Patents by Inventor Roee Hay
Roee Hay has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11288344Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: GrantFiled: June 10, 2019Date of Patent: March 29, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Patent number: 11188645Abstract: A first application being presented for installation on a processing system can be detected. The first application can be scanned, via a static analysis, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the static analysis is indeterminate, a runtime analysis of the first application can determine whether the interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application. If the user interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.Type: GrantFiled: November 27, 2019Date of Patent: November 30, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
-
Patent number: 11016874Abstract: An example system includes a processor to receive an application to be instrumented. The processor is to also instrument the application based on a baseline taint tracking scheme to generate an instrumented application including taint tags. The processor is also to execute the instrumented application and generate a profile of runtime behavior of the application. The processor is to modify the baseline tracking scheme based on the profile to generate an updated taint tracking scheme.Type: GrantFiled: September 19, 2018Date of Patent: May 25, 2021Assignee: International Business Machines CorporationInventors: Roee Hay, Omer Tripp
-
Patent number: 11017084Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.Type: GrantFiled: November 21, 2017Date of Patent: May 25, 2021Assignee: International Business Machines CorporationInventors: Roee Hay, Marco Pistoia, Omer Tripp
-
Patent number: 11005877Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: March 14, 2019Date of Patent: May 11, 2021Assignee: HCL Technologies LimitedInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10956313Abstract: In an approach for testing an application for a security vulnerability, a processor inserts an instrumentation hook in the application to be tested, wherein the instrumentation hook is executed prior to a sink operation. A processor transmits a probe input value to the application to be tested. A processor detects a modification to the probe input value at the instrumentation hook by comparing the probe input value at the instrumentation hook to a signature value and detecting that the probe input value matches the signature value. A processor removes the sink operation from testing for the security vulnerability.Type: GrantFiled: June 26, 2019Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Roee Hay, Omer Tripp
-
Patent number: 10742666Abstract: A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.Type: GrantFiled: February 4, 2016Date of Patent: August 11, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yinnon Haviv, Roee Hay, Marco Pistoia, Guy Podjarny, Adi Sharabani, Takaaki Tateishi, Omer Tripp, Omri Weisman
-
Patent number: 10657255Abstract: A computer-implemented method for detecting malware based on asymmetry includes receiving, via a processor, an application to be tested. The method includes computing, via the processor, a static call graph for the application. The method also includes generating, via the processor, an interprocedural control-flow graph (ICFG) based on the static call graph. The method further includes detecting, via the processor, symbolic path conditions and executable operations along different paths of conditional branches in the ICFG. The method further includes detecting, via the processor, asymmetries based on the symbolic path conditions and the executable operations. The method includes detecting, via the processor, a malicious block based on the detected asymmetries. The method further includes modifying, via the processor, the application based on the detected malicious block.Type: GrantFiled: December 17, 2015Date of Patent: May 19, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, Sagi Kedmi, Omer Tripp
-
Publication number: 20200097654Abstract: A first application being presented for installation on a processing system can be detected. The first application can be scanned, via a static analysis, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the static analysis is indeterminate, a runtime analysis of the first application can determine whether the interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application. If the user interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.Type: ApplicationFiled: November 27, 2019Publication date: March 26, 2020Inventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
-
Patent number: 10599843Abstract: A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.Type: GrantFiled: November 26, 2018Date of Patent: March 24, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
-
Publication number: 20200089595Abstract: An example system includes a processor to receive an application to be instrumented. The processor is to also instrument the application based on a baseline taint tracking scheme to generate an instrumented application including taint tags. The processor is also to execute the instrumented application and generate a profile of runtime behavior of the application. The processor is to modify the baseline tracking scheme based on the profile to generate an updated taint tracking scheme.Type: ApplicationFiled: September 19, 2018Publication date: March 19, 2020Inventors: Roee Hay, Omer Tripp
-
Patent number: 10528744Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.Type: GrantFiled: April 30, 2018Date of Patent: January 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
-
Publication number: 20190317888Abstract: In an approach for testing an application for a security vulnerability, a processor inserts an instrumentation hook in the application to be tested, wherein the instrumentation hook is executed prior to a sink operation. A processor transmits a probe input value to the application to be tested. A processor detects a modification to the probe input value at the instrumentation hook by comparing the probe input value at the instrumentation hook to a signature value and detecting that the probe input value matches the signature value. A processor removes the sink operation from testing for the security vulnerability.Type: ApplicationFiled: June 26, 2019Publication date: October 17, 2019Inventors: Roee Hay, Omer Tripp
-
Publication number: 20190294760Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: ApplicationFiled: June 10, 2019Publication date: September 26, 2019Inventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Patent number: 10380006Abstract: In an approach for testing an application for a security vulnerability, a processor inserts an instrumentation hook in the application to be tested, wherein the instrumentation hook is executed prior to a sink operation. A processor transmits a probe input value to the application to be tested. A processor detects a modification to the probe input value at the instrumentation hook by comparing the probe input value at the instrumentation hook to a signature value and detecting that the probe input value matches the signature value. A processor removes the sink operation from testing for the security vulnerability.Type: GrantFiled: June 5, 2015Date of Patent: August 13, 2019Assignee: International Business Machines CorporationInventors: Roee Hay, Omer Tripp
-
Publication number: 20190236269Abstract: In some examples, a system for detecting a third party software element can include a processor to generate a software element signature for each software element detected in a plurality of applications in a repository. The processor can also detect third party software elements by identifying software elements that are included in a number of the plurality of applications that exceeds a threshold value. Additionally, the processor can generate a test signature corresponding to at least one software element in an application to be tested and compare the test signature to each of the software element signatures corresponding to the third party software elements. Furthermore, the processor can detect that the test signature matches at least one of the third party software elements with a security vulnerability and modify the application to be tested to prevent execution of the at least one software element corresponding to the test signature.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventor: ROEE HAY
-
Patent number: 10366213Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: GrantFiled: February 9, 2016Date of Patent: July 30, 2019Assignee: International Business Machines CorporationInventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Publication number: 20190215333Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: March 14, 2019Publication date: July 11, 2019Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10305903Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: August 27, 2018Date of Patent: May 28, 2019Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20190156028Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.Type: ApplicationFiled: November 21, 2017Publication date: May 23, 2019Inventors: Roee Hay, Marco Pistoia, Omer Tripp