Static program analysis method for detecting security bugs in programs that rely on code access control
US10108802B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2015 |
| Grant date | Oct 23, 2018 |
| Priority date | — |
| Expiry date | Aug 9, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for using static program analysis for detecting security bugs in application source code including receiving and determining a plurality of variables based on the application source code. The method further includes determining a plurality of information flow relations comprising a source variable and a target variable, determining a confidentiality requirement and a capability for each of the source variables, and determining an integrity requirement and a capability for each of the target variables. The method further includes generating an error report log entry when the capability of the target variable is not greater than and not equal to the confidentiality requirement of the source variable or the capability of the source variable is not greater than and not equal to the integrity requirement of the target variable. The method further includes generating an error report log.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.