Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2011-07-05
2011-07-05
Vu, Kimyen (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S003000, C726S022000, C713S188000
Reexamination Certificate
active
07975306
ABSTRACT:
A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. The executable instructions perform a security audit of program instructions. Based upon the security audit, sensors are inserted into the program instructions. The program instructions are executable and the sensors generate a stream of security events. The stream of security events is monitored and security performance results are reported.
REFERENCES:
patent: 4667290 (1987-05-01), Goss et al.
patent: 5339238 (1994-08-01), Benson
patent: 5414853 (1995-05-01), Fertig et al.
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5502815 (1996-03-01), Cozza
patent: 5613117 (1997-03-01), Davidson et al.
patent: 5657483 (1997-08-01), Kardach et al.
patent: 5699507 (1997-12-01), Goodnow et al.
patent: 6408382 (2002-06-01), Pechanek et al.
patent: 6487701 (2002-11-01), Dean et al.
patent: 6647400 (2003-11-01), Moran
patent: 6687873 (2004-02-01), Ballantyne et al.
patent: 6907430 (2005-06-01), Chong et al.
patent: 7058925 (2006-06-01), Ball et al.
patent: 7093239 (2006-08-01), Van der Made
patent: 7272821 (2007-09-01), Chittar et al.
patent: 7284274 (2007-10-01), Walls et al.
patent: 7478365 (2009-01-01), West et al.
patent: 7483972 (2009-01-01), Bhattacharya et al.
patent: 2001/0027383 (2001-10-01), Maliszewski
patent: 2002/0066024 (2002-05-01), Schmall et al.
patent: 2002/0073330 (2002-06-01), Chandnani et al.
patent: 2003/0120951 (2003-06-01), Gartside et al.
patent: 2003/0159063 (2003-08-01), Apfelbaum et al.
patent: 2004/0111713 (2004-06-01), Rioux
patent: 2004/0128584 (2004-07-01), Mandava et al.
patent: 2004/0133777 (2004-07-01), Kiriansky et al.
patent: 2004/0255163 (2004-12-01), Swimmer et al.
patent: 2004/0255277 (2004-12-01), Berg et al.
patent: 2004/0260940 (2004-12-01), Berg et al.
patent: 2004/0268307 (2004-12-01), Plesko
patent: 2004/0268322 (2004-12-01), Chow et al.
patent: 2005/0010806 (2005-01-01), Berg et al.
patent: 2005/0010896 (2005-01-01), Meliksetian et al.
patent: 2005/0015752 (2005-01-01), Alpern et al.
patent: 2005/0028002 (2005-02-01), Christodorescu et al.
patent: 2005/0273860 (2005-12-01), Chess et al.
patent: 2006/0178941 (2006-08-01), Purnell, III
http://java.sun.com/docs/books/jls/second—edition/html/expressions.doc.html#20448 “Publication date unknown, but prior to Dec. 10, 2004.”
http://java.sun.com/products/ejb/docs.html “Publication date unknown, but prior to Dec. 10, 2004.”
http://java.sun.com/products/jdbc/reference/index.html “Publication date unknown, but prior to Dec. 10, 2004.”
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/reflect/package-sumnary.html “Publication date unknown, but prior to Dec. 10, 2004.”
http://java.sun.com/j2se/1.4.2/docs/api/java/rmi/package-summary.html “Publication date unknown, but prior to Dec. 10, 2004.”
Ashcraft et al., “Using Programmer-Written Compiler Extensions to Catch Security Holes,” IEEE Symposium on Security and Privacy (2002), 17 pages.
Bush, et al. “A Static Analyzer for Finding Dynamic Programming Errors,” Software: Practice and Experience,30 (7):775-802 (2000), 24 pages.
Chess, “Improving Computer Security using Extended Static Checking,” IEEE Symposium on Security and Privacy (May 2002), 14 pages.
Leino et al., “Checking Java Programs Via Guarded Commands,”Technical Report 1999-02, Compaq Systems Research Center (May 1999), 9 pages.
Shankar, et al., “Detecting Format String Vulnerabilities with Type Qualifiers,” Proceedings of the 10th USENIX Security Symposium (2001), 16 pages.
Zovi, “Security Applications of Dynamic Binary Translation, Thesis”, The University of New Mexico, (2002), 54 pages.
Detlefs, et al. “Extended Static Checking,” Technical Report 159, Compaq Systems Research Center (1998), 50 pages.
Viega et al., “A Static Vunerability Scanner for C and C++ Code,” Proceedings of The Annual Computer Security Applications Conference (2000), 15 pages.
Banatre et al., “Mechanical Proofs of Security Properties,” Publication Interne No. 825, IRIS, Rennes Cedex, France, (May 1994), 32 pages.
Macrakis, “From UNCOL to ANDF: Progress in Standard Intermediate Languages,” Open Software Foundation, (Jun. 29, 1993), 18 pages.
Gordon et al, “Typing a Multi-Language Intermediate Code,” Technical Report MSR-TR-2000-106, Microsoft Research, Microsoft Corporation, Redmond, WA, (Dec. 2000), 58 pages.
“White Paper The Java Language Environment,” downloaded from Java Website, http://java.sun.com/docs/white/langenv/Neutral.doc1.html, Copyright Sun Microsystems, Inc. (1997), 1 page.
Aho et al., “Principles of Compiler Design,” Bell Laboratories, Murray Hill, NJ, Princeton University, Princeton, NJ, (Mar. 1978), 7 pages.
“GCC, the GNU Compiler Collection,” downloaded from http://gcc.gnu.org/, (May 13, 2007), 2 pages.
“xGCC—A program analysis tool based on a modified GNU—Compiler,” downloaded from http://www.cs.stevens.edu/-wbackes/xGCC/index.html, (Oct. 16, 2007), 3 pages.
“9.2 GIMPLE,” downloaded from http://gcc.gnu.org/onlinedocs/gcc-4.0.4/gccint/GIMPLE/html, (Oct. 16, 2007), 1 page.
Portal USPTO, The ACM Digital library, Results from (p. 1) vulnerable $6 and program and instructions and diverse and analys$4 and . . . , downloaded form http://portal.acm.org/results.cfm?coll=ACM&dl=ACM&CFID=6277206&CFTOKEN=1724 . . . , downloaded (Dec. 6, 2006), 6 pages.
Blyth, “An XML-based Architecture to Perform Data Integration and Data Unification in Vulnerability Assessments”, Information Security Technical Report, 8(4):14-25, 2003.
Devanbu, “GENOA—A Customizable, Language- and Front-End Independent Code Analyzer”, ACM 0-89791-504-6, pp. 307-317, 1992.
Melbourne et al., “Penetration Testing for Web Applications (Part Three)”, 7 pages, Aug. 20, 2003.
Van denBrand et al., “Re-engineering Needs Generic Programming Language Technology”, ACM SIGPLAN Notices, 8 pages, Feb. 1997.
Chess B. et al. “Static Analysis for Security” IEEE Security and Privacy< IEEE Computer Society, NE York, NY, US, vol. 2, No. 6, Nov. 1, 2004, p. 76-79, XP011123183, ISSN 1540-7993.
McGraw, G. “From the ground up: the DIMACS software security workshop” XP002559149The Institution of Electrical Engineers, Stevenage, GB; Mar. 2003.
McGraw, G. “Software Security” IEEE Security and Privacy, IEEE Computer Society, NY, US, vol. 2, No. 2, Mar. 1, 2004, p. 80-83, XP011109971 ISSN 1540-7993.
EP 05748199 Supplementary European Search Report mailed Apr. 3, 2010.
Van Der Merwe, G. et al. “Software source code, visual risk analysis: an example” Computers & Security, Elsevier Science Publishers. Amsterdam, NL, vol. 17, No. 3, Jan. 1, 1998 p. 233-252, XP004130084, ISSN 0167-4048.
Chess Brian
Do Arthur
Fay Sean
Thornton Roger
Hewlett--Packard Development Company, L.P.
To Baotran N
Vu Kimyen
LandOfFree
Apparatus and method for monitoring secure software does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for monitoring secure software, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for monitoring secure software will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2643352