公开(公告)号：US10607003B2

公开(公告)日：2020-03-31

申请号：US15636703

申请日：2017-06-29

Applicant: International Business Machines Corporation

Inventor： Nitzan Peleg

IPC: G06F9/30 ,  G06F21/54 ,  G06F21/56 ,  G06F21/52 ,  G06F11/30 ,  G06F21/55 ,  G06F11/34 ,  G06F12/0846

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

公开(公告)号：US10210328B2

公开(公告)日：2019-02-19

申请号：US15848636

申请日：2017-12-20

Applicant: International Business Machines Corporation

Inventor： Nitzan Peleg

IPC: G06F9/30 ,  G06F21/54 ,  G06F21/56 ,  G06F12/0846 ,  G06F11/34 ,  G06F21/55 ,  G06F11/30

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

公开(公告)号：US20170060721A1

公开(公告)日：2017-03-02

申请号：US14918692

申请日：2015-10-21

Applicant: International Business Machines Corporation

Inventor： Moshe Klausner ,  Nitzan Peleg

IPC: G06F11/34 ,  G06F11/30 ,  G06F9/30

CPC classification number: G06F11/3495 ,  G06F9/30145 ,  G06F9/3853 ,  G06F9/3857 ,  G06F11/302 ,  G06F11/3409 ,  G06F11/3466 ,  G06F2201/86 ,  G06F2201/865

Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.

公开(公告)号：US20190005230A1

公开(公告)日：2019-01-03

申请号：US15636703

申请日：2017-06-29

Applicant: International Business Machines Corporation

Inventor： Nitzan Peleg

IPC: G06F21/54 ,  G06F21/56

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

公开(公告)号：US20170185775A1

公开(公告)日：2017-06-29

申请号：US14980045

申请日：2015-12-28

Applicant: International Business Machines Corporation

Inventor： Omer Y. Boehm ,  Nitzan Peleg

IPC: G06F21/56 ,  G06F21/52

CPC classification number: G06F21/566 ,  G06F21/52 ,  G06F2221/033

Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.

公开(公告)号：US20210042631A1

公开(公告)日：2021-02-11

申请号：US16532519

申请日：2019-08-06

Applicant: International Business Machines Corporation

Inventor： Oleg Blinder ,  Nitzan Peleg ,  Omri Soceanu

IPC: G06N5/02 ,  G06N5/00

Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.

公开(公告)号：US10831474B2

公开(公告)日：2020-11-10

申请号：US15898891

申请日：2018-02-19

Applicant: International Business Machines Corporation

Inventor： Alain C. Azagury ,  Ilsiyar I. Gaynutdinov ,  Erez Hadad ,  Sadek Jbara ,  Igor Khapov ,  Alexey Miroshkin ,  Nitzan Peleg ,  Indrajit Poddar ,  Michael Rodeh

IPC: G06F8/76 ,  G06F9/30 ,  G06F8/52

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.

公开(公告)号：US20180260559A1

公开(公告)日：2018-09-13

申请号：US15974749

申请日：2018-05-09

Applicant: International Business Machines Corporation

Inventor： AYMAN JARROUS ,  Dov Murik ,  Omer-Yehuda Boehm ,  Nitzan Peleg

IPC: G06F21/54 ,  G06F9/455 ,  G06F8/41 ,  G06F8/54 ,  G06F9/445

CPC classification number: G06F21/54 ,  G06F8/433 ,  G06F8/447 ,  G06F8/54 ,  G06F9/44521 ,  G06F9/45516 ,  G06F9/4552 ,  G06F2221/033

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

公开(公告)号：US10007787B2

公开(公告)日：2018-06-26

申请号：US14980045

申请日：2015-12-28

Applicant: International Business Machines Corporation

Inventor： Omer Y. Boehm ,  Nitzan Peleg

IPC: G06F21/52 ,  G06F21/55 ,  G06F21/56

CPC classification number: G06F21/566 ,  G06F21/52 ,  G06F2221/033

Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.

公开(公告)号：US09928062B2

公开(公告)日：2018-03-27

申请号：US15060750

申请日：2016-03-04

Applicant: International Business Machines Corporation

Inventor： Alain C. Azagury ,  Ilsiyar I. Gaynutdinov ,  Erez Hadad ,  Sadek Jbara ,  Igor Khapov ,  Alexey Miroshkin ,  Nitzan Peleg ,  Indrajit Poddar ,  Michael Rodeh

IPC: G06F8/76 ,  G06F9/44 ,  G06F9/30

CPC classification number: G06F8/76 ,  G06F8/52 ,  G06F9/30145 ,  G06F9/30181

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.