Patent application number | Description | Published |
20120096440 | Modular and/or demand-driven string analysis of a computer program - Modular and/or demand-driven string analysis of a computer program is performed. Each method of the program is encoded into monadic second-order logic (M2L) to yield a set of predicate declarations and a set of constraints. The two sets for each method are composed to yield a union set of predicate declarations and a union set of constraints for the program. The union set of constraints includes a particular set of constraints corresponding to call relationships among the methods. An M2L formula including a free variable corresponding to a program variable is added to the union set of constraints. The two union sets are processed to verify a satisfiability of the constraints in relation to an illegal pattern. Where the constraints are satisfiable, the program can generate a string containing the illegal pattern. Where the constraints are not satisfiable, the program never generates a string containing the illegal pattern. | 04-19-2012 |
20120131669 | Determining whether method of computer program is a validator - An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator. | 05-24-2012 |
20130007529 | STATIC ANALYSIS BASED ON OBSERVED STRING VALUES DURING EXECUTION OF A COMPUTER-BASED SOFTWARE APPLICATION - Improving static analysis precision by recording a value pointed to by a string variable within the computer-based software application during the execution of a computer-based software application, modeling an invariant based on the recorded value, where the invariant represents at least one possible value pointed to by the string variable, performing a first static analysis of the computer-based software application to determine whether the invariant is valid with respect to the computer-based software application, and seeding a second static analysis of the computer-based software application with the invariant if the invariant is valid with respect to the computer-based software application. | 01-03-2013 |
20130086561 | STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS - Static analysis of a computer software application can be performed by applying a first level of abstraction to model a plurality of run-time objects, thereby producing a set of object abstractions. Static data-flow analysis of the computer software application can be performed using the set of object abstractions, thereby producing a first data-flow propagation graph. A data-flow bottleneck can be identified within the data-flow propagation graph. A second level of abstraction can be applied to model any of the run-time objects having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck. The applying the second level of abstraction can decompose the corresponding object abstraction into a set of object abstractions, thereby modifying the set of object abstractions. Static data-flow analysis of the computer software application can be performed using the modified set of object abstractions. | 04-04-2013 |
20130086562 | STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS - Static analysis of a computer software application can be performed by applying a first level of abstraction to model a plurality of run-time objects, thereby producing a set of object abstractions. Static data-flow analysis of the computer software application can be performed using the set of object abstractions, thereby producing a first data-flow propagation graph. A data-flow bottleneck can be identified within the data-flow propagation graph. A second level of abstraction can be applied to model any of the run-time objects having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck. The applying the second level of abstraction can decompose the corresponding object abstraction into a set of object abstractions, thereby modifying the set of object abstractions. Static data-flow analysis of the computer software application can be performed using the modified set of object abstractions. | 04-04-2013 |
20130091079 | USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES - A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined. | 04-11-2013 |
20130091082 | USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES - A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined. | 04-11-2013 |
20130091535 | EFFECTIVE TESTING OF AUTHORIZATION LOGIC OF WEB COMPONENTS WHICH UTILIZE CLAIMS-BASED AUTHORIZATION - An authorization algorithm of a software component can be selected. A static code analysis can be performed to determine a conditional statement within an algorithm of the software component. The outcome of the conditional statement can be established based on an input and a criteria using dynamic code analysis. The input can be a value associated with a claim set of a claims-based authentication policy. The criteria can be an authentication criteria specified within the algorithm. Responsive to the outcome, an execution path associated with the outcome can be determined and a code coverage criterion can be met for the conditional statement. | 04-11-2013 |
20130091541 | EFFECTIVE TESTING OF AUTHORIZATION LOGIC OF WEB COMPONENTS WHICH UTILIZE CLAIMS-BASED AUTHORIZATION - An authorization algorithm of a software component can be selected. A static code analysis can be performed to determine a conditional statement within an algorithm of the software component. The outcome of the conditional statement can be established based on an input and a criteria using dynamic code analysis. The input can be a value associated with a claim set of a claims-based authentication policy. The criteria can be an authentication criteria specified within the algorithm. Responsive to the outcome, an execution path associated with the outcome can be determined and a code coverage criterion can be met for the conditional statement. | 04-11-2013 |
20130173579 | SCENARIO-BASED CRAWLING - An interactive session can be established between a crawling bot and a Web site. The crawling bot can defines a session state representing a user state for interacting with one or more Web sites, a set of conditions, and a set of scenarios to be selectively activated based on whether the set of conditions are satisfied. The crawling bot can receive content from the Web site during the interactive session. The crawling bot can parse the content from the Web site and can matching the parsed content against a previously defined set of items to determine whether the content matching condition is satisfied. If the content matching condition is satisfied and if the state condition is satisfied, the crawling bot, activating of the scenarios defined by the crawling bot can be active, which is not activated if the content matching condition and the state condition are not satisfied. | 07-04-2013 |
20130173580 | SCENARIO-BASED CRAWLING - An interactive session can be established between a crawling bot and a Web site. The crawling bot can defines a session state representing a user state for interacting with one or more Web sites, a set of conditions, and a set of scenarios to be selectively activated based on whether the set of conditions are satisfied. The crawling bot can receive content from the Web site during the interactive session. The crawling bot can parse the content from the Web site and can matching the parsed content against a previously defined set of items to determine whether the content matching condition is satisfied. If the content matching condition is satisfied and if the state condition is satisfied, the crawling bot, activating of the scenarios defined by the crawling bot can be active, which is not activated if the content matching condition and the state condition are not satisfied. | 07-04-2013 |
20130173581 | SCENARIO-BASED CRAWLING - An interactive session can be established between a crawling bot and a Web site. The crawling bot can defines a session state representing a user state for interacting with one or more Web sites, a set of conditions, and a set of scenarios to be selectively activated based on whether the set of conditions are satisfied. The crawling bot can receive content from the Web site during the interactive session. The crawling bot can parse the content from the Web site and can matching the parsed content against a previously defined set of items to determine whether the content matching condition is satisfied. If the content matching condition is satisfied and if the state condition is satisfied, the crawling bot, activating of the scenarios defined by the crawling bot can be active, which is not activated if the content matching condition and the state condition are not satisfied. | 07-04-2013 |
20140090065 | Method and Apparatus for Paralleling and Distributing Static Source Code Security Analysis Using Loose Synchronization - A method of static source code analysis is provided. A forward search of source code is performed from each of a plurality of source nodes. A backward search of source code is performed from each of a plurality of sink nodes, wherein the forward search and the backward search are performed in parallel simultaneously. The progress of the forward search and the backward search are monitored to determine if the searches intersect at a common node. A vulnerability alert is generated when the monitoring determines that a forward search and a backward search reach a common node. | 03-27-2014 |
20140090068 | METHOD AND APPARATUS FOR PARALLELING AND DISTRIBUTING STATIC SOURCE CODE SECURITY ANALYSIS USING LOOSE SYNCHRONIZATION - A method of static source code analysis is provided. A forward search of source code is performed from each of a plurality of source nodes. A backward search of source code is performed from each of a plurality of sink nodes, wherein the forward search and the backward search are performed in parallel simultaneously. The progress of the forward search and the backward search are monitored to determine if the searches intersect at a common node. A vulnerability alert is generated when the monitoring determines that a forward search and a backward search reach a common node. | 03-27-2014 |
20140130154 | SOUND AND EFFECTIVE DATA-FLOW ANALYSIS IN THE PRESENCE OF ALIASING - An apparatus is disclosed including one or more memories including computer-readable program code and one or more processors. The one or more processors, in response to execution of the computer-readable program code, cause the apparatus to track, using a data flow model of a program suitable for taint analysis of the program, information from sources of taint to entities in a heap using a model of the heap based on the program. The tracking is performed so that the information is relevant for taint propagation and is performed in a manner that is field-sensitive for the entities in the heap. The one or more processors in response to execution of the computer-readable program code cause the apparatus to perform, based on output of the tracking, the operation of performing data-flow analysis to determine taint flow from the sources of the taint through data flow paths to sinks using the taint. | 05-08-2014 |
20140237603 | RULE MATCHING IN THE PRESENCE OF LANGUAGES WITH NO TYPES OR AS AN ADJUNCT TO CURRENT ANALYSES FOR SECURITY VULNERABILITY ANALYSIS - A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed. | 08-21-2014 |