Patents by Inventor Paolina Centonze
Paolina Centonze has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9836608Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: GrantFiled: October 20, 2016Date of Patent: December 5, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paolina Centonze, Yinnon Avraham Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, Omer Tripp
-
Patent number: 9607154Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: GrantFiled: September 22, 2013Date of Patent: March 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paolina Centonze, Yinnon Avraham Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, Omer Tripp
-
Publication number: 20170039375Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: ApplicationFiled: October 20, 2016Publication date: February 9, 2017Inventors: Paolina CENTONZE, Yinnon Avraham HAVIV, Roee HAY, Marco PISTOIA, Adi SHARABANI, Omer TRIPP
-
Patent number: 9449190Abstract: A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing.Type: GrantFiled: May 27, 2008Date of Patent: September 20, 2016Assignee: International Business Machines CorporationInventors: Paolina Centonze, Jose Gomes, Marco Pistoia
-
Publication number: 20150089637Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: ApplicationFiled: September 22, 2013Publication date: March 26, 2015Inventors: Paolina Centonze, Yinnon Avraham Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, Omer Tripp
-
Static analysis for verification of software program access to secure resources for computer systems
Patent number: 8793800Abstract: Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: GrantFiled: October 5, 2012Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Static analysis for verification of software program access to secure resources for computer systems
Patent number: 8683599Abstract: Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: GrantFiled: September 4, 2012Date of Patent: March 25, 2014Assignee: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Patent number: 8606621Abstract: Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes.Type: GrantFiled: September 14, 2012Date of Patent: December 10, 2013Assignee: International Business Machines CorporationInventors: Mondher Ben-Hamida, Chad Boucher, Paolina Centonze, Mary E. Helander, Kaan K. Katircioglu, Karthik Sourirajan
-
Patent number: 8572727Abstract: Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.Type: GrantFiled: November 23, 2009Date of Patent: October 29, 2013Assignee: International Business Machines CorporationInventors: Paolina Centonze, Yinnon Avraham Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, Omer Tripp
-
Patent number: 8473899Abstract: Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location.Type: GrantFiled: December 15, 2009Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventors: Paolina Centonze, Mohammed Mostafa, Marco Pistoia, Takaaki Tateishi
-
Static analysis for verification of software program access to secure resources for computer systems
Patent number: 8381242Abstract: A method includes, using a static analysis, analyzing a software program to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. The method also includes, in response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, outputting a result indicative of the analyzing. Computer program products and apparatus are also disclosed. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: GrantFiled: July 20, 2010Date of Patent: February 19, 2013Assignee: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Publication number: 20130013367Abstract: Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes.Type: ApplicationFiled: September 14, 2012Publication date: January 10, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mondhar Ben-Hamida, Chad Boucher, Paolina Centonze, Mary E. Helander, Kaan K. Katircloglu, Karthik Sourirajan
-
Patent number: 8346595Abstract: Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes.Type: GrantFiled: November 26, 2008Date of Patent: January 1, 2013Assignee: International Business Machines CorporationInventors: Mondhar Ben-Hamida, Chad Boucher, Paolina Centonze, Mary E. Helander, Kaan K. Katircloglu, Karthik Sourirajan
-
Publication number: 20120331445Abstract: Apparatus and program products are disclosed. Using a static analysis performed on code, the code is analyzed to determine a set of unchanged objects and modifying the code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The modified code is output. Another technique includes accessing code from a client, and in response to any of the code being source code, compiling the source code into object code until all the code from the client comprises object code. Using a static analysis performed on the object code, the object code is analyzed to determine a set of unchanged objects and the object code is modified to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The modified object code is returned to the client.Type: ApplicationFiled: September 5, 2012Publication date: December 27, 2012Applicant: International Business Machines CorporationInventors: Paolina Centonze, Peter K. Malkin, Marco Pistoia
-
Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems
Publication number: 20120331547Abstract: Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: ApplicationFiled: September 4, 2012Publication date: December 27, 2012Applicant: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Patent number: 8332939Abstract: The present invention relates to a method for identifying subject-executed code and subject-granted access rights within a program, the method further comprising the steps of: constructing a static model of a program, and determining a set of access rights that are associated with each subject object that is comprised within the program. The method further comprises the steps of annotating the invocation graph with the set of access right data to generate a subject-rights analysis, wherein each node comprised within the invocation graph is mapped to a set of access rights that represent subject-granted access rights under which a method that corresponds to a respective node will be executed, and utilizing the subject-rights analysis to perform a subject-rights analysis of the program.Type: GrantFiled: February 21, 2007Date of Patent: December 11, 2012Assignee: International Business Machines CorporationInventors: Paolina Centonze, Marco Pistoia
-
Patent number: 8230477Abstract: The present invention relates to methodologies for combining policy analysis and static analysis of code and thereafter determining whether the permissions granted by the policy to the code and to the subjects executing it are appropriate. In particular, this involves the verification that too many permissions have not been granted (wherein this would be a violation of the Principle of Least Privilege), and that the permissions being granted are sufficient to execute the code without run-time authorization failures, thus resulting in the failure of the program to execute.Type: GrantFiled: February 21, 2007Date of Patent: July 24, 2012Assignee: International Business Machines CorporationInventors: Paolina Centonze, Marco Pistoia
-
Publication number: 20120089962Abstract: A method includes, using a static analysis performed on code, analyzing the code to determine a set of unchanged objects and modifying the code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method also includes outputting the modified code. Apparatus and program products are also disclosed. Another method includes accessing code from a client, and in response to any of the code being source code, compiling the source code into object code until all the code from the client comprises object code. The method further includes, using a static analysis performed on the object code, analyzing the object code to determine a set of unchanged objects and modifying the object code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method additionally includes returning the modified object code to the client.Type: ApplicationFiled: October 8, 2010Publication date: April 12, 2012Applicant: International Business Machines CorporationInventors: Paolina Centonze, Peter K. Malkin, Marco Pistoia
-
Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems
Publication number: 20120023553Abstract: A method includes, using a static analysis, analyzing a software program to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. The method also includes, in response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, outputting a result indicative of the analyzing. Computer program products and apparatus are also disclosed. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: ApplicationFiled: July 20, 2010Publication date: January 26, 2012Applicant: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Patent number: 8006233Abstract: The present relates to a method for verifying privileged and subject-executed code within a program, the method further comprising the steps of constructing a static model of a program, identifying checkPermission nodes that are comprised within the invocation graph, and performing a fixed-point iteration, wherein each determined permission set is propagated backwards across the nodes of the static model until a privilege-asserting code node is reached. The method further comprises the steps of associating each node of the invocation graph with a set of Permission allocation sites, analyzing each identified privilege-asserting code node and subject-executing code node to determine the Permission allocation site set that is associated with each privilege-asserting code node and subject-executing code node, and determining the cardinality of a Permission allocation-site set that is associated with each privilege-asserting code node and subject-executing code node.Type: GrantFiled: February 21, 2007Date of Patent: August 23, 2011Assignee: International Business Machines CorporationInventors: Paolina Centonze, Marco Pistoia