Patent application number | Description | Published |
20100088668 | Crawling of object model using transformation graph - A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph. | 04-08-2010 |
20110029946 | EFFICIENT EXTRACTION OF SOFTWARE DEPENDENCIES FROM PROGRAM CODE - Calls to stop functions are identified in a computer program file. The stop functions are functions that interact with external resources. Parameters of the calls to the stop functions that are references to the external resources are identified. An analysis is performed over the computer program file to find out possible values of the parameters of the calls. | 02-03-2011 |
20110055806 | METHOD AND SYSTEM TO DISCOVER POSSIBLE PROGRAM VARIABLE VALUES BY CONNECTING PROGRAM VALUE EXTRACTION WITH EXTERNAL DATA SOURCES - A system and method of discovering one or more program variable values may extract an abstract interpretation of a program variable used in a computer program, locate installation-specific repositories associated with the computer program, parse the located installation-specific repositories and extract one or more configuration parameters, and substitute the one or more configuration parameters into the extracted abstract interpretation. | 03-03-2011 |
20110087892 | Eliminating False Reports of Security Vulnerabilities when Testing Computer Software - A system for eliminating false reports of security vulnerabilities when testing computer software, including a taint analysis engine configured to identify a tainted variable v in a computer application, a data mapping identification engine configured to identify a variable x within the application that holds data derived from v, where x is in a different format than v, an AddData identification engine configured to identify an AddData operation within the application that is performed on x, a signature identification engine configured to identify a Sign operation within the application that is performed on the results of the AddData operation on x, a signature comparison identification engine configured to identify an operation within the application that compares the results of the Sign operation with another value | 04-14-2011 |
20110131656 | IDENTIFYING SECURITY VULNERABILITY IN COMPUTER SOFTWARE - Identifying a security vulnerability in a computer software application by identifying at least one source in a computer software application, identifying at least one sink in the computer software application, identifying at least one input to any of the sinks, determining whether the input derives its value directly or indirectly from any of the sources, determining a set of possible values for the input, and identifying a security vulnerability where the set of possible values for the input does not match a predefined specification of legal values associated with the sink input. | 06-02-2011 |
20110145785 | Automatic Optimization of String Allocations in a Computer Program - Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location. | 06-16-2011 |
20110321016 | INJECTION CONTEXT BASED STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS - Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions. | 12-29-2011 |
20120023486 | Verification of Information-Flow Downgraders - A method includes determining grammar for output of an information-flow downgrader in a software program. The software program directs the output of the information-flow downgrader to a sink. The method includes determining whether the grammar of the output conforms to one or more predetermined specifications of the sink. The method includes, in response to a determination the grammar of the output conforms to the one or more predetermined specifications of the sink, determining the information-flow downgrader is verified for the sink, wherein determining grammar, determining whether the grammar, and determining the information-flow downgrader are performed via static analysis of the software program. Apparatus and computer program products are also disclosed. An apparatus includes a user interface providing a result of whether or not output of an information-flow downgrader in the software program conforms to one or more predetermined specifications of a sink in the software program. | 01-26-2012 |
20120096440 | Modular and/or demand-driven string analysis of a computer program - Modular and/or demand-driven string analysis of a computer program is performed. Each method of the program is encoded into monadic second-order logic (M2L) to yield a set of predicate declarations and a set of constraints. The two sets for each method are composed to yield a union set of predicate declarations and a union set of constraints for the program. The union set of constraints includes a particular set of constraints corresponding to call relationships among the methods. An M2L formula including a free variable corresponding to a program variable is added to the union set of constraints. The two union sets are processed to verify a satisfiability of the constraints in relation to an illegal pattern. Where the constraints are satisfiable, the program can generate a string containing the illegal pattern. Where the constraints are not satisfiable, the program never generates a string containing the illegal pattern. | 04-19-2012 |
20120131669 | Determining whether method of computer program is a validator - An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator. | 05-24-2012 |
20130086686 | Automated Detection of Flaws and Incompatibility Problems in Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated. | 04-04-2013 |
20130179978 | Automated Detection of Flaws and Incompatibility Problems in Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated. | 07-11-2013 |
20130290937 | EFFICIENT EXTRACTION OF SOFTWARE DEPENDENCIES FROM PROGRAM CODE - Calls to stop functions are identified in a computer program file. The stop functions are functions that interact with external resources. Parameters of the calls to the stop functions that are references to the external resources are identified. An analysis is performed over the computer program file to find out possible values of the parameters of the calls. | 10-31-2013 |
20130332731 | System for Determining Whether or Not Automaton Satisfies Context-free Grammar - A server that holds context-free grammar and is connectable to a client that holds an automaton. The server compares an edge pair with an encrypted string value such that the encrypted string value is hidden from the client. The edge pair represents a string for an encrypted value in which a nonfinal character is made to correspond to a state before and the state after held by the client and an encrypted string value represents a string for an encrypted value in which each of a plurality of nonfinal characters contained in a substituted symbol string for a production rule for the context-free grammar is given correspondence with an assigned state before and state after. The encrypted value in which in which the encrypted string value matches the edge pair has been encrypted is sent to the client along with the state before and state after that has been assigned. | 12-12-2013 |
20140189657 | Enhanced String Analysis That Improves Accuracy Of Static Analysis - A method includes determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The method further includes outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions. Apparatus, computer programs, and program products are also disclosed. | 07-03-2014 |
20140189658 | Enhanced String Analysis That Improves Accuracy Of Static Analysis - An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions. | 07-03-2014 |
20140289178 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - A method for acquiring an input value such that an output value differs before and after refactoring is not known and an information processing apparatus searching for such an input value that inequivalent output values can be brought about for the equivalent input values among multiple target programs. The apparatus including: an acquisition section acquiring, for each of the multiple target programs, an input/output constraint showing a condition to be satisfied by an input value and an output value; a constraint condition generating section generating a constraint condition which becomes true when the multiple input/output constraints for the multiple target programs are satisfied, input values for the multiple target programs are equivalent, and output values for the multiple target programs are not equivalent; and a constraint releasing section giving the constraint condition to a constraint solver to obtain an input value satisfying the constraint condition. | 09-25-2014 |
20140342701 | AUTHENTICATION METHOD, AUTHENTICATION SYSTEM AND AUTHENTICATION PROGRAM - A data server to authenticate a passenger anonymously and allow an outside service to provide a service on the basis of this authentication. A passenger in an automobile uses a portable terminal with an acceleration sensor to send the acceleration sensor log in the portable terminal to a data server. The data server calculates the degree of similarity between the acceleration sensor log and time-series data related to acceleration obtained from probe data acquired from the automobile, and verifies that the portable terminal is indeed inside the automobile by confirming that there is a sufficiently high correlation between the log and the time-series data. The data server provides an access permission code to the portable terminal in response to successful acceleration authentication. The portable terminal provides the access permission code to an outside service, and the outside service accesses probe data in the data server using the access permission code. | 11-20-2014 |
20150040108 | PARALLEL PROGRAM ANALYSIS AND BRANCH PREDICTION - Systems and methods for predicting execution paths of at least one target program of a plurality of programs that are run in parallel are described. In one method, execution flows of programs are generated by conducting a static analysis. In addition, the programs are executed to obtain debug logs from the programs. Further, communication messages transmitted between the execution flows are identified from the debug logs. A deduction that at least one conditional branch was taken in at least one given execution flow of the first execution flows by the target program is made based on the communication messages that are identified in the debug logs. Based on the deduction, at least one conditional branch that was not taken is removed from the given execution flow. In addition, modified execution flows that were modified in accordance with the removal are output to indicate predicted execution paths of the target program. | 02-05-2015 |
Patent application number | Description | Published |
20080270993 | Computer program testing after source code modification using execution conditions - Computer program testing after source code for the computer program has been modified is performed more quickly, by using execution conditions. First, second, and third execution conditions are determined. These execution conditions are used to perform testing of the program to determine whether the program is properly functioning. Particularly, test data on which basis testing of the computer program is performed can be classified as first test data, second test data, third test data, or fourth test data. The program prior to modification of the source code is tested by employing the first, second, and third test data. After the source code is modified, the program is retested by employing only the third and the fourth test data. The program is thus properly retested after source code modification by employing only the third and the fourth test data, without having to employ the first and the second test data. | 10-30-2008 |
20100333201 | SYSTEM, METHOD, AND PROGRAM FOR DETERMINING VALIDITY OF STRING - A computer-implemented method, program product, and system for determining the validity of a string generated by a computer programming language program. The method includes: abstracting a constraint between variables extracted from a source code for a programming language, describing the constraint in M2L, and storing the constraint; and evaluating the validity of the string on an M2L solver on the basis of the constraint and a M2L specification to determine whether the string is safe or unsafe. | 12-30-2010 |
20130091079 | USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES - A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined. | 04-11-2013 |
20130091082 | USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES - A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined. | 04-11-2013 |
Patent application number | Description | Published |
20090300266 | IDENTIFICATION OF READ/WRITE CHAINS DURING STATIC ANALYSIS OF COMPUTER SOFTWARE - A system for identifying read/write chains in computer software, including a static analysis engine identifying within computer software logical container accesses, a string analyzer configured to at least partly resolve any variables identifying the logical container in any of the accesses by determining a set of potential values of any of the variables, and a Logical Container Access Virtualization component (LCAV) configured to identify the type and scope of any permutations of the accesses, where each of the permutations is defined by substituting any of the potential values for any of the access variables, and identify any read/write chains within the computer software by matching any of the access permutations that read from the logical container with any of the access permutations that write to the logical container if there is an intersection between the scopes of the read and write access permutations. | 12-03-2009 |
20100043048 | System, Method, and Apparatus for Modular, String-Sensitive, Access Rights Analysis with Demand-Driven Precision - A static analysis for identification of permission-requirements on stack-inspection authorization systems is provided. The analysis employs functional modularity for improved scalability. To enhance precision, the analysis utilizes program slicing to detect the origin of each parameter passed to a security-sensitive function. Furthermore, since strings are essential when defining permissions, the analysis integrates a sophisticated string analysis that models string computations. | 02-18-2010 |
20120131668 | Policy-Driven Detection And Verification Of Methods Such As Sanitizers And Validators - A method includes performing a static analysis on a program having sources and sinks to track string flow from the sources to the sinks. The static analysis includes, for string variables in the program that begin at sources, computing grammar of all possible string values for each of the string variables and, for methods in the program operating on any of the string variables, computing grammar of string variables returned by the methods. The static analysis also includes, in response to one of the string variables reaching a sink that performs a security-sensitive operation, comparing current grammar of the one string variable with a policy corresponding to the security-sensitive operation, and performing a reporting operation based on the comparing. Apparatus and computer program products are also disclosed. | 05-24-2012 |
20120131670 | Global Variable Security Analysis - A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed. | 05-24-2012 |
20120159619 | Formal Analysis of the Quality and Conformance of Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration. | 06-21-2012 |
20120210432 | LABEL-BASED TAINT ANALYSIS - A computer-implemented method and apparatus, adapted to receive a computer program, and dynamically analyze the computer program to determine flow of untrusted data with respect to a computer resource associated with the computer program. Based on the flow of untrusted data, the method and apparatus determine an abstraction of the computerized resource, and performing static analysis of the computer program with respect to the abstraction, wherein the static analysis is for identifying whether the computer program is susceptible to one or more possible security vulnerabilities. | 08-16-2012 |
20120215757 | WEB CRAWLING USING STATIC ANALYSIS - A crawler including a document retriever configured to retrieve a first computer-based document, a link identifier configured to identify an actual string within the computer-based document as being a hyperlink-type string, and a static analyzer configured to perform static analysis of an operation on a variable within the first computer-based document to identify a possible string value of the variable as being a hyperlink-type string, where any of the strings indicate a location of at least a second computer-based document. | 08-23-2012 |
20120266247 | Automatic Inference Of Whitelist-Based Validation As Part Of Static Analysis For Security - A method includes performing taint analysis of a computer program and determining an original set of paths from sources to sinks. Each path corresponds to a vulnerability. The method includes determining for each variable whose type is a collection and is accessed in one of the paths in the original set of paths whether the variable points to a concrete value whose internal state is not tainted according to the taint analysis. The method further includes, for each of the variables whose type is a collection found not to be tainted according to the taint analysis, determining all points in the computer program where a membership check against the collection is performed. The method also includes, for each of the points, determining corresponding paths and removing those paths from the original set of paths to create a reduced set of paths. Apparatus and computer readable program products are also disclosed. | 10-18-2012 |
20120297372 | Static Analysis Of Validator Routines - A method includes accessing a validator routine having an input string and one or more return points, each return point returning a return value having two possible values; finding the return points in the validator routine; for each of the return points, performing a backwards traversal from a return point through a code section and determining constraints on the input string based at least on one or both of the two possible return values for the return point; using the determined constraints for the input string, determining whether all of the return values returned from the one or more return points meet validation constraints; and outputting one or more indications of whether all of the returned values returned from the return points meet the validation constraints for the one or both of the two possible return values. Apparatus and computer program products are also disclosed. | 11-22-2012 |
20120317143 | STRING ANALYSIS BASED ON THREE-VALUED LOGIC - Performing string analysis based on three-valued logic by including expressing a property of a string in a computer software application as a three-valued logic shape predicate, performing a three-valued logic shape analysis using the shape predicate to reach a fixpoint solution, and evaluating the fixpoint solution to determine a three-valued logic value of the property. | 12-13-2012 |
20130205391 | Formal Analysis of the Quality and Conformance of Information Flow Downgraders - Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration. | 08-08-2013 |
20140026185 | System, Method, and Apparatus for Modular, String-Sensitive, Access Rights Analysis with Demand-Driven Precision - A static analysis for identification of permission-requirements on stack-inspection authorization systems is provided. The analysis employs functional modularity for improved scalability. To enhance precision, the analysis utilizes program slicing to detect the origin of each parameter passed to a security-sensitive function. Furthermore, since strings are essential when defining permissions, the analysis integrates a sophisticated string analysis that models string computations. | 01-23-2014 |
20140053140 | STATIC ANALYSIS OF VALIDATOR ROUTINES - A method includes accessing a validator routine having an input string and one or more return points, each return point returning a return value having two possible values; finding the return points in the validator routine; for each of the return points, performing a backwards traversal from a return point through a code section and determining constraints on the input string based at least on one or both of the two possible return values for the return point; using the determined constraints for the input string, determining whether all of the return values returned from the one or more return points meet validation constraints; and outputting one or more indications of whether all of the returned values returned from the return points meet the validation constraints for the one or both of the two possible return values. Apparatus and computer program products are also disclosed. | 02-20-2014 |
20140143880 | Global Variable Security Analysis - A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed. | 05-22-2014 |
20150033018 | SYSTEM FOR DETERMINING WHETHER CHARACTER STRING HAS BEEN ACCEPTED BY AUTOMATON - Provided is a server connectable to a client for input of a string and that has an automaton defining a subsequent state for transition for each state and each character. This server has a key chain generating unit for generating a key chain for each combination of index, character and state expressing the position of each character in a string, the key chain having encrypted keys for the next index corresponding to the subsequent state of transition from the current state in accordance with the character on the basis of the key corresponding to the current state, and a providing unit for communicating with a client and providing to the client a key chain corresponding to each inputted key among a set of key chains for each index in a state concealing the inputted characters from the client. | 01-29-2015 |