Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2005-10-07
2010-12-07
Arani, Taghi T (Department: 2438)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000, C726S024000, C717S126000, C717S127000, C717S131000, C717S132000
Reexamination Certificate
active
07849509
ABSTRACT:
Methods and systems for analyzing a computer program use static and interprocedural analysis techniques and engines. A data processing operation, such as a function, is automatically identified within the computer program. It is determined whether the function represents a potential source for entry of untrusted data into the computer program. A course of the untrusted data is modeled through the identified function to produce a validation result, such as a call stack. Based on an attribute of the untrusted data (for example, whether the untrusted data is an unbounded integer or a string), it is determined whether the validation result identifies a security vulnerability of the computer program. A security vulnerability may exist, for example, when the modeled course of an unbounded integer through the function produces a buffer overrun in a call stack. The validation result is provided, via an API, software development tool, or user interface, for example.
REFERENCES:
patent: 5652899 (1997-07-01), Mays et al.
patent: 5875330 (1999-02-01), Goti
patent: 6832302 (2004-12-01), Fetzer et al.
patent: 7051322 (2006-05-01), Rioux
patent: 2004/0255277 (2004-12-01), Berg et al.
patent: 2005/0015752 (2005-01-01), Alpern et al.
Ganapathy et al., Buffer Overrun Detection using Linear Programming and Static Analysis, Oct. 27, 2003, ACM, Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pp. 345-354.
Van Emmerik, Identifying Library Functions in Executable Files Using Patterns, Nov. 9, 1998, IEEE Computer Society, Proceedings of the Australian Software Engineering Conference, pp. 90-97.
Copeland, Static Analysis with PMD, Feb. 12, 2003, O'Reilly Media, Inc.
Xie et al., Archer: using symbolic, path-sensitive analysis to detect memory access errors, Sep. 1, 2003, ACM, Proceedings of the 9thEuropean Software Engineering Conference with 11thACM SIGSOFT international Symposium on Foundations of Software Engineering, pp. 327-336.
Thiagarajan Jayaraman
Venkatapathy Ramanathan N
Wei Dong
Arani Taghi T
Chang Kenneth
Mayer & Williams PC
Microsoft Corporation
LandOfFree
Detection of security vulnerabilities in computer programs does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detection of security vulnerabilities in computer programs, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection of security vulnerabilities in computer programs will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4201457