Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-10-16
2007-10-16
Moazzami, Nasser (Department: 2136)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000
Reexamination Certificate
active
10050764
ABSTRACT:
A system and method for certifying software for essential and security-critical systems. The system and method provide a methodology and corresponding analysis engines increase the level of confidence that common vulnerabilities are not present in a particular application. A pipeline system consisting of independent modules which involve increasingly complex analysis is disclosed. The pipeline approach allows the user to reduce computation time by focusing resources on only those code segments which were not eliminated previously in the pipeline.
REFERENCES:
patent: 4924408 (1990-05-01), Highland
patent: 4941102 (1990-07-01), Darnell et al.
patent: 5132972 (1992-07-01), Hansen
patent: 5133045 (1992-07-01), Gaither et al.
patent: 5247693 (1993-09-01), Bristol
patent: 5293629 (1994-03-01), Conley et al.
patent: 5500941 (1996-03-01), Gil
patent: 5581696 (1996-12-01), Kolawa et al.
patent: 5699507 (1997-12-01), Goodnow et al.
patent: 5761408 (1998-06-01), Kolawa et al.
patent: 5784553 (1998-07-01), Kolawa et al.
patent: 5842019 (1998-11-01), Kolawa et al.
patent: 5850516 (1998-12-01), Schneier
patent: 5854924 (1998-12-01), Rickel et al.
patent: 5860011 (1999-01-01), Kolawa et al.
patent: 5922079 (1999-07-01), Booth et al.
patent: 5925123 (1999-07-01), Tremblay et al.
patent: 5970242 (1999-10-01), O'Connor et al.
patent: 6014723 (2000-01-01), Tremblay et al.
patent: 6085029 (2000-07-01), Kolawa et al.
patent: 6125439 (2000-09-01), Tremblay et al.
patent: 6148401 (2000-11-01), Devanbu et al.
patent: 6154876 (2000-11-01), Haley et al.
patent: 6381698 (2002-04-01), Devanbu et al.
patent: 6412071 (2002-06-01), Hollander et al.
patent: 6427232 (2002-07-01), Ku et al.
patent: 6473896 (2002-10-01), Hicken et al.
patent: 6513154 (2003-01-01), Porterfield
patent: 6578094 (2003-06-01), Moudgill
patent: 6584569 (2003-06-01), Reshef et al.
patent: 6718485 (2004-04-01), Reiser
patent: 6806893 (2004-10-01), Kolawa et al.
patent: 6807569 (2004-10-01), Bhimani et al.
patent: 6862696 (2005-03-01), Voas et al.
patent: 6895578 (2005-05-01), Kolawa et al.
patent: 2001/0013094 (2001-08-01), Etoh et al.
patent: 2002/0026591 (2002-02-01), Hartley et al.
patent: 2003/0233581 (2003-12-01), Reshef et al.
patent: 2004/0006704 (2004-01-01), Dahlstrom et al.
patent: 2004/0103315 (2004-05-01), Cooper et al.
D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, San Diego, CA, Feb. 2000.
Necula et al., The design and implementation of a certifying compiler, 1998, ACM, pp. 333-344.
Bush et al., A static analyzer for finding dynamic programming errors, 2000, Software Practice and Experience, pp. 775-802.
Viega, J.; Bloch, J.T.; Kohno, Y.; McGraw, G., ITS4: a static vulnerability scanner for C and C++ code, Dec. 2000, IEEE, pp. 257-267.
D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, San Diego, CA, Feb. 2000.
Necula et al., The design and implementation of a certifying compiler, 1998, ACM, pp. 333-344.
Bush et al., A static analyzer for finding dynamic programming errors, 2000, Software Practice and Experience, pp. 775-802.
Viega, J.; Bloch, J.T.; Kohno, Y.; McGraw, G., ITS4: a static vulnerability scanner for C and C++ code, Dec. 2000, IEEE, pp. 257-267.
Ghosh et al., An Approach for Certifying Security in Software Components, 1998, Proc. 21st {NIST}-{NCSC} National Information Systems Security Conference, <citeseer.ist.psu.edu/104720.html>.
Ghosh, A.K.; O'Connor, T.; McGraw, G., An automated approach for identifying potential vulnerabilities in software, 1998, Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on, May 3-6, 1998 pp. 104-114.
Ghosh Anup K.
Shah Viren
Walls Thomas J.
Cervetti David Garcia
Cigital, Inc.
Edell Shapiro & Finnan LLC
Moazzami Nasser
LandOfFree
System and method for identifying and eliminating... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for identifying and eliminating..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for identifying and eliminating... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3899500