Data processing: software development – installation – and managem – Software program development tool – Testing or debugging
Reexamination Certificate
2011-08-23
2011-08-23
Kendall, Chuck O (Department: 2192)
Data processing: software development, installation, and managem
Software program development tool
Testing or debugging
C717S125000, C717S127000, C717S132000, C717S152000, C717S154000, C717S157000
Reexamination Certificate
active
08006233
ABSTRACT:
The present relates to a method for verifying privileged and subject-executed code within a program, the method further comprising the steps of constructing a static model of a program, identifying checkPermission nodes that are comprised within the invocation graph, and performing a fixed-point iteration, wherein each determined permission set is propagated backwards across the nodes of the static model until a privilege-asserting code node is reached. The method further comprises the steps of associating each node of the invocation graph with a set of Permission allocation sites, analyzing each identified privilege-asserting code node and subject-executing code node to determine the Permission allocation site set that is associated with each privilege-asserting code node and subject-executing code node, and determining the cardinality of a Permission allocation-site set that is associated with each privilege-asserting code node and subject-executing code node.
REFERENCES:
patent: 7133846 (2006-11-01), Ginter et al.
patent: 2009/0287837 (2009-11-01), Felsher
Pistola et al., “Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection”, in Proceedings of the 19th European Conference on Object-Oriented Programming, pp. 362-386, Glasgow, Scotland UK, Jul. 2005, Springer-Verlag.
Barbara G. Ryder, “Dimensions of Precision in Reference Analysis of Object-Oriented Languages”, in Proceedings of the 12th International Conference on Compiler Construction, pp. 126-137, Warsaw, Poland, Apr. 2003, Invited Paper.
Koved et al., “Access Rights Analysis for Java”, in Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages.
Lai et al., “User Authentication and Authorization in the JavaTM Platform”, in Proceedings of the 15th Annual Computer Security Applications Conference, pp. 285-290, Scottsdale, AZ, USA, Dec. 1999, IEEE Computer Security.
Saltzer et al., “The Protection of Information in Computer Systems”, in Proceedings of the IEEE, vol. 63, pp. 1278-1308, Sep. 1975.
Gulwani et al., “Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions”, in 11th Static Analysis Sumposium, vol. 3148 of LNCS, pp. 328-343, Aug. 2004.
Gleb Naumovich, “A Conservative Algorithm for Computing the Flow of Permissions in Java Programs”, in Proceedings with ISSTA, pp. 33-43, Rome, Italy, Jul. 2002.
Gleb Naumovich, “A Conservative Algorithm for Computing the Flow of Permissions in Java Programs”, Dec. 2001, http://cis.poly.edu/tr/tr-cls-2001-07.pdf.
Pistola et al., “Enterprise Java Security: Building Secure J2EE Applications”, Addison-Wesley Apprentice Hall, 1999.
Ole Agesen “The Cartesian Product Algorithm: Simple and Precise Type Inference of Parametric Polymorphism” in Proceedings of the 9th ECOOP, pp. 2-26, Aarhus, Denmark Aug. 1995, Spring-Verlag Anderson et al., “Design and Implementation of a Fine-Grained Software Inspection Tool”, IEEE Transactions on Software Engineering, 29(8):721-733, Aug. 2003.
Paul et al., “NET Security: Lesson Learned and Missed from Java”, Univ. of VA, Dept. of Computer Science, In Proceedings of the ACSAC pp. 1-10, Dec. 2004. Kildall “A Unified Approach to Global Program Optimization” Proceedings of 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 194-206, MA, USA 1973.
Centonze Paolina
Pistoia Marco
Cantor & Colburn LLP
International Business Machines - Corporation
Kendall Chuck O
Young Preston
LandOfFree
System and method for the automatic verification of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for the automatic verification of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for the automatic verification of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2765709