Patents by Inventor Ryan J. Berg
Ryan J. Berg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10460104Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A data collector intercepts a selection of first tier calls between the CPU and Kernel/OS and/or second tier calls between the Kernel/Operating System and the applications, and stores information pertaining thereof. An Analytic Engine maps the stored first and second tier call information to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the collector, the Kernel module, and the Analytic Engine.Type: GrantFiled: September 14, 2018Date of Patent: October 29, 2019Assignee: Alert Logic, Inc.Inventors: Ryan J. Berg, John J. Danahy, Kirk R. Swidowski, Stephen C. Carlucci, Christopher Baron
-
Patent number: 10198280Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.Type: GrantFiled: March 14, 2016Date of Patent: February 5, 2019Assignee: Barkly Protects, Inc.Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Publication number: 20190026462Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A data collector intercepts a selection of first tier calls between the CPU and Kernel/OS and/or second tier calls between the Kernel/Operating System and the applications, and stores information pertaining thereof. An Analytic Engine maps the stored first and second tier call information to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the collector, the Kernel module, and the Analytic Engine.Type: ApplicationFiled: September 14, 2018Publication date: January 24, 2019Applicant: Barkly Protects, Inc.Inventors: Ryan J. Berg, John J. Danahy, Kirk R. Swidowski, Stephen C. Carlucci, Christopher Baron
-
Patent number: 10078752Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A low-level data collector intercepts a selection of first tier calls between the CPU and Kernel/OS, and stores associated first tier call IDs. A Kernel module intercepts a selection of second tier calls between applications and the Kernel/OS, and stores associated second tier call IDs. An Analytic Engine maps the stored first and second tier call IDs to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the low-level collector, the Kernel module, and the Analytic Engine.Type: GrantFiled: December 23, 2017Date of Patent: September 18, 2018Assignee: BARKLY PROTECTS, INC.Inventors: Ryan J. Berg, John J. Danahy, Kirk R. Swidowski, Stephen C. Carlucci, Christopher Baron
-
Publication number: 20180189484Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A low-level data collector intercepts a selection of first tier calls between the CPU and Kernel/OS, and stores associated first tier call IDs. A Kernel module intercepts a selection of second tier calls between applications and the Kernel/OS, and stores associated second tier call IDs. An Analytic Engine maps the stored first and second tier call IDs to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the low-level collector, the Kernel module, and the Analytic Engine.Type: ApplicationFiled: December 23, 2017Publication date: July 5, 2018Applicant: Barkly Protects, Inc.Inventors: John J. Danahy, Ryan J. Berg, Kirk R. Swidowski, Stephen C. Carlucci, Christopher Baron
-
Patent number: 9977895Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A low-level data collector intercepts a selection of first tier calls between the CPU and Kernel/OS, and stores associated first tier call IDs. A Kernel module intercepts a selection of second tier calls between applications and the Kernel/OS, and stores associated second tier call IDs. An Analytic Engine maps the stored first and second tier call IDs to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the low-level collector, the Kernel module, and the Analytic Engine.Type: GrantFiled: March 27, 2015Date of Patent: May 22, 2018Assignee: Barkly Protects, Inc.Inventors: John J. Danahy, Ryan J. Berg, Kirk R. Swidowski, Stephen C. Carlucci
-
Patent number: 9733976Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured. Sysret monitoring means intercepts calls to a sysret instruction, executes sysret monitoring operations, and subsequently returns execution to an application running on the computer.Type: GrantFiled: October 3, 2016Date of Patent: August 15, 2017Assignee: Barkly Protects, Inc.Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Publication number: 20170168865Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.Type: ApplicationFiled: March 14, 2016Publication date: June 15, 2017Applicant: Barkly Protects, Inc.Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Publication number: 20170109189Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured. Sysret monitoring means intercepts calls to a sysret instruction, executes sysret monitoring operations, and subsequently returns execution to an application running on the computer.Type: ApplicationFiled: October 3, 2016Publication date: April 20, 2017Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Patent number: 9589132Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.Type: GrantFiled: April 11, 2016Date of Patent: March 7, 2017Assignee: Barkly Protects, Inc.Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Publication number: 20160224786Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.Type: ApplicationFiled: April 11, 2016Publication date: August 4, 2016Applicant: Barkly Protects, Inc.Inventors: Kirk R. Swidowski, Ryan J. Berg, Stephen C. Carlucci, John J. Danahy
-
Publication number: 20150281267Abstract: A security system and method secures and responds to security threats in a computer having a CPU, a Kernel/OS, and software applications. A low-level data collector intercepts a selection of first tier calls between the CPU and Kernel/OS, and stores associated first tier call IDs. A Kernel module intercepts a selection of second tier calls between applications and the Kernel/OS, and stores associated second tier call IDs. An Analytic Engine maps the stored first and second tier call IDs to a rulebase containing patterns of security threats, to generate a threat analysis, and then responds to the threat analysis. The Analytic Engine enlarges or contracts the selection of first and second tier calls to increase or decrease specificity of the threat analysis. A Management Module generates user interfaces accessible remotely by a user device, to update the rulebase and configure the low-level collector, the Kernel module, and the Analytic Engine.Type: ApplicationFiled: March 27, 2015Publication date: October 1, 2015Applicant: CYLENT SYSTEMS, INC.Inventors: John J. Danahy, Ryan J. Berg, Kirk R. Swidowski, Stephen C. Carlucci
-
Publication number: 20150205962Abstract: A system and method detects the existence of malicious software on a local host by analysis of software process behavior including user input events and system events. A user validation engine provides user notification. In-VM operating system monitors capture events handled by the OS, capture user input from the HMI devices, and capture system events from applications executed by the processor at hardware, kernel and/or API levels. The In-VM operating system monitors also pass captured user input and system events to the user validation engine for analysis. The user validation engine identifies legitimate user events as those that move from the hardware level upward to pre-selected applications, identifies illegitimate user events as those that start at the kernel and/or API levels, and approves communication for legitimate events while denying communication for illegitimate events.Type: ApplicationFiled: January 21, 2015Publication date: July 23, 2015Applicant: CYLENT SYSTEMS, INC.Inventors: Kirk R. Swidowski, Kara A. Zaffarano, Jason M. Syversen, Joseph J. Sharkey, John J. Danahy, Ryan J. Berg
-
Patent number: 8701186Abstract: Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration.Type: GrantFiled: March 14, 2013Date of Patent: April 15, 2014Assignee: International Business Machines CorporationInventors: Ryan J. Berg, Marco Pistoia, Takaaki Tateishi, Stephen D. Teilhet, Omer Tripp
-
Patent number: 8667584Abstract: Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration.Type: GrantFiled: December 15, 2010Date of Patent: March 4, 2014Assignee: International Business Machines CorporationInventors: Ryan J. Berg, Marco Pistoia, Takaaki Tateishi, Stephen D. Teilhet, Omer Tripp
-
Publication number: 20120159619Abstract: Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration.Type: ApplicationFiled: December 15, 2010Publication date: June 21, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ryan J. Berg, Marco Pistoia, Takaaki Tateishi, Stephen D. Teilhet, Omer Tripp
-
Patent number: 8156483Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.Type: GrantFiled: June 27, 2008Date of Patent: April 10, 2012Assignee: International Business Machines CorporationInventors: Ryan J. Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
-
Patent number: 7398517Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.Type: GrantFiled: June 13, 2007Date of Patent: July 8, 2008Assignee: Ounce Labs, Inc.Inventors: Ryan J. Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
-
Publication number: 20010044904Abstract: A remote communication mechanism is provided for creating a secured channel for direct interaction with kernel-level components, such as device drivers, of designated systems. By connecting directly to managed kernel-level devices, as opposed to connecting to user space software which then connects to these devices, management of those resources is simplified, better secured, and partitioned from general system administration utilities and configuration.Type: ApplicationFiled: February 15, 2001Publication date: November 22, 2001Inventors: Ryan J. Berg, John J. Danahy, Lawrence J. Rose