Data processing: database and file management or data structures – Database and file access – Record – file – and data search and comparisons
Reexamination Certificate
2011-03-08
2011-03-08
Truong, Cam Y T (Department: 2169)
Data processing: database and file management or data structures
Database and file access
Record, file, and data search and comparisons
C707S780000
Reexamination Certificate
active
07904472
ABSTRACT:
Binary files of one or more applications are scanned to identify database command templates contained therein, wherein each DB command template comprises a sequence of elements including one or more input markers. Once the DB command templates are identified, they are copied to a memory. While in the memory, the command templates can be used to identify abnormal DB commands. In one embodiment of a method, a first template is generated in response to receiving a first DB command from a computer system, wherein the first DB command comprises a sequence of elements including one or more user input values. The first template can be generated by replacing all user input values in the received first DB command with input markers. Thereafter the first template is compared to one or more of the DB command templates copied to the memory.
REFERENCES:
patent: 6466931 (2002-10-01), Attaluri et al.
patent: 7444331 (2008-10-01), Nachenberg et al.
patent: 7720867 (2010-05-01), Subramanian et al.
patent: 2003/0069880 (2003-04-01), Harrison et al.
patent: 2003/0220917 (2003-11-01), Copperman et al.
patent: 2006/0212438 (2006-09-01), Ng
patent: 2006/0248080 (2006-11-01), Gray
patent: 2007/0192623 (2007-08-01), Chandrasekaran
patent: 2008/0047009 (2008-02-01), Overcash et al.
Wikipedia, “Binary File”, http://en.wikipedia.org/wiki/Binary—file.
Buehrer, Gregory T., Bruce W. Weide, and Paolo A. G. Sivilotti; “Using Parse Tree Validation to Prevent SQL Injection Attacks,” Computer Science and Engineering, The Ohio State University, Columbus, Ohio, 43210; Sep. 2005, pp. 106-113.
Halfond, William G. J. and Alessandro Orso, Preventing SQL Injection Attacks Using AMNESIA,: Colluge of Computing, Georgia Institute of Technology, May 20-28, 2006; pp. 7950-0798.
Halfond, William G. J. and Alessandro Orso, “Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks,” College of Computing, Georgia Institute of Technology; May 17, 2005; 7 pages.
Campbell Stephenson LLP
Symantec Operating Corporation
Truong Cam Y T
LandOfFree
Scanning application binaries to identify database queries does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Scanning application binaries to identify database queries, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Scanning application binaries to identify database queries will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2691357