopped branch trace for said each TBT; and incrementally storing each said chopped branch trace to generate an edge profile of said target program code.Type: GrantFiled: February 22, 2015Date of Patent: July 11, 2017Assignee: International Business Machines CorporationInventors: Grigori Chtrasberg, Moshe Klausner, Nitzan Peleg, Yaakov Yaari
-
Publication number: 20170185775Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.Type: ApplicationFiled: December 28, 2015Publication date: June 29, 2017Inventors: Omer Y. Boehm, Nitzan Peleg
-
Publication number: 20170060725Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.Type: ApplicationFiled: August 31, 2015Publication date: March 2, 2017Inventors: Moshe Klausner, Nitzan Peleg
-
Publication number: 20170060721Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.Type: ApplicationFiled: October 21, 2015Publication date: March 2, 2017Inventors: Moshe Klausner, Nitzan Peleg
-
Publication number: 20160246697Abstract: A method comprising: counting each occurrence of a hardware event by a Performance Monitoring Counter of a hardware processor during the execution of a target program code; orderly and continuously storing in a buffer of a Taken Branch Trace (TBT) Facility of said hardware processor a predefined TBT size of last taken branches of said target program code during its execution; every time said counting equals a sampling rate, triggering sampling of said buffer, to receive a TBT comprising current said predefined TBT size of last taken branches; constructing a full branch trace for each said TBT based on said target program code; extracting a predefined Chopped Branch Trace (CBT) size of last branches from each said full branch trace, to receive a chopped branch trace for said each TBT; and incrementally storing each said chopped branch trace to generate an edge profile of said target program code.Type: ApplicationFiled: February 22, 2015Publication date: August 25, 2016Inventors: GRIGORI CHTRASBERG, Moshe Klausner, Nitzan Peleg, Yaakov Yaari