Patent · US Active

Knowledge-based taint policy inference

US12299134B1 · kind B1 · utility

0Cited by

4References

20Claims

0Family size

Assignee

AMAZON TECHNOLOGIES, INC. · US

Inventors

Peixuan Li · State College, US
Yingjun Lyu · Los Angeles, US
Qiang Zhou · Beijing, CN
Lee Pike · Portland, US
Michael McDougall · Milton, US
Thodoris Sotiropoulos · Seattle, US

Key dates

Filing date	Sep 30, 2022
Grant date	May 13, 2025
Priority date	—
Expiry date	Jul 11, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Security vulnerability analysis may be performed using policy inference. Application code may have operations that are labeled according to the respective functions that they perform. Some operations may be labeled according to a knowledge database of known operations while others may be inferred through similarity to known operations. The knowledge database may be associated with libraries of programmatic interfaces. Once components of the application code are labeled, a vulnerability database may be that identifies potential vulnerabilities based on data sources, data sinks and threat mitigation operations. Using the labeled operations, one or more potential vulnerabilities may be identified based on labeled data sources and data sinks. The application may then be evaluated for potential security threats based on the identified potential vulnerabilities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.