Method and apparatus for automated vulnerability detection

Assignee

• THE JOHNS HOPKINS UNIVERSITY · US

Inventors

• Yanni Kouskoulas · Seattle, US
• Douglas Charles Schmidt · Holmdel, US
• C. Durward McDonell, III · Olney, US
• Laura J. Glendenning · Columbia, US
• Ryan W. Gardner · Columbia, US
• David J. Heine · Columbia, US
• Margaret F. Lospinuso · Chapel Hill, US
• Forest C. Deal, Jr. · Catonsville, US
• David R. Zaret · Columbia, US
• Vina H. Nguyen · Bethesda, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/577
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method executable via operation of configured processing circuitry to identify vulnerabilities in program code may include receiving a program and employing a disassembler to disassemble the program, generating a function call tree for the program based on disassembly of the program, receiving an indication of a post condition for which analysis of the program is desired, transforming program statements into logical equations, simplifying the logical equations, propagating post conditions backwards via Dijkstra's weakest precondition variant, analyzing aliases and processing loops to generate a precondition, and using an automated solver to determine whether the precondition is realizable and, if so, providing program inputs required to realize the precondition.