Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis
US9384354B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 20, 2013 |
| Grant date | Jul 5, 2016 |
| Priority date | — |
| Expiry date | Mar 28, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method includes a computing system reading a rule file that includes one or more rules having specified paths to methods, such that each method corresponds to one of a sink, source, or sanitizer. The method includes the computing system matching the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes the computing system, using the sinks, sources, and sanitizers found by the matching, performing a taint analysis to determine at least tainted flows from sources to sinks, the tainted flows being flows that pass information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also shown.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.