ALLOWABILITY NOTICE
Claims 1, 3-8, 10-15 and 17-20 are pending in this action.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Edward Steakley on 4/27/2022.

The claims are amended as follows:

1. (Currently Amended) A computer-implemented method, comprising: 
receiving a pre-attack state of a first instance of an application in response to an action by an attack source; 
selecting one or more security hardening passes to be applied to the pre-attack state; and 
sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state, 
wherein selecting one or more security hardening passes to be applied to the pre-attack state comprises: 
selecting a first security hardening pass associated with a first type of program efficiency benchmark; 
applying the first security hardening pass to the pre-attack state; and 
validating the pre-attack state with the first security hardening pass satisfies a first application performance threshold that corresponds with the first type of program efficiency benchmark.

2. (Cancelled).

3. (Currently Amended) The computer-implemented method of claim [[2]] 1, further comprising: 
based on satisfying the first application performance threshold:
selecting a second security hardening passes associated with a second type of program efficiency benchmark, the second type of program efficiency benchmark being different than the first type of program efficiency benchmark; 
applying the second security hardening pass to the pre-attack state with the first security hardening pass; and 
validating the pre-attack state with the first and second security hardening passes satisfies a second application performance threshold that corresponds with the first and the second types of program efficiency benchmarks.

4. (Original) The computer-implemented method of claim 1, wherein receiving a pre-attack state of a first instance of an application in response to an action by an attack source comprises: 
receiving an indication of a detected memory access violation of memory used by a first process for the first instance of the application.

5. (Original) The computer-implemented method of claim 4, wherein receiving an indication of a detected memory access violation of memory used by a first process comprises: 
receiving an indication of a detected memory access violation of diversified memory used by the first process, the memory access violation detected by a parent process of the first process.

6. (Original) The computer-implemented method of claim 5, wherein a second process for the second instance of the application running at the pre-attack state comprises a child process of the parent process; and 
wherein sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state comprises: 
sending the identification of the selected security hardening passes to be applied to the second process by the parent process, the second process running idle at the pre-attack state while the first process fails due to the attack source.

7. (Original) The computer-implemented method of claim 5, wherein the parent process diversified the memory used by the first process prior to the memory access violation.

8. (Currently Amended) A system comprising one or more processors, and a non-transitory computer-readable medium including one or more sequences of instructions that, when executed by the one or more processors, cause the system to perform operations comprising: 
receiving a pre-attack state of a first instance of an application in response to an action by an attack source; 
selecting one or more security hardening passes to be applied to the pre-attack state; and 
sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state, 
wherein selecting one or more security hardening passes to be applied to the pre-attack state comprises: 
selecting a first security hardening pass associated with a first type of program efficiency benchmark; 
applying the first security hardening pass to the pre-attack state; and 
validating the pre-attack state with the first security hardening pass satisfies a first application performance threshold that corresponds with the first type of program efficiency benchmark.

9. (Cancelled).

10. (Currently Amended) The system of claim [[9]] 8, further comprising: 
based on satisfying the first application performance threshold: 
selecting a second security hardening passes associated with a second type of program efficiency benchmark, the second type of program efficiency benchmark being different than the first type of program efficiency benchmark; 
applying the second security hardening pass to the pre-attack state with the first security hardening pass; and 
validating the pre-attack state with the first and second security hardening passes satisfies a second application performance threshold that corresponds with the first and the second types of program efficiency benchmarks.

11. (Original) The system of claim 8, wherein receiving a pre-attack state of a first instance of an application in response to an action by an attack source comprises: 
receiving an indication of a detected memory access violation of memory used by a first process for the first instance of the application.

12. (Original) The system of claim 11, wherein receiving an indication of a detected memory access violation of memory used by a first process comprises: 
receiving an indication of a detected memory access violation of diversified memory used by the first process, the memory access violation detected by a parent process of the first process.

13. (Original) The system of claim 12, wherein a second process for the second instance of the application running at the pre-attack state comprises a child process of the parent process; and 
wherein sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state comprises: 
sending the identification of the selected security hardening passes to be applied to the second process by the parent process, the second process running idle at the pre-attack state while the first process fails due to the attack source.

14. (Original) The system of claim 12, wherein the parent process diversified the memory used by the first process prior to the memory access violation.

15. (Currently Amended) A computer program product comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code including instructions to: 
receiving a pre-attack state of a first instance of an application in response to an action by an attack source; 
selecting one or more security hardening passes to be applied to the pre-attack state; and 
sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state, 
wherein selecting one or more security hardening passes to be applied to the pre-attack state comprises: 
selecting a first security hardening pass associated with a first type of program efficiency benchmark; 
applying the first security hardening pass to the pre-attack state; and 
validating the pre-attack state with the first security hardening pass satisfies a first application performance threshold that corresponds with the first type of program efficiency benchmark.

16. (Cancelled).

17. (Currently Amended) The computer program product of claim [[16]] 15, further comprising: 
based on satisfying the first application performance threshold: 
selecting a second security hardening passes associated with a second type of program efficiency benchmark, the second type of program efficiency benchmark being different than the first type of program efficiency benchmark; 
applying the second security hardening pass to the pre-attack state with the first security hardening pass; and 
validating the pre-attack state with the first and second security hardening passes satisfies a second application performance threshold that corresponds with the first and the second types of program efficiency benchmarks.

18. (Original) The computer program product of claim 15, wherein receiving a pre-attack state of a first instance of an application in response to an action by an attack source comprises: 
receiving an indication of a detected memory access violation of memory used by a first process for the first instance of the application.

19. (Original) The computer program product of claim 18, wherein receiving an indication of a detected memory access violation of memory used by a first process comprises: 
receiving an indication of a detected memory access violation of diversified memory used by the first process, the memory access violation detected by a parent process of the first process.

20. (Original) The computer program product of claim 19, wherein a second process for the second instance of the application running at the pre-attack state comprises a child process of the parent process; and 
wherein sending an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state comprises: 
sending the identification of the selected security hardening passes to be applied to the second process by the parent process, the second process running idle at the pre-attack state while the first process fails due to the attack source, wherein the parent process diversified the memory used by the first process prior to the memory access violation.



Reasons for Allowance
Claims 1, 3-8, 10-15 and 17-20 are allowed.

The following is an examiner’s statement of reasons for allowance:  The cited prior art references, Hornbeck (US Patent No. 11,216,265), Wade et al. (US PGPUB No. 2021/0306340), Cohen et al. (EP 3885951 A1), Barraza et al. (US PGPUB No. 2021/0126779), Hua et al. (CN 112559983 A), Gazit et al. (US PGPUB No. 2021/0075794), Korotaev (US PGPUB No. 2021/0026949), Wu (CN 109729180 A), Araujo et al. (US PGPUB No. 2019/0068640), Kirillov et al. (US PGPUB No. 2014/0095883), Liu et al. (CN 102184360 A), Sidiroglou et al. (CA 2626993 A1), Rose et al. ("System Hardening for Infrastructure as a Service (IaaS)," 2020 IEEE Systems Security Symposium (SSS), 2020, pp. 1-7, doi: 10.1109/SSS47320.2020.9174202), Stuckman et al. ("A testbed for the evaluation of web intrusion prevention systems," 2011 Third International Workshop on Security Measurements and Metrics, 2011, pp. 66-75, doi: 10.1109/Metrisec.2011.14), Alomari et al. ("An Autonomic Framework for Integrating Security and Quality of Service Support in Databases," 2012 IEEE Sixth International Conference on Software Security and Reliability, 2012, pp. 51-60, doi: 10.1109/SERE.2012.15), Vasileios et al. ("Interoperability of security and quality of Service Policies Over Tactical SOA," 2016 IEEE Symposium Series on Computational Intelligence (SSCI), 2016, pp. 1-7, doi: 10.1109/SSCI.2016.7850077), Carelli et al. ("Performance Monitor Counters: Interplay Between Safety and Security in Complex Cyber-Physical Systems," in IEEE Transactions on Device and Materials Reliability, vol. 19, no. 1, pp. 73-83, March 2019, doi: 10.1109/TDMR.2019.2898882), do not alone or in combination teach the recited features of independent claims 1, 8 and 15. For example, the claimed invention applies the hardening pass to the “pre-attack state” of the application. Similarly validation of the performance benchmark is performed on the pre-attack state. These features along with the other recited features of independent claims 1, 8 and 15 and its claims make the claimed inventions allowable over the prior arts of record.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is 571-270-7179.  Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        May 17, 2022