Data processing: software development – installation – and managem – Software program development tool – Testing or debugging
Reexamination Certificate
2008-07-08
2008-07-08
Kiss, Eric B (Department: 2192)
Data processing: software development, installation, and managem
Software program development tool
Testing or debugging
C717S125000, C726S025000
Reexamination Certificate
active
07398516
ABSTRACT:
A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routines posses one or more of pre-selected vulnerabilities.
REFERENCES:
patent: 5440723 (1995-08-01), Arnold et al.
patent: 6343371 (2002-01-01), Flanagan et al.
patent: 6412071 (2002-06-01), Hollander et al.
patent: 6817009 (2004-11-01), Flanagan et al.
patent: 6832302 (2004-12-01), Fetzer et al.
patent: 6973417 (2005-12-01), Maxwell et al.
patent: 7051322 (2006-05-01), Rioux
patent: 2003/0172293 (2003-09-01), Johnson et al.
patent: 2003/0182572 (2003-09-01), Cowan et al.
patent: 2004/0111713 (2004-06-01), Rioux
patent: 2004/0168078 (2004-08-01), Brodley et al.
patent: 2005/0015752 (2005-01-01), Alpern et la.
Matt Bishop and Micharil Dilger, “Checking for Race Conditions in File Accesses,” 1996, Computing Systems 9(2), pp. 131-152 (manuscript version; 20 pages).
Jong-Deok Choi, et al., “Static Datarace Analysis for Multithreaded Object-Oriented Programs,” Aug. 9, 2001, IBM, RC22146 (W0108-016), pp. 1-18.
Chess, Improving Computer Security Using Extended Static Checking, Proceedings of the IEEE Symposium on Security and Privacy, May 2002.
Haugh and Bishop, Testing C Programs for Buffer Overflow Vulnerabilities, Proceedings of the 2003 Symposium on Networked and Distributed System Security (SNDSS 2003), Feb. 2003.
Larochelle and Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities, Proceedings of the 2001 Usenix Security Symposium, Aug. 2001.
Shankar et al., Detecting Format String Vulnerabilities with Type Qualifiers, Proceedings of the 10th Usenix Security Symposium, Aug. 2001.
Viega et al., A Static Vulnerability Scanner for C and C++ Code, 16th Annual Computer Security Applications Conference, 2000.
Wagner et al., A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, Proceedings of the Network and Distributed System Security Symposium, Feb. 2000.
Aho, et al., “Principles of Compiler Design,” Addison-Wesley Publishing Co., Mar. 1978.
Ashcraft, et al., “Using Programmer-Written Compiler Extensions to Catch Security Holes”, IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.
Banatre, et al., “Mechanical Proofs of Security Properties,” Institut de Recherche en Informatique et Systemes Aleatoires, Centre National de la Recherche Scientifique (URA 227) Universite de Rennes 1, Insa de Rennes, France, ISSN 1166-8687, Publication Interne No. 825, May 1994.
Bush, et al., “A Static Analyzer for Finding Dynamic Programming Errors”, Software—Practice and Experience, vol. 30, No. 7, 2000.
Chess, et al., “Static Analysis for Security,” IEEE Computer Society, IEEE Security and Privacy, 1540-7993 (2004).
Detlefs, et al., “Extended Static Checking,” Technical Report 159, Compaq Systems Research Center (1998).
Dijkstra, E.W., “Guarded Commands, Nondeterminacy and Formal Derivation of Programs,” Communications of the ACM, vol. 18, No. 8, pp. 453-457 (Aug. 1975).
Frailey, D.J., “An Intermediate Language for Source and Target Independent Code Optimization,” ACM, 0-89791-002-8/79/0800/0188, pp. 188-200 (1979).
Gordon, et al., “Typing a Multi-Language Intermediate Code,” Technical Report MSR-TR-2000-106, Microsoft Research, Microsoft Corporation (Dec. 2000).
Kiriansky, et al., “Secure Execution Via Program Shepherding,” 11th Usenix Security Symposium (Security '02), San Francisco, CA (Aug. 2002).
Leino, et al., “Checking Java Program via Guarded Commands,” Technical Report Feb. 1999, Compaq Systems Research Center (May 1999).
Macrakis, S., “From UNCOL to ANDF: Progress in Standard Intermediate Languages,” Open Software Foundation, macrakis@osf.org, pp. 1-18 (1993).
Pincus, J., “Steering the Pyramids—Tools, Technology, and Process in Engineering at Microsoft,” Microsoft Research (Oct. 5, 2002).
Schneider, F.B., “Enforceable Security Policies,” ACM Transactions on Information and System Security, vol. 3, No. 1, pp. 30-50 (Feb. 2000).
Sirer, et al., “An Access Control Language for Web Services,” SACMAT '02, Jun. 3-4, 2002, Monterey CA, ACM 1-58113-496-07/02/0006, pp. 23-30 (2002).
Suzuki, et al., “Implementation of An Array Bound Checker,” Defense Advanced Research Projects Agency (Contract FF44620-73-C-0034), Air Force Office of Scientific Research (Contract DAHC-15-72-C-0308), University of Tokyo Computation Center, pp. 132-143, 1997.
“The Java Language Environment,” White Paper, Sun Microsystems, Inc. (1997).
Zovi, D.D., “Security Applications of Dynamic Binary Translation, Thesis,” The University of New Mexico (2002).
Berg Ryan James
Danahy John J.
Gottlieb Robert
Peyton John
Rehbein Chris
Kiss Eric B
Ounce Labs, Inc.
Wilmer Cutler Pickering Hale & Dorr LLP
LandOfFree
Method and system for detecting race condition... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for detecting race condition..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for detecting race condition... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2768658