Patents by Inventor Patrick Michael LiVecchi
Patrick Michael LiVecchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8489755Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.Type: GrantFiled: April 28, 2011Date of Patent: July 16, 2013Assignee: International Business Machines CorporationInventors: Patricia Ann Jakubik, Patrick Michael Livecchi, Linwood Hugh Overby, Jr.
-
Publication number: 20110239301Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.Type: ApplicationFiled: April 28, 2011Publication date: September 29, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: PATRICIA ANN JAKUBIK, PATRICK MICHAEL LIVECCHI, LINWOOD HUGH OVERBY, JR.
-
Patent number: 7996544Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.Type: GrantFiled: July 8, 2003Date of Patent: August 9, 2011Assignee: International Business Machines CorporationInventors: Patricia Ann Jakubik, Patrick Michael LiVecchi, Linwood Hugh Overby, Jr.
-
Patent number: 7979895Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.Type: GrantFiled: August 16, 2007Date of Patent: July 12, 2011Assignee: International Business Machines CorporationInventors: Walter Bartlett Farrell, Patrick Michael LiVecchi, Scott Christopher Moonen
-
Patent number: 7954138Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.Type: GrantFiled: August 16, 2007Date of Patent: May 31, 2011Assignee: International Business Machines CorporationInventors: Patrick Michael LiVecchi, Scott Christopher Moonen
-
Patent number: 7779255Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.Type: GrantFiled: June 27, 2007Date of Patent: August 17, 2010Assignee: International Business Machines CorporationInventor: Patrick Michael LiVecchi
-
Patent number: 7734916Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.Type: GrantFiled: March 21, 2008Date of Patent: June 8, 2010Assignee: International Business Machines CorporationInventor: Patrick Michael LiVecchi
-
Publication number: 20090049523Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.Type: ApplicationFiled: August 16, 2007Publication date: February 19, 2009Applicant: International Business Machines CorporationInventors: Patrick Michael LiVecchi, Scott Christopher Moonen
-
Publication number: 20090049524Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.Type: ApplicationFiled: August 16, 2007Publication date: February 19, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Walter Bartlett Farrell, Patrick Michael LiVecchi, Scott Christopher Moonen
-
Publication number: 20080168557Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.Type: ApplicationFiled: March 21, 2008Publication date: July 10, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Patrick Michael LiVecchi
-
Patent number: 7356695Abstract: Techniques are disclosed for improving multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.Type: GrantFiled: August 1, 2002Date of Patent: April 8, 2008Assignee: International Business Machines CorporationInventor: Patrick Michael LiVecchi
-
Patent number: 7222366Abstract: Improvements in intrusion detection are disclosed by providing intrusion event filtering and/or generic attack signature processing. These services may be integrated into a system or server that is the potential target of attack, or alternatively may be implemented in a network device. Filtering may be provided using sensitivity levels and suspicion levels. Generic attack signatures describe relatively broad classes of intrusions. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.Type: GrantFiled: January 28, 2002Date of Patent: May 22, 2007Assignee: International Business Machines CorporationInventors: David Aro Bruton, III, Patricia Jakubik, Patrick Michael LiVecchi, Linwood Hugh Overby, Jr.
-
Patent number: 7076803Abstract: Improvements in intrusion detection are disclosed by providing integrated intrusion detection services. Preferably, these services are integrated into a system or server that is the potential target of attack. Stack-based security processing is leveraged for access to cleartext data within the layers of the protocol stack. Layer-specific attacks may therefore be processed efficiently. Evaluation of incoming traffic for an intrusion is preferably performed only after an error condition of some type has been detected. This approach reduces the overhead of intrusion detection by reducing the number of packets to be inspected, and at the same time allows more efficient packet inspection through use of context-specific information that may be used to direct the inspection to particular candidate attacks. Generic attack class capability is also disclosed. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.Type: GrantFiled: January 28, 2002Date of Patent: July 11, 2006Assignee: International Business Machines CorporationInventors: David Aro Bruton, III, Patricia Jakubik, Patrick Michael LiVecchi, Linwood Hugh Overby, Jr.
-
Patent number: 6823515Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.Type: GrantFiled: May 10, 2001Date of Patent: November 23, 2004Assignee: International Business Machines CorporationInventor: Patrick Michael LiVecchi
-
Publication number: 20030145226Abstract: Improvements in intrusion detection are disclosed by providing integrated intrusion detection services. Preferably, these services are integrated into a system or server that is the potential target of attack. Stack-based security processing is leveraged for access to cleartext data within the layers of the protocol stack. Layer-specific attacks may therefore be processed efficiently. Evaluation of incoming traffic for an intrusion is preferably performed only after an error condition of some type has been detected. This approach reduces the overhead of intrusion detection by reducing the number of packets to be inspected, and at the same time allows more efficient packet inspection through use of context-specific information that may be used to direct the inspection to particular candidate attacks. Generic attack class capability is also disclosed. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.Type: ApplicationFiled: January 28, 2002Publication date: July 31, 2003Applicant: International Business Machines CorporationInventors: David Aro Bruton, Patricia Jakubik, Patrick Michael LiVecchi, Linwood Hugh Overby
-
Publication number: 20030145225Abstract: Improvements in intrusion detection are disclosed by providing intrusion event filtering and/or generic attack signature processing. These services may be integrated into a system or server that is the potential target of attack, or alternatively may be implemented in a network device. Filtering may be provided using sensitivity levels and suspicion levels. Generic attack signatures describe relatively broad classes of intrusions. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.Type: ApplicationFiled: January 28, 2002Publication date: July 31, 2003Applicant: International Business Machines CorporationInventors: David Aro Bruton, Patricia Jakubik, Patrick Michael LiVecchi, Linwood Hugh Overby
-
Patent number: 6427161Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.Type: GrantFiled: June 12, 1998Date of Patent: July 30, 2002Assignee: International Business Machines CorporationInventor: Patrick Michael LiVecchi
-
Patent number: 6339771Abstract: A system and method for processing a request utilizing a database management system in a computer system is disclosed. The database management system manages at least one database. At least one database subsystem corresponding to the database management system is available. The computer system includes a plurality of worker threads. The method and system include assigning the request to a worker thread of the plurality of worker threads. The worker thread is for aiding in execution of the request. The method and system also include providing a connection to a particular database subsystem for the worker thread and associating the connection with the worker thread if the worker thread has not previously used the particular database subsystem. The method and system further include reusing the connection to the particular database subsystem that is associated with the worker thread if the worker thread has previously used the particular database subsystem.Type: GrantFiled: July 7, 2000Date of Patent: January 15, 2002Assignee: International Business Machines CorporationInventors: Melvin Richard Zimowski, Jeffrey David Aman, Steven J. Greenspan, Patrick Michael LiVecchi
-
Publication number: 20010018701Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.Type: ApplicationFiled: May 10, 2001Publication date: August 30, 2001Inventor: Patrick Michael LiVecchi
-
Patent number: 6112196Abstract: A system and method for processing a request utilizing a database management system in a computer system is disclosed. The database management system manages at least one database. At least one database subsystem corresponding to the database management system is available. The computer system includes a plurality of worker threads. The method and system include assigning the request to a worker thread of the plurality of worker threads. The worker thread is for aiding in execution of the request. The method and system also include providing a connection to a particular database subsystem for the worker thread and associating the connection with the worker thread if the worker thread has not previously used the particular database subsystem. The method and system further include reusing the connection to the particular database subsystem that is associated with the worker thread if the worker thread has previously used the particular database subsystem.Type: GrantFiled: June 25, 1998Date of Patent: August 29, 2000Assignee: International Business Machines CorporationInventors: Melvin Richard Zimowski, Jeffrey David Aman, Steven J. Greenspan, Patrick Michael LiVecchi