Patents by Inventor Yousef Shajrawi
Yousef Shajrawi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10152592Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: GrantFiled: December 11, 2015Date of Patent: December 11, 2018Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Yousef Shajrawi
-
Patent number: 9734329Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: GrantFiled: April 19, 2016Date of Patent: August 15, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170169216Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.Type: ApplicationFiled: December 11, 2015Publication date: June 15, 2017Inventors: Omer Y. Boehm, Yousef Shajrawi
-
Patent number: 9665717Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: GrantFiled: September 13, 2016Date of Patent: May 30, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9665710Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: GrantFiled: September 14, 2016Date of Patent: May 30, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091449Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: ApplicationFiled: April 19, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091456Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: ApplicationFiled: September 13, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Publication number: 20170091447Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.Type: ApplicationFiled: September 14, 2016Publication date: March 30, 2017Inventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9576138Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.Type: GrantFiled: September 30, 2015Date of Patent: February 21, 2017Assignee: International Business Machines CorporationInventors: Omer Y. Boehm, Eitan D. Farchi, Oded Margalit, Yousef Shajrawi, Michael Vinov
-
Patent number: 9367424Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.Type: GrantFiled: March 13, 2014Date of Patent: June 14, 2016Assignee: International Business Machines CorporationInventors: Omer Y Boehm, Anat Hashavit, Roy Levin, Yousef Shajrawi
-
Publication number: 20150261649Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.Type: ApplicationFiled: March 13, 2014Publication date: September 17, 2015Applicant: International Business Machines CorporationInventors: Omer Y. Boehm, Anat Hashavit, Roy Levin, Yousef Shajrawi
-
Patent number: 8612952Abstract: Detecting optimization opportunities is enabled by utilizing a trace of a target concurrent computer program and determining a relation between data objects accessed during the tracked execution. The relation may be stored in a Temporal Relation Graph (TRG), in an extended-TRG or another data structure. The relation may be affected by temporally-adjacent accesses to data objects. The relation may further be affected by accesses to data objects performed during critical sections of the target program.Type: GrantFiled: April 7, 2010Date of Patent: December 17, 2013Assignee: International Business Machines CorporationInventors: Rachel Tzoref, Moshe Klausner, Aharon Kupershtok, Yousef Shajrawi, Yaakov Yaari
-
Patent number: 8479055Abstract: Systems and methods for cache optimization are provided. The method comprises tracing objects instantiated during execution of a program code under test according to type of access by one or more threads running in parallel, wherein said tracing provides information about order in which different instances of one or more objects are accessed by said one or more threads and whether the type of access is a read operation or a write operation; and utilizing tracing information to build a temporal relationship graph (TRG) for the accessed objects, wherein the objects are represented by nodes in the TRG and at least two types of edges for connecting the nodes are defined.Type: GrantFiled: May 16, 2010Date of Patent: July 2, 2013Assignee: International Business Machines CorporationInventors: Daniel Citron, Moshe Klausner, Aharon Kupershtok, Yousef Shajrawi, Yaakov Yaari
-
Publication number: 20130031537Abstract: Systems, methods and products for code optimization are provided. In one embodiment, the method comprises dividing a target code into basic blocks; analyzing traversed execution paths between the basic blocks during multiple executions of the target code to determine a frequency with which the execution path between two or more basic blocks are traversed; and determining whether code optimization may be achieved by identifying execution paths that have been traversed subject to one or more threshold levels.Type: ApplicationFiled: July 28, 2011Publication date: January 31, 2013Applicant: International Business Machines CorporationInventors: Omer Yehuda Boehm, Gad Haber, Yousef Shajrawi
-
Publication number: 20110283152Abstract: Systems and methods for cache optimization are provided. The method comprises tracing objects instantiated during execution of a program code under test according to type of access by one or more threads running in parallel, wherein said tracing provides information about order in which different instances of one or more objects are accessed by said one or more threads and whether the type of access is a read operation or a write operation; and utilizing tracing information to build a temporal relationship graph (TRG) for the accessed objects, wherein the objects are represented by nodes in the TRG and at least two types of edges for connecting the nodes are defined.Type: ApplicationFiled: May 16, 2010Publication date: November 17, 2011Applicant: International Business Machines CorporationInventors: Daniel Citron, Moshe Klausner, Aharon Kupershtok, Yousef Shajrawi, Yaakov Yaari
-
Publication number: 20110252408Abstract: Detecting optimization opportunities is enabled by utilizing a trace of a target concurrent computer program and determining a relation between data objects accessed during the tracked execution. The relation may be stored in a Temporal Relation Graph (TRG), in an extended-TRG or another data structure. The relation may be affected by temporally-adjacent accesses to data objects. The relation may further be affected by accesses to data objects performed during critical sections of the target program.Type: ApplicationFiled: April 7, 2010Publication date: October 13, 2011Applicant: International Business Machines CorporationInventors: Rachel Tzoref, Moshe Klausner, Roni Kupershtok, Yousef Shajrawi, Yaakov Yaari
-
Publication number: 20110078424Abstract: A method for optimizing program code is provided. The method comprises detecting a branch instruction comprising a condition expression, wherein the branch instruction, when executed by a processor, causes the processor to execute either a first set of instructions or a second set of instructions according to a value of the condition expression; and replacing the branch instruction with a third set of instructions that are non-branching, wherein the third set of instructions, when executed by a processor, has a collective effect same as if either the first or second set of instructions were executed according to the value of the condition expression. The third set of instructions comprises a negation instruction to normalize the value of the condition expression.Type: ApplicationFiled: September 30, 2009Publication date: March 31, 2011Applicant: International Business Machines CorporationInventors: Omer Yehuda Boehm, Gad Haber, Yousef Shajrawi