Patent · US Active

Detecting second-order security vulnerabilities via modelling information flow through persistent storage

US11163888B2 · kind B2 · utility

0Cited by

0References

17Claims

0Family size

Assignee

Oracle International Corporation · US

Inventors

Raghavendra Kagalavadi Ramesh · Brisbane, AU
Padmanabhan Krishnan · Brisbane, AU
Yi Lu · Taoyuan, TW

Key dates

Filing date	Feb 15, 2019
Grant date	Nov 2, 2021
Priority date	—
Expiry date	Jan 24, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method may include determining that a source variable in code receives a source value from a source function specified by a target analysis, determining that a source statement in the code writes, using the source variable, the source value to a column in a table, obtaining, for a sink statement in the code, a set of influenced variables influenced by the source variable, determining that the sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the sink statement.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.