Method and apparatus for static taint analysis of computer program code
US9015831B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 8, 2012 |
| Grant date | Apr 21, 2015 |
| Priority date | — |
| Expiry date | Feb 20, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method is provided to infer taintedness in code expressions encoded in a computer readable device comprising: configuring a computer system to, store a representation of a computer program that is to be evaluated in non-transitory storage media; identify within the representation a pointer cast operation; determine whether an identified cast operation involves a cast from a pointer to a raw memory data type to a pointer to a structured data type; determine whether a structured data type casted to is associated with indicia of externalness; designating data addressed by that pointer as tainted; and determine whether data designated as tainted is consumed by an operation in the computer program that acts as a taintedness sink.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.