Patents by Inventor William W. Streilein
William W. Streilein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10778722Abstract: System and methods for communicating across a network comprise: a database containing high level security rules for the network; computing devices communicating on the network; a security rule translation module; event sensors configured to monitor and detect one or more events occurring on or relating to the network, and in response thereto, provide to the security rule translation module an indication of occurrence for each of the one or more security events. The security rule translation module may associate the security rules with the security events corresponding to the received indication, and produce a low-level security rule based on data from the high-level security rule and the received indication of occurrence of the security events. The system may also include switches coupled to receive the low-level security rules from the security rule translation module and enforce the low-level security rules on the network.Type: GrantFiled: November 8, 2016Date of Patent: September 15, 2020Assignee: Massachusetts Institute of TechnologyInventors: Thomas R. Hobson, William W. Streilein, Hamed Okhravi, Richard W. Skowyra, Kevin S. Bauer, Veer S. Dedhia, David O. Bigelow
-
Patent number: 10310991Abstract: A method for timely address space randomize includes loading a code region from a program binary to a first location within the address space, detecting, during execution of the program, an output-input call pair from the program and, in response to detecting the output-input call pair from the program: selecting a second location within the address space to move the code region to, determining memory locations of one or more references to the code region, updating the values of the references in memory based on the second location and using annotation information within the program binary, and moving the code region to the second location within the address space.Type: GrantFiled: August 11, 2016Date of Patent: June 4, 2019Assignee: Massachusetts Institute of TechnologyInventors: Hamed Okhravi, Thomas R. Hobson, David O. Bigelow, Robert Rudd, William W. Streilein
-
Patent number: 10268601Abstract: In a system executing a program, a method comprises detecting one or more input/output calls associated with the program and re-randomizing memory associated with the program in response to the one or more input/output calls. A related system is also described.Type: GrantFiled: June 17, 2016Date of Patent: April 23, 2019Assignee: Massachusetts Institute of TechnologyInventors: Hamed Okhravi, Thomas R. Hobson, David O. Bigelow, Robert Rudd, David M. Perry, Kristin S. Dahl, William W. Streilein
-
Publication number: 20180131720Abstract: System and methods for communicating across a network comprise: a database containing high level security rules for the network; computing devices communicating on the network; a security rule translation module; event sensors configured to monitor and detect one or more events occurring on or relating to the network, and in response thereto, provide to the security rule translation module an indication of occurrence for each of the one or more security events. The security rule translation module may associate the security rules with the security events corresponding to the received indication, and produce a low-level security rule based on data from the high-level security rule and the received indication of occurrence of the security events. The system may also include switches coupled to receive the low-level security rules from the security rule translation module and enforce the low-level security rules on the network.Type: ApplicationFiled: November 8, 2016Publication date: May 10, 2018Inventors: Thomas R. Hobson, William W. Streilein, Hamed Okhravi, Richard W. Skowyra, Kevin S. Bauer, Veer S. Dedhia, David O. Bigelow
-
Publication number: 20180046585Abstract: A method for timely address space randomize includes loading a code region from a program binary to a first location within the address space, detecting, during execution of the program, an output-input call pair from the program and, in response to detecting the output-input call pair from the program: selecting a second location within the address space to move the code region to, determining memory locations of one or more references to the code region, updating the values of the references in memory based on the second location and using annotation information within the program binary, and moving the code region to the second location within the address space.Type: ApplicationFiled: August 11, 2016Publication date: February 15, 2018Inventors: Hamed Okhravi, Thomas R. Hobson, David O. Bigelow, Robert Rudd, William W. Streilein
-
Publication number: 20170364452Abstract: In a system executing a program, a method comprises detecting one or more input/output calls associated with the program and re-randomizing memory associated with the program in response to the one or more input/output calls. A related system is also described.Type: ApplicationFiled: June 17, 2016Publication date: December 21, 2017Inventors: Hamed Okhravi, Thomas R. Hobson, David O. Bigelow, Robert Rudd, David M. Perry, Kristin S. Dahl, William W. Streilein
-
Patent number: 9712501Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.Type: GrantFiled: October 21, 2015Date of Patent: July 18, 2017Assignee: Massachusetts Institute of TechnologyInventors: Hamed Okhravi, Richard W. Skowyra, Kevin Bauer, William W. Streilein
-
Publication number: 20170118176Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.Type: ApplicationFiled: October 21, 2015Publication date: April 27, 2017Inventors: Hamed Okhravi, Richard W. Skowyra, Kevin Bauer, William W. Streilein