Data processing: software development – installation – and managem – Software program development tool – Testing or debugging
Reexamination Certificate
2003-09-05
2008-10-14
Zhen, Wei Y. (Department: 2191)
Data processing: software development, installation, and managem
Software program development tool
Testing or debugging
C726S001000
Reexamination Certificate
active
07437718
ABSTRACT:
An analysis tool provides a call path set for reviewing the security of trusted software components during development. By examining the usage of permissions in programs and libraries within a managed execution environment, potential gaps in the security of trusted components may be identified. A call graph generator creates a permission-sensitive call graph. A call graph analyzer evaluates the permission-sensitive call graph to highlight call paths that may present security risks.
REFERENCES:
patent: 6134662 (2000-10-01), Levy et al.
patent: 6158045 (2000-12-01), You
patent: 6918126 (2005-07-01), Blais
patent: 6973460 (2005-12-01), Mitra
patent: 7032212 (2006-04-01), Amir et al.
patent: 7051322 (2006-05-01), Rioux
patent: 7076803 (2006-07-01), Bruton et al.
patent: 7076804 (2006-07-01), Kershenbaum et al.
patent: 7089530 (2006-08-01), Dardinski et al.
patent: 7089581 (2006-08-01), Nagai et al.
patent: 7096498 (2006-08-01), Judge
patent: 7162741 (2007-01-01), Eskin et al.
patent: 2003/0018909 (2003-01-01), Cuomo et al.
patent: 2004/0255277 (2004-12-01), Berg et al.
patent: 2004/0260940 (2004-12-01), Berg et al.
patent: 2005/0010806 (2005-01-01), Berg et al.
Naumovich, Gleb; “A Conservative Algorithm for Computing the Flow of Permissions in Java Programs”, 2002 AMC, retrieved Feb. 6, 2007.
Phillips, Cynthia; Swiler, Laura Painton; “A Graph-Based System for Network-Vulnerability Analysis”, p. 71-79, 1998 ACM, retrieved Feb. 6, 2007.
Weber, Michael; Shah, Viren; Ren, Chris; “A Case Study in Detecting Software Security Vulnerabilities using Constraint Optimization”, 2001 IEEE, retrieved Feb. 6, 2007.
Xie, Yichen; Chou, Andy; Engler, Dawson; “Archer: Using Symbolic, Path sensitive Analysis to Detect Memory Access Errors”, 2003 ACM, retrieved Feb. 6, 2007.
Edwards et al. “Runtime Verification of Authorization Hook Placement for the Linux Security Modules Framework”, Nov. 2002, ACM, pp. 225-234.
Jaeger et al. “Policy Management Using Access”, Aug. 2003, ACM TISSEC vol. 6, Issue 3, pp. 327-364.
Blanc Tomasz Pierre
Fournet Cedric
Gordon Andrew Donald
Deng Anna
Microsoft Corporation
Zhen Wei Y.
LandOfFree
Reviewing the security of trusted software components does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Reviewing the security of trusted software components, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Reviewing the security of trusted software components will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4016292