Detection of security vulnerabilities in computer programs

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S024000, C717S126000, C717S127000, C717S131000, C717S132000

Reexamination Certificate

active

07849509

ABSTRACT:
Methods and systems for analyzing a computer program use static and interprocedural analysis techniques and engines. A data processing operation, such as a function, is automatically identified within the computer program. It is determined whether the function represents a potential source for entry of untrusted data into the computer program. A course of the untrusted data is modeled through the identified function to produce a validation result, such as a call stack. Based on an attribute of the untrusted data (for example, whether the untrusted data is an unbounded integer or a string), it is determined whether the validation result identifies a security vulnerability of the computer program. A security vulnerability may exist, for example, when the modeled course of an unbounded integer through the function produces a buffer overrun in a call stack. The validation result is provided, via an API, software development tool, or user interface, for example.

REFERENCES:
patent: 5652899 (1997-07-01), Mays et al.
patent: 5875330 (1999-02-01), Goti
patent: 6832302 (2004-12-01), Fetzer et al.
patent: 7051322 (2006-05-01), Rioux
patent: 2004/0255277 (2004-12-01), Berg et al.
patent: 2005/0015752 (2005-01-01), Alpern et al.
Ganapathy et al., Buffer Overrun Detection using Linear Programming and Static Analysis, Oct. 27, 2003, ACM, Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pp. 345-354.
Van Emmerik, Identifying Library Functions in Executable Files Using Patterns, Nov. 9, 1998, IEEE Computer Society, Proceedings of the Australian Software Engineering Conference, pp. 90-97.
Copeland, Static Analysis with PMD, Feb. 12, 2003, O'Reilly Media, Inc.
Xie et al., Archer: using symbolic, path-sensitive analysis to detect memory access errors, Sep. 1, 2003, ACM, Proceedings of the 9thEuropean Software Engineering Conference with 11thACM SIGSOFT international Symposium on Foundations of Software Engineering, pp. 327-336.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Detection of security vulnerabilities in computer programs does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Detection of security vulnerabilities in computer programs, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection of security vulnerabilities in computer programs will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4201457

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.