公开(公告)号：US20180041546A1

公开(公告)日：2018-02-08

申请号：US15231488

申请日：2016-08-08

Applicant: SAP SE

Inventor： Laurent Gomez ,  Jose Marquez ,  Cedric Hebert

IPC: H04L29/06

CPC classification number: H04L63/205 ,  H04L63/105 ,  H04L63/20

Abstract: Embodiments are configured for automating security design in IoT systems. The achievable security level for any given IoT system may be assessed based on the capabilities of each of the entities involved in its data path to generate a set of security policies for the IoT system. The capabilities of each entity involved in the IoT data path can be evaluated together with the capabilities of the communication links between entities. Based on these capabilities and user security preferences, the security policies can be generated to achieve a target level security. Based on this approach, security designs of IoT architectures can be developed through automated information collection.

公开(公告)号：US20170169217A1

公开(公告)日：2017-06-15

申请号：US14966885

申请日：2015-12-11

Applicant: SAP SE

Inventor： Mohammad Ashiqur Rahaman ,  Cedric Hebert ,  Juergen Frank

IPC: G06F21/55 ,  G06N99/00 ,  G06F21/56 ,  G06N5/04

CPC classification number: G06F21/554 ,  G06F21/566 ,  G06F2221/034 ,  G06N5/047 ,  G06N99/005

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.

公开(公告)号：US11729213B2

公开(公告)日：2023-08-15

申请号：US17062903

申请日：2020-10-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira ,  Rocio Cabrera Lozoya ,  Aicha Mhedhbi

IPC: H04L9/40 ,  G06F9/54 ,  H04L67/133

CPC classification number: H04L63/1491 ,  G06F9/547 ,  H04L63/1416 ,  H04L67/133

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

公开(公告)号：US11483346B2

公开(公告)日：2022-10-25

申请号：US16884521

申请日：2020-05-27

Applicant: SAP SE

Inventor： Anderson Santana De Oliveira ,  Cedric Hebert ,  Merve Sahin

IPC: H04L9/40 ,  G06K9/62

Abstract: Disclosed herein are method, system, and computer-readable storage medium embodiments for reinforcement learning applied to application responses using deception technology. An embodiment includes configuring at least one computer processor to perform operations that include detecting an unauthorized access attempt associated with an attacker, and recording an input log that includes inputs received from the attacker. An embodiment may further include operations of generating a state representation corresponding to an execution state of at least one software application, computing one or more predicted inputs, based at least in part on the input log and the state representation, and modifying, via at least one software agent, the execution state of at least the software application, based at least in part on the one or more predicted input. Types of attacks (unauthorized access attempts) may include cross-site scripting, cross-site request forgery, SQL injection, code injection, brute-force attack, buffer-overflow attack, or a combination thereof.

公开(公告)号：US20210377307A1

公开(公告)日：2021-12-02

申请号：US16884521

申请日：2020-05-27

Applicant: SAP SE

Inventor： Anderson Santana De Oliveira ,  Cedric Hebert ,  Merve Sahin

IPC: H04L29/06 ,  G06K9/62

Abstract: Disclosed herein are method, system, and computer-readable storage medium embodiments for reinforcement learning applied to application responses using deception technology. An embodiment includes configuring at least one computer processor to perform operations that include detecting an unauthorized access attempt associated with an attacker, and recording an input log that includes inputs received from the attacker. An embodiment may further include operations of generating a state representation corresponding to an execution state of at least one software application, computing one or more predicted inputs, based at least in part on the input log and the state representation, and modifying, via at least one software agent, the execution state of at least the software application, based at least in part on the one or more predicted input. Types of attacks (unauthorized access attempts) may include cross-site scripting, cross-site request forgery, SQL injection, code injection, brute-force attack, buffer-overflow attack, or a combination thereof.

公开(公告)号：US20210157917A1

公开(公告)日：2021-05-27

申请号：US16696594

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/54 ,  G06F8/65

Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.

公开(公告)号：US11010385B2

公开(公告)日：2021-05-18

申请号：US16598473

申请日：2019-10-10

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: G06F16/242 ,  G06F16/2453 ,  G06F16/248 ,  G06F21/62 ,  G06F40/221

Abstract: Systems, methods, and computer media for securing data accessible through software applications are provided herein. By capturing path data such as returned results for a query and displayed results provided by an application (e.g., to or by a web browser) for an operation, it can be determined if the query returned more data than was needed for what was displayed. The query can be refined to limit the data returned and reduce the security risk of such over-provisioning of data.

公开(公告)号：US10789159B2

公开(公告)日：2020-09-29

申请号：US16211126

申请日：2018-12-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Henrik Plate

IPC: G06F11/36 ,  G06F9/44 ,  G06F11/00 ,  G06F21/14 ,  G06F8/30 ,  G06F21/54 ,  G06F8/10 ,  G06F8/20 ,  G06F21/55

Abstract: Systems and methods, as well as computing architecture for implementing the same, for decoy injection into an application. The systems and methods include splitting a standard test phase operation into two complementary phases, and add new unit tests to the process, dedicated to testing the proper coverage of the decoys and avoiding non-regression of the original code.

公开(公告)号：US09870207B2

公开(公告)日：2018-01-16

申请号：US14978725

申请日：2015-12-22

Applicant: SAP SE

Inventor： Elton Mathias ,  Gilles Montagnon ,  Wihem Arsac ,  Cedric Hebert ,  Jakub Sendor

IPC: G06F9/44 ,  G06F3/0484

CPC classification number: G06F8/36 ,  G06F8/71

Abstract: A component selector may select a first software component stored in a software component library in conjunction with a first annotation, the first annotation being linked to a second annotation of a second software component via a link. An evaluation engine may evaluate a property expressed by the first annotation relative to a requirement expressed by the second annotation, and thereby verify compliance of the first software component and the second software component for inclusion within a software application being developed. A component update monitor may re-verify the compliance, based on an update to at least one of the first software component and the second software component.

公开(公告)号：US11979395B2

公开(公告)日：2024-05-07

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/1416

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.