专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

111. 发明申请

US20090300266A1 IDENTIFICATION OF READ/WRITE CHAINS DURING STATIC ANALYSIS OF COMPUTER SOFTWARE 有权
标题翻译：计算机软件静态分析期间读/写链的识别
公开(公告)号：US20090300266A1
公开(公告)日：2009-12-03
申请号：US12129894
申请日：2008-05-30
申请人： Marco Pistoia , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Marco Pistoia , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F12/00
CPC分类号： G06F8/433
摘要： A system for identifying read/write chains in computer software, including a static analysis engine identifying within computer software logical container accesses, a string analyzer configured to at least partly resolve any variables identifying the logical container in any of the accesses by determining a set of potential values of any of the variables, and a Logical Container Access Virtualization component (LCAV) configured to identify the type and scope of any permutations of the accesses, where each of the permutations is defined by substituting any of the potential values for any of the access variables, and identify any read/write chains within the computer software by matching any of the access permutations that read from the logical container with any of the access permutations that write to the logical container if there is an intersection between the scopes of the read and write access permutations.
摘要翻译：一种用于识别计算机软件中的读/写链的系统，包括在计算机软件逻辑容器访问内识别的静态分析引擎，串行分析器，其被配置为至少部分地解析任何访问中识别逻辑容器的任何变量，任何变量的潜在值和逻辑容器访问虚拟化组件（LCAV），其被配置为识别访问的任何排列的类型和范围，其中每个排列通过将任何潜在值替换为任何访问变量，并通过将从逻辑容器读取的任何访问排列与写入逻辑容器的任何访问排列进行匹配，以识别计算机软件中的任何读/写链，如果读取范围之间存在交集并写入访问排列。

112. 发明授权

US09747187B2 Simulating black box test results using information from white box testing 有权
公开(公告)号：US09747187B2
公开(公告)日：2017-08-29
申请号：US12913314
申请日：2010-10-27
申请人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号： G06F11/36 , G06F9/445 , G06F9/455 , G06F21/57
CPC分类号： G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

113. 发明授权

US09424423B2 Static security analysis using a hybrid representation of string values 有权
标题翻译：使用字符串值的混合表示形式的静态安全性分析
公开(公告)号：US09424423B2
公开(公告)日：2016-08-23
申请号：US13611201
申请日：2012-09-12
申请人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
发明人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
IPC分类号： G06F17/27 , G06F21/55 , H04L29/06
CPC分类号： G06F21/577 , G06F17/211 , G06F17/2211 , G06F17/27 , G06F17/272 , G06F17/2765 , G06F21/552 , G06F21/554 , G06F21/563 , H04L63/1408 , H04L63/1433 , H04L63/168
摘要： Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.
摘要翻译：用于创建混合字符串表示的方法包括接收字符串信息作为输入; 解析字符串信息以产生一个或多个字符串组件; 确定可以通过将一个或多个组件与一组已知具体化进行比较来具体表示的字符串组件; 抽象出不能具体表现的所有字符串组件; 以及创建包括至少一个具体字符串组件和至少一个抽象字符串组件的混合字符串表示。

114. 发明授权

US09275246B2 System and method for static detection and categorization of information-flow downgraders 有权
标题翻译：信息流降级的静态检测和分类的系统和方法
公开(公告)号：US09275246B2
公开(公告)日：2016-03-01
申请号：US12575647
申请日：2009-10-08
申请人： Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F17/30 , G06F7/00 , G06F21/62 , G06F9/45 , G06F11/36
CPC分类号： H04L63/1416 , G06F8/49 , G06F11/3608 , G06F21/6218
摘要： A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.
摘要翻译：用于信息流降级器的静态检测和分类的系统和方法包括通过静态分析程序变量来变换存储在存储器件中的程序，以产生对指令集中的每个变量的单个赋值。指令集被转换为具有字符串操作的生产规则。从生产规则生成上下文无关的语法，以识别有限的字符串集。通过根据一个或多个功能规范检查有限的字符串来识别信息流降级功能。

115. 发明授权

US09135147B2 Automated testing of applications with scripting code 有权
标题翻译：使用脚本代码自动测试应用程序
公开(公告)号：US09135147B2
公开(公告)日：2015-09-15
申请号：US13457083
申请日：2012-04-26
申请人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
发明人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
IPC分类号： G06F9/44 , G06F11/36 , G06F11/34
CPC分类号： G06F11/3676 , G06F11/3466 , G06F11/3684 , G06F11/3688
摘要： A novel system, computer program product, and method are disclosed for feedback-directed automated test generation for programs, such as JavaScript, in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. Several instantiations of the framework are implemented, corresponding to variations on feedback-directed random testing, in a tool called Artemis.
摘要翻译：公开了一种新颖的系统，计算机程序产品和方法用于诸如JavaScript的程序的反馈定向的自动测试生成，其中执行被监视以收集将测试发生器引导到产生增加的覆盖的输入的信息。在一个名为Artemis的工具中，实现了框架的几个实例，对应于反馈导向随机测试的变化。

116. 发明授权

US09009535B2 Anomaly detection at the level of run time data structures 有权
标题翻译：运行时数据结构水平的异常检测
公开(公告)号：US09009535B2
公开(公告)日：2015-04-14
申请号：US13587335
申请日：2012-08-16
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F11/00 , G06F11/07
CPC分类号： G06F11/0751
摘要： A useful embodiment of the invention is directed to a method associated with a computer program comprising one or more basic blocks, wherein the program defines and uses multiple data structures, such as the list of all customers of a bank along with their account information. The method includes identifying one or more invariants, wherein each invariant is associated with one of the data structures. The method further includes determining at specified times whether an invariant has been violated. Responsive to detecting a violation of one of the invariants, the detected violation is flagged as an anomaly.
摘要翻译：本发明的有用实施例涉及与包括一个或多个基本块的计算机程序相关联的方法，其中该程序定义和使用多个数据结构，诸如银行的所有客户的列表及其帐户信息。该方法包括识别一个或多个不变量，其中每个不变量与数据结构之一相关联。该方法还包括在指定时间确定是否违反了不变量。响应于检测违反其中一个不变量，检测到的违规被标记为异常。

117. 发明授权

US08898188B2 String analysis based on three-valued logic 有权
标题翻译：基于三值逻辑的字符串分析
公开(公告)号：US08898188B2
公开(公告)日：2014-11-25
申请号：US13154986
申请日：2011-06-07
申请人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
发明人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
IPC分类号： G06F17/30 , G06F11/36
CPC分类号： G06F11/3608 , G06F2201/81
摘要： Performing string analysis based on three-valued logic by including expressing a property of a string in a computer software application as a three-valued logic shape predicate, performing a three-valued logic shape analysis using the shape predicate to reach a fixpoint solution, and evaluating the fixpoint solution to determine a three-valued logic value of the property.
摘要翻译：通过将计算机软件应用程序中的字符串的属性表示为三值逻辑形状谓词来执行基于三值逻辑的字符串分析，使用形状谓词执行三值逻辑形状分析以达到固定点解决方案，以及评估fixpoint解决方案以确定属性的三值逻辑值。

118. 发明授权

US08856764B2 Distributed static analysis of computer software applications 有权
标题翻译：计算机软件应用程序的分布式静态分析
公开(公告)号：US08856764B2
公开(公告)日：2014-10-07
申请号：US13012804
申请日：2011-01-25
申请人： Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/45 , G06F9/44 , G06F11/36
CPC分类号： G06F8/75 , G06F11/3604
摘要： A method for distributed static analysis of computer software applications, includes: statically analyzing instructions of a computer software application; identifying at least one entry point in the computer software application; assigning a primary agent to statically analyze the computer software application from the entry point; assigning a secondary agent to statically analyze a call site encountered by the primary agent and produce a static analysis summary of the call site; and presenting results of any of the static analyses via a computer-controlled output device.
摘要翻译：一种计算机软件应用分布式静态分析方法，包括：静态分析计算机软件应用指令; 识别计算机软件应用程序中的至少一个入口点; 分配主代理从入口点静态分析计算机软件应用程序; 分配二级代理以静态分析主代理遇到的呼叫站点并产生呼叫站点的静态分析摘要; 并通过计算机控制的输出设备呈现任何静态分析的结果。

119. 发明授权

US08850405B2 Generating sound and minimal security reports based on static analysis of a program 有权
标题翻译：基于程序的静态分析生成声音和最小的安全性报告
公开(公告)号：US08850405B2
公开(公告)日：2014-09-30
申请号：US13033024
申请日：2011-02-23
申请人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F8/75 , G06F8/77
摘要： A method is disclosed that includes, using a static analysis, analyzing a software program to determine a number of paths from sources accepting information to sinks using that information or a modified version of that information and to determine multiple paths from the number of paths. The determined multiple paths have a same transition from an application portion of the software program to a library portion of the software program and require a same downgrading action to address a vulnerability associated with source-sink pairs in the multiple paths. The analyzing includes determining the multiple paths using a path-sensitive analysis. The method includes, for the determined multiple paths, grouping the determined multiple paths into a single representative indication of the determined multiple paths. The method includes outputting the single representative indication. Computer program products and apparatus are also disclosed.
摘要翻译：公开了一种方法，其包括使用静态分析来分析软件程序以使用该信息或该信息的修改版本从接收信息的信源到汇点确定多个路径，并且从路径数确定多条路径。所确定的多个路径具有从软件程序的应用部分到软件程序的库部分的相同转换，并且需要相同的降级动作来解决与多个路径中的源 - 汇对相关联的漏洞。分析包括使用路径敏感分析来确定多个路径。该方法包括对于所确定的多个路径，将所确定的多个路径分组成所确定的多个路径的单个代表性指示。该方法包括输出单个代表性指示。还公开了计算机程序产品和装置。

120. 发明授权

US08745578B2 Eliminating false-positive reports resulting from static analysis of computer software 有权
标题翻译：消除计算机软件的静态分析产生的假阳性报告
公开(公告)号：US08745578B2
公开(公告)日：2014-06-03
申请号：US13252229
申请日：2011-12-04
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/43 , G06F11/3604
摘要： A system for eliminating false-positive reports resulting from static analysis of computer software is provided herein. The system includes the following components executed by a processor: a modeler configured to model a computer code into a model that defines sources, sinks, and flows; a static analyzer configured to apply static analysis to the code or the model, to yield reports indicative of at least one issue relating to one or more of the flows; a preconditions generator configured to generate preconditions for eliminating false-positive issues in the reports, based on the model and user-provided input; and a preconditions checker configured to apply the generated preconditions to the reports for eliminating false-positive issues in the reports.
摘要翻译：本文提供了一种消除计算机软件静态分析产生的假阳性报告的系统。该系统包括由处理器执行的以下组件：被配置为将计算机代码建模成定义源，汇和流的模型的建模器; 静态分析器被配置为对代码或模型应用静态分析，以产生指示与一个或多个流相关的至少一个问题的报告; 配置为基于模型和用户提供的输入产生消除报告中的假阳性问题的先决条件的前提条件生成器; 以及一个前提条件检查器，用于将生成的前提条件应用到报告中，以消除报告中的假阳性问题。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式