Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
2005-05-06
2010-12-21
Zhen, Wei Y (Department: 2191)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S106000, C717S108000, C717S163000
Reexamination Certificate
active
07856624
ABSTRACT:
Automated (e.g., compiler implemented) techniques provide safe secure software development. One exemplary illustrative implementation addresses undefined behavior in the C and C++ programming languages.
REFERENCES:
patent: 5583988 (1996-12-01), Crank et al.
patent: 5640564 (1997-06-01), Hamilton et al.
patent: 6149318 (2000-11-01), Chase et al.
patent: 6154876 (2000-11-01), Haley et al.
patent: 6282703 (2001-08-01), Meth et al.
patent: 6452990 (2002-09-01), Leis et al.
patent: 6493868 (2002-12-01), DaSilva et al.
patent: 6542990 (2003-04-01), Tremblay et al.
patent: 6634023 (2003-10-01), Komatsu et al.
patent: 6647301 (2003-11-01), Sederlund et al.
patent: 6662354 (2003-12-01), Krablin et al.
patent: 6802056 (2004-10-01), Chaiken et al.
patent: 7013458 (2006-03-01), Bloch et al.
patent: 7062761 (2006-06-01), Slavin et al.
patent: 7086041 (2006-08-01), Plesko et al.
patent: 7146606 (2006-12-01), Mitchell et al.
patent: 7155602 (2006-12-01), Poznanovic
patent: 7305666 (2007-12-01), Burger et al.
patent: 7487507 (2009-02-01), Lun et al.
patent: 7509398 (2009-03-01), Acharya et al.
Dor et al., CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C; obtained from www.cs.tau.ac.il/˜msagiv/cssv.pdf; 2003, pp. 155-167.
Ghiya et al., On the Importance of Points=To Analysis and Other Memory Disambiguation Methods For C Programs; obtained from www.cs.uiuc.edu/class/cs426/Papers/ghiya.pldi01.pdf; 2001, pp. 47-58.
International Search Report, PCT/US04/30029 (Aug. 24, 2006).
Fergus Henderson, “Accurate Garbage Collection in an Uncooperative Environment,” ISMM '02, (Jun. 20-21, 2002), Berlin, Germany.
David Berlind, Ex-Cybersecurity czar Clarke issues gloomy report card—TechUpdate—ZDNet, http://techupdate.zdnet.com/Clarke—issues—gloomy—report—card—.html, “Orlando, Fla.—Richard Clarke has more bad news for IT execs” (Oct. 2003).
Hans-J Boehm, “A Garbage Collector for C and C++”, .(http://www.hpl.hp.com/personal/Hans—Boehm/gc/) (2004).
Mark Mitchell et al., “Itanium C++ ABI” (http://www.codesourcery.com/cxx-abi/abi.html) (2003).
Todd M. Austin, “Efficient Detection of All Pointer and Array Access Errors,” SIGPLAN 94-6/94 Orlando, Florida, USA (1994).
CERT/CC. See http://www.cert.org/stats/cert—stats.html for current statistics (1988-2005).
CERT/CC.US-CERT's Technical Cyber Security Alerts. http://www.us-cert.gov/cas/techalerts/index.html (2004-2005).
Dor, N., Rodeh, M., and Sagiv. M. “CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C,” PLDI'03, San Diego, California, pp. 155-167 (Jun. 9-11, 2003).
Gupta, R., “Optimizing Array-Bound Checks Using Flow Analysis,” ACM Letters on Programming Languages and Systems, vol. 2, Nos. 1-4, pp. 135-150 (Mar.-Dec. 1993).
ISO/IEC WDTR 24731, Information Technology-Programming languages, their environments and system software interfaces—Specification for Secure C Library Functions (Dec. 19, 2004) [ISO/IEC JTC1 SC22 WG14 N1093, “Programming languages, their environments and system software interfaces—Specification for Secure C Library Functions,” www.open-std.org/jtc1/sc22/wg14/www/docs
1093.pdf (2004)].
Lovell, M., “Safe! Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries,” MSDN Magazine (May 2005).
Plum Hall, Inc., “The SSCC website,” http://www.plumhall.com/sscc.html (2005).
Seacord, Robert, Secure Coding in C and C++ (2005).
Ruwase, O. and Lam, M., “A Practical Dynamic Buffer Overflow Detector,” Proceedings of the Network and Distributed System Security (NDSS) Symposium, pp. 159-169 (Feb. 2004).
Standard Performance Evaluation Corporation (SPEC), SPEC CPU2000: Component CPU Integer (CINT2000 http://www.spec.org) (2000).
INCITS/ISO/IEC 9899-1999, Programming Languages—C, Second Edition (1999).
INCITS/ISO/IEC 14882-2003, Programming Languages—C++, Second Edition (2003).
International Search Report, PCT/US04/34422 (Mar. 30, 2006).
Rinard, Martin et al., “Enhancing Server Availability and Security Through Failure-Oblivious Computing,” 14 pages, presented at USENIX OSDI Dec. 6-8, 2004.
“CenterLine Announces QualityCenter Automated Testing Tools, ” Dr. Dobb'sPortal, http://www.ddj.com/cpp/184403081 (Oct. 1, 1995).
Dhurjati, Dinakar et al., “Backwards-Compatible Array Bounds Checking for C with Very Low Overhead, ” ICSE '06, May 20-28, 2006, Shanghai, China, pp. 1-10.
Sumant Kowshik, et al., “Ensuring Code Safety Without Runtime Checks for Real Time Control Systems.” International Conference on Compilers, Architecture and Synthesis for Embedded Systems (CASES),10 pages (Aug. 8, 2002).
Dinakar Dhurjati, “Memory Safety Without Runtime Checks or Garbage Collection for Embedded Applications,” ACM Transactions on Embedded Computing Systems, vol. 4, No. 1, Feb. 2005, pp. 73-111.
Dinakar Dhurjati et al., “Enforcing Alias Analysis for Weakly Typed Languages,” 23 pages, Technical Report #UIUCDCS-R-2005-2657, Computer Science Dept., University of Illinois (Nov. 2005).
John Criswell et al., “A Virtual Instruction Set Interface for Operating System Kernels,” 8 pages, Workshop on the Interaction between Operating Systems and Computer Architecture (WIOSCA '06) (Jun. 19, 2006).
Dinakar Dhurjati et al., “Efficiently Detecting All Dangling Pointer Uses in Production Servers,” 10 pages, International Conference on Dependable Systems and Networks (DSN) (2006).
John Criswell et al., “Memory Safety for Low-Level Software/Hardware Interactions,” 18 pages (Aug. 12, 2009).
Dinakar Dhurjati et al., Memory Safety Without Runtime Checks or Garbage Collection, LCTES'03, Jun. 11-13, 2003, San Diego, California, USA, 12 pages.
Dinakar Dhurjati et al., “SAFECode: Enforcing Alias Analysis for Weakly Typed Languages,” PLDI'06 Jun. 10-16, 2006, Ottawa, Ontario, Canada, pp. 144-157.
Dinakar Dhurjati et al., “Backwards-Compatible Array Bounds Checking for C with Very Low Overhead,” ICSE'06, May 20-29, 2006, Shanghai, China, 10 pages.
John Criswell et al., “Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems,” SOSP'07, Oct. 14-17, 2007, Stevenson, Washington, USA, 10 pages.
John Criswell, “A virtual Instruction Set Interface for Operating System Kernels,” powerpoint presentation (Jun. 18, 2006), 33 pages.
Dinakar Dhurjati, “Memory Safety Without Runtime Checks or Garbage Collection,” powerpoint presentation, LCTES03 (Jun. 12, 2003), 27 pages.
Sumant Kowshik, “Ensuring Code Safety Without Run-time Checks for Real-time Control Systems,” powerpoint presentation, CASES02 (Aug. 11, 2002), 22 pages.
Nixon & Vanderhye P.C.
Rampuria Satish
Thomas Plum
Zhen Wei Y
LandOfFree
Automated safe secure techniques for eliminating undefined... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated safe secure techniques for eliminating undefined..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated safe secure techniques for eliminating undefined... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4190210