Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
2007-01-31
2009-11-17
Guyton, Philip (Department: 2113)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C714S004110, C714S043000, C726S022000
Reexamination Certificate
active
07620851
ABSTRACT:
A method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target. The method may further include, receiving a feedback from the target to determine fault occurrence. An apparatus for testing a target in a network by fault injection, includes: a driver configured to generate patterns, where a pattern can generate a plurality of packets for transmission to the target, the pattern being represented by an expression with a literal string and a wild character class; and a network interface coupled to the driver and configured to transmit and receive network traffic.
REFERENCES:
patent: 4759019 (1988-07-01), Bentley et al.
patent: 4999837 (1991-03-01), Reynolds et al.
patent: 5046068 (1991-09-01), Kubo et al.
patent: 5072447 (1991-12-01), Perloff et al.
patent: 5193178 (1993-03-01), Chilarege et al.
patent: 5428624 (1995-06-01), Blair et al.
patent: 5440723 (1995-08-01), Arnoldi et al.
patent: 5485409 (1996-01-01), Gupta et al.
patent: 5892903 (1999-04-01), Klaus
patent: 6311278 (2001-10-01), Raanan et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6560720 (2003-05-01), Chirashnya et al.
patent: 6574737 (2003-06-01), Kingsford et al.
patent: 6584569 (2003-06-01), Reshef et al.
patent: 6609205 (2003-08-01), Bernhard et al.
patent: 6654914 (2003-11-01), Kafine et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 6996845 (2006-02-01), Hurst et al.
patent: 2005/0251570 (2005-11-01), Heasman et al.
Ptacek et al. “Insertion, evasion, and denial of service: eluding network intrusion detection.” Technical report, Secure Networks Inc., Jan. 1996.
“%u encoding IDS bypass vulnerability” retrieved from http://research.eeye.com/html/advisories/published/AD20010705.html on Feb. 13, 2007.
“Campas cgi hole” retrieved from http:///www.hoobie.net/security/exploits/hacking/campus—cgi—hole.txt on Feb. 13, 2007.
“H-48: Internet Information Server Vulnerability” retrieved from http://ciac.11n1.gov/ciac/bulletins/h-48.shtml on Feb. 13, 2007.
Gary, Jon. “Multiple levels of de-synchronization and other concerns with testing an IDS system.” Aug. 11, 2000. retrieved from “http://www.securityfocus.com/print/infocus/1204”.
“An Automated Approach for Identifying Potential Vulnerabilities in Software” by A. K. Ghosh, et al. Proc. of IEEE Symp. on Sec. and Privacy. May 3-6, 1998, pp. 104-114.
“Towards Analysing Security-Critical Software During Development” by A. K. Ghosh, et al. Technical Report RSTR-96-023-01, RST Corporation, Dec. 1996. Total pages: 14.
“An Approach for Certifying Security in Software Components” by A. K. Ghosh, et al. Proc. 21st NIST-NCSC National Info. Systems Conf., Oct. 6-9, 1998. Total pages: 7.
“Vulnerability Testing of Software System Using Fault Injection” by W. Du, et al. Tech. Report Coast TR98-02, Dept. of Comp. Science, Purdue University, 1998. Total pages: 20.
“NT Web Technology Vulnerabilities”, rain.forest.puppy, Phrack Magazine, vol. 8, Iss. 54, Dec. 25, 1998. Article 8 of 12. Total pages: 8.
“Program-Probe Web for Insecure Perl Installations”, perl—cgi—pl.txt., Mar. 28, 1996. Total pages: 3.
“Program-CgiScan v 1.5”, cgiscan—c.txt., Feb. 1999. Total pages: 3.
“SPHINX: A Framework for Creating Personal, Site-Specific Web Crawlers” by R. Miller, et al. Apr. 1998. [wepages][online]. Retrieved on Dec. 28, 2006. Retrieved from the internet: http://www.cs.cmu.edu/˜rcm/papers/www7/www7.html. Total pages: 14.
“The World Wide Web Security FAQ version 1.9.0” by L. Stein.Jun. 30, 1998. [webpages][online]. Retrieved on Dec. 28, 2006. Retrieved from the internet: http://www.perl.com/doc/FAQ s/cgi/wwwsf0.html. Total pages: 5.
“Security.NNOV advisory-The Batl directory traversal” (public release). [webpages] [online]. Retrieved from the internet:http://archive.cert.uni.de/archive/bugtraq/2001/01/ msg00058.html. Total pages: 3.
“SQL Injection” by Kevin Spett. Retrieved on Sep. 14, 2007. Retrieved from the internet: http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf. Total pages: 35.
Advisory: NT ODBC Remote Compromise by M. Astley, et al. [webpages] [online]. Retrieved on Sep. 14, 2007. Retrieved from the internet:http://www.wiretrip.net/rfp/txt/rfp9901.txt. Total pages: 6.
Stites & Harbison PLLC, Mar. 29, 2007. Total pages: 8.
Eller Riley Dennis
Gary Jonathan Walter
Hoglund Michael Gregory
Leavy Penny C.
Cenzic, Inc.
de Guzman Arnold M.
Guyton Philip
LandOfFree
Fault injection methods and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Fault injection methods and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Fault injection methods and apparatus will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4124424