Patent · US Active

Automatic discovery of system integrity exposures in system code

US8918885B2 · kind B2 · utility

13Cited by

41References

21Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

James G. MCCLURE, JR. · Milton, US
Karl D. Schmitz · Poughkeepsie, US
Peter G. Spera · Pleasant Valley, US

Key dates

Filing date	Feb 9, 2012
Grant date	Dec 23, 2014
Priority date	—
Expiry date	Mar 11, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/577
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A technique is provided for detecting vulnerabilities in system code on a computer. Supervisor call routines and program call routines of the system code are analyzed to determine which are available to a caller program that is an unauthorized program and has a PSW key 8-15. Predefined input parameters are provided to test cases for use by the supervisor call routines and the program call routines in order to generate an output for analysis. The output is analyzed to determine when supervisor call routines and/or program call routines performed a potential vulnerability action. The potential vulnerability action include reading from fetch protected storage, writing to system key (key 0-7) storage, and attempting to access unallocated storage while running with a PSW key 0-7.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.