David C Toll

Author:

David W. Toll

ISBN #:

0874170451

US Patent:

6430561, Aug 6, 2002

Filed:

Oct 29, 1999

Appl. No.:

09/429963

Inventors:

Vernon Ralph Austel - Cortlandt Manor NY
Paul Ashley Karger - Chappaqua NY
David Claude Toll - Wappingers Falls NY

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1730

US Classification:

707 9, 713200, 713201

Abstract:

Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function. The respective access classes of the target file, target program, and accessing program are compared.

US Patent:

7496616, Feb 24, 2009

Filed:

Nov 12, 2004

Appl. No.:

10/987640

Inventors:

Suresh Narayana Chari - Scarsdale NY, US
Vincenzo Valentino Diluoffo - Sandy Hook CT, US
Paul Ashley Karger - Chappaqua NY, US
Elaine Rivette Palmer - Goldens Bridge NY, US
Tal Rabin - Riverdale NY, US
Josyula Ramachandra Rao - Briarcliff Manor NY, US
Pankaj Rohatgi - New Rochelle NY, US
Helmut Scherzer - Tuebingen, DE
Michael Steiner - New York NY, US
David Claude Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1/02

US Classification:

708250, 708254, 708255, 380 46

Abstract:

A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

US Patent:

7861305, Dec 28, 2010

Filed:

Feb 7, 2007

Appl. No.:

11/672288

Inventors:

Suzanne McIntosh - Clifton NJ, US
Daniel Brand - Millwood NY, US
Matthew Kaplan - New York NY, US
Paul A. Karger - Chappaqua NY, US
Michael G. McIntosh - Clifton NJ, US
Elaine R. Palmer - Golden Bridges NY, US
Amitkumar M. Paradkar - Mohegan Lake NY, US
David Toll - Wappingers Falls NY, US
Samuel M. Weber - New York NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 12/14

US Classification:

726 24, 713187, 713188

Abstract:

A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow.

US Patent:

8135766, Mar 13, 2012

Filed:

Jun 2, 2008

Appl. No.:

12/131201

Inventors:

Suresh Narayana Chari - Scarsdale NY, US
Vincenzo Valentino Diluoffo - Sandy Hook CT, US
Paul Ashley Karger - Chappaqua NY, US
Elaine Rivette Palmer - Goldens Bridge NY, US
Tal Rabin - Riverdale NY, US
Josyula Ramachandra Rao - Briarcliff Manor NY, US
Pankaj Rohatgi - New Rochelle NY, US
Helmut Scherzer - Tuebingen, DE
Michael Steiner - New York NY, US
David Claude Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/58

US Classification:

708254, 708250, 708255

Abstract:

A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

US Patent:

8135937, Mar 13, 2012

Filed:

Nov 17, 2008

Appl. No.:

12/272261

Inventors:

William E. Hall - Clinton CT, US
Guerney D. H. Hunt - Yorktown Heights NY, US
Paul A. Karger - Chappaqua NY, US
Mark F. Mergen - Mount Kisco NY, US
David R. Safford - Brewster NY, US
David C. Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 12/00
G06F 13/00
G06F 13/28
G06F 9/46
G06F 9/26
G06F 9/34

US Classification:

711203, 711 6, 718104

Abstract:

A mechanism is provided, in a data processing system, for accessing memory based on an effective address submitted by a process of a partition. The mechanism may translate the effective address into a virtual address using a segment look-aside buffer. The mechanism may further translate the virtual address into a partition real address using a page table. Moreover, the mechanism may translate the partition real address into a system real address using a logical partition real memory map for the partition. The system real address may then be used to access the memory.

US Patent:

8286164, Oct 9, 2012

Filed:

Aug 7, 2009

Appl. No.:

12/537808

Inventors:

William E. Hall - Clinton CT, US
Guerney D. H. Hunt - Yorktown Heights NY, US
Paul A. Karger - Chappaqua NY, US
Suzanne K. McIntosh - Clifton NJ, US
Mark F. Mergen - Mount Kisco NY, US
David R. Safford - Brewster NY, US
David C. Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 9/455
G06F 21/00

US Classification:

718 1, 711 6

Abstract:

A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.

US Patent:

20100088739, Apr 8, 2010

Filed:

Oct 6, 2008

Appl. No.:

12/245964

Inventors:

William E. Hall - Clinton CT, US
Guerney D. H. Hunt - Yorktown Heights NY, US
Paul A. Karger - Chappaqua NY, US
Mark F. Mergen - Mount Kisco NY, US
David R. Safford - Brewster NY, US
David C Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 12/14
G06F 21/00

US Classification:

726 1, 711163

Abstract:

Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.

US Patent:

20100125915, May 20, 2010

Filed:

Nov 17, 2008

Appl. No.:

12/272217

Inventors:

William E. Hall - Clinton CT, US
Guerney D.H. Hunt - Yorktown Heights NY, US
Paul A. Karger - Chappaqua NY, US
Mark F. Mergen - Mount Kisco NY, US
David R. Safford - Brewster NY, US
David C. Toll - Wappingers Falls NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 21/00

US Classification:

726 26

Abstract:

A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.