专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

71. 发明授权

US09747187B2 Simulating black box test results using information from white box testing 有权
公开(公告)号：US09747187B2
公开(公告)日：2017-08-29
申请号：US12913314
申请日：2010-10-27
申请人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号： G06F11/36 , G06F9/445 , G06F9/455 , G06F21/57
CPC分类号： G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

72. 发明授权

US09424423B2 Static security analysis using a hybrid representation of string values 有权
标题翻译：使用字符串值的混合表示形式的静态安全性分析
公开(公告)号：US09424423B2
公开(公告)日：2016-08-23
申请号：US13611201
申请日：2012-09-12
申请人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
发明人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
IPC分类号： G06F17/27 , G06F21/55 , H04L29/06
CPC分类号： G06F21/577 , G06F17/211 , G06F17/2211 , G06F17/27 , G06F17/272 , G06F17/2765 , G06F21/552 , G06F21/554 , G06F21/563 , H04L63/1408 , H04L63/1433 , H04L63/168
摘要： Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.
摘要翻译：用于创建混合字符串表示的方法包括接收字符串信息作为输入; 解析字符串信息以产生一个或多个字符串组件; 确定可以通过将一个或多个组件与一组已知具体化进行比较来具体表示的字符串组件; 抽象出不能具体表现的所有字符串组件; 以及创建包括至少一个具体字符串组件和至少一个抽象字符串组件的混合字符串表示。

73. 发明授权

US09135147B2 Automated testing of applications with scripting code 有权
标题翻译：使用脚本代码自动测试应用程序
公开(公告)号：US09135147B2
公开(公告)日：2015-09-15
申请号：US13457083
申请日：2012-04-26
申请人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
发明人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
IPC分类号： G06F9/44 , G06F11/36 , G06F11/34
CPC分类号： G06F11/3676 , G06F11/3466 , G06F11/3684 , G06F11/3688
摘要： A novel system, computer program product, and method are disclosed for feedback-directed automated test generation for programs, such as JavaScript, in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. Several instantiations of the framework are implemented, corresponding to variations on feedback-directed random testing, in a tool called Artemis.
摘要翻译：公开了一种新颖的系统，计算机程序产品和方法用于诸如JavaScript的程序的反馈定向的自动测试生成，其中执行被监视以收集将测试发生器引导到产生增加的覆盖的输入的信息。在一个名为Artemis的工具中，实现了框架的几个实例，对应于反馈导向随机测试的变化。

74. 发明授权

US09009535B2 Anomaly detection at the level of run time data structures 有权
标题翻译：运行时数据结构水平的异常检测
公开(公告)号：US09009535B2
公开(公告)日：2015-04-14
申请号：US13587335
申请日：2012-08-16
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F11/00 , G06F11/07
CPC分类号： G06F11/0751
摘要： A useful embodiment of the invention is directed to a method associated with a computer program comprising one or more basic blocks, wherein the program defines and uses multiple data structures, such as the list of all customers of a bank along with their account information. The method includes identifying one or more invariants, wherein each invariant is associated with one of the data structures. The method further includes determining at specified times whether an invariant has been violated. Responsive to detecting a violation of one of the invariants, the detected violation is flagged as an anomaly.
摘要翻译：本发明的有用实施例涉及与包括一个或多个基本块的计算机程序相关联的方法，其中该程序定义和使用多个数据结构，诸如银行的所有客户的列表及其帐户信息。该方法包括识别一个或多个不变量，其中每个不变量与数据结构之一相关联。该方法还包括在指定时间确定是否违反了不变量。响应于检测违反其中一个不变量，检测到的违规被标记为异常。

75. 发明授权

US08856764B2 Distributed static analysis of computer software applications 有权
标题翻译：计算机软件应用程序的分布式静态分析
公开(公告)号：US08856764B2
公开(公告)日：2014-10-07
申请号：US13012804
申请日：2011-01-25
申请人： Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/45 , G06F9/44 , G06F11/36
CPC分类号： G06F8/75 , G06F11/3604
摘要： A method for distributed static analysis of computer software applications, includes: statically analyzing instructions of a computer software application; identifying at least one entry point in the computer software application; assigning a primary agent to statically analyze the computer software application from the entry point; assigning a secondary agent to statically analyze a call site encountered by the primary agent and produce a static analysis summary of the call site; and presenting results of any of the static analyses via a computer-controlled output device.
摘要翻译：一种计算机软件应用分布式静态分析方法，包括：静态分析计算机软件应用指令; 识别计算机软件应用程序中的至少一个入口点; 分配主代理从入口点静态分析计算机软件应用程序; 分配二级代理以静态分析主代理遇到的呼叫站点并产生呼叫站点的静态分析摘要; 并通过计算机控制的输出设备呈现任何静态分析的结果。

76. 发明授权

US08850405B2 Generating sound and minimal security reports based on static analysis of a program 有权
标题翻译：基于程序的静态分析生成声音和最小的安全性报告
公开(公告)号：US08850405B2
公开(公告)日：2014-09-30
申请号：US13033024
申请日：2011-02-23
申请人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F8/75 , G06F8/77
摘要： A method is disclosed that includes, using a static analysis, analyzing a software program to determine a number of paths from sources accepting information to sinks using that information or a modified version of that information and to determine multiple paths from the number of paths. The determined multiple paths have a same transition from an application portion of the software program to a library portion of the software program and require a same downgrading action to address a vulnerability associated with source-sink pairs in the multiple paths. The analyzing includes determining the multiple paths using a path-sensitive analysis. The method includes, for the determined multiple paths, grouping the determined multiple paths into a single representative indication of the determined multiple paths. The method includes outputting the single representative indication. Computer program products and apparatus are also disclosed.
摘要翻译：公开了一种方法，其包括使用静态分析来分析软件程序以使用该信息或该信息的修改版本从接收信息的信源到汇点确定多个路径，并且从路径数确定多条路径。所确定的多个路径具有从软件程序的应用部分到软件程序的库部分的相同转换，并且需要相同的降级动作来解决与多个路径中的源 - 汇对相关联的漏洞。分析包括使用路径敏感分析来确定多个路径。该方法包括对于所确定的多个路径，将所确定的多个路径分组成所确定的多个路径的单个代表性指示。该方法包括输出单个代表性指示。还公开了计算机程序产品和装置。

77. 发明授权

US08745578B2 Eliminating false-positive reports resulting from static analysis of computer software 有权
标题翻译：消除计算机软件的静态分析产生的假阳性报告
公开(公告)号：US08745578B2
公开(公告)日：2014-06-03
申请号：US13252229
申请日：2011-12-04
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/43 , G06F11/3604
摘要： A system for eliminating false-positive reports resulting from static analysis of computer software is provided herein. The system includes the following components executed by a processor: a modeler configured to model a computer code into a model that defines sources, sinks, and flows; a static analyzer configured to apply static analysis to the code or the model, to yield reports indicative of at least one issue relating to one or more of the flows; a preconditions generator configured to generate preconditions for eliminating false-positive issues in the reports, based on the model and user-provided input; and a preconditions checker configured to apply the generated preconditions to the reports for eliminating false-positive issues in the reports.
摘要翻译：本文提供了一种消除计算机软件静态分析产生的假阳性报告的系统。该系统包括由处理器执行的以下组件：被配置为将计算机代码建模成定义源，汇和流的模型的建模器; 静态分析器被配置为对代码或模型应用静态分析，以产生指示与一个或多个流相关的至少一个问题的报告; 配置为基于模型和用户提供的输入产生消除报告中的假阳性问题的先决条件的前提条件生成器; 以及一个前提条件检查器，用于将生成的前提条件应用到报告中，以消除报告中的假阳性问题。

78. 发明申请

US20140053028A1 ANOMALY DETECTION AT THE LEVEL OF RUN TIME DATA STRUCTURES 有权
标题翻译：在运行时间数据结构的异常检测
公开(公告)号：US20140053028A1
公开(公告)日：2014-02-20
申请号：US13587335
申请日：2012-08-16
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F11/07
CPC分类号： G06F11/0751
摘要： A useful embodiment of the invention is directed to a method associated with a computer program comprising one or more basic blocks, wherein the program defines and uses multiple data structures, such as the list of all customers of a bank along with their account information. The method includes identifying one or more invariants, wherein each invariant is associated with one of the data structures. The method further includes determining at specified times whether an invariant has been violated. Responsive to detecting a violation of one of the invariants, the detected violation is flagged as an anomaly.
摘要翻译：本发明的有用实施例涉及与包括一个或多个基本块的计算机程序相关联的方法，其中该程序定义和使用多个数据结构，诸如银行的所有客户的列表及其帐户信息。该方法包括识别一个或多个不变量，其中每个不变量与数据结构之一相关联。该方法还包括在指定时间确定是否违反了不变量。响应于检测违反其中一个不变量，检测到的违规被标记为异常。

79. 发明授权

US08375371B2 Importance-based call graph construction 失效
标题翻译：基于重要性的调用图构造
公开(公告)号：US08375371B2
公开(公告)日：2013-02-12
申请号：US12437894
申请日：2009-05-08
申请人： Stephen Fink , Yinnon Avraham Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon Avraham Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F11/3604 , G06T11/206 , H04M15/00 , H04M15/58 , H04M15/83 , H04M15/85 , H04M15/851 , H04M2215/0188 , H04M2215/815 , H04M2215/82
摘要： A system and method for importance-based call graph construction, including a) analyzing a computer software application to identify a plurality of calls within the computer software application, b) assigning an importance value to any of the calls in accordance with a predefined importance rule, c) selecting any of the calls for inclusion in a call graph in accordance with a predefined inclusion rule, d) representing the call in the call graph, e) adjusting the importance value of any call represented in the call graph in accordance with a predefined importance adjustment rule, and f) iteratively performing any of steps a)-e) until a predefined termination condition is met.
摘要翻译：一种用于基于重要性的呼叫图构造的系统和方法，包括：a）分析计算机软件应用程序以识别所述计算机软件应用程序内的多个呼叫，b）根据预定义的重要性规则向任何呼叫分配重要性值 c）根据预定义的包含规则选择任何呼叫包括在呼叫图中，d）表示呼叫图中的呼叫，e）根据呼叫图表调用在呼叫图表中表示的任何呼叫的重要性值，预定义的重要性调整规则，以及f）迭代地执行步骤a）-e）中的任何一个，直到满足预定的终止条件。

80. 发明申请

US20120174229A1 Runtime Enforcement Of Security Checks 失效
标题翻译：运行时执行安全检查
公开(公告)号：US20120174229A1
公开(公告)日：2012-07-05
申请号：US12983407
申请日：2011-01-03
申请人： Marco Pistoia , Omer Tripp , Martin Vechev
发明人： Marco Pistoia , Omer Tripp , Martin Vechev
IPC分类号： G06F11/00
CPC分类号： H04L63/1441 , G06F21/554
摘要： A method is disclosed that includes tracking untrusted inputs through an executing program into a sink, the tracking including maintaining context of the sink as strings based on the untrusted inputs flow into the sink. The method also includes, while tracking, in response to a string based on an untrusted input being about to flow into the sink and a determination the string could lead to an attack if the string flows into a current context of the sink, endorsing the string using an endorser selected based at least on the current context of the sink, and providing the endorsed string to the sink. Computer program products and apparatus are also disclosed.
摘要翻译：公开了一种方法，其包括通过执行程序将不可信任的输入跟踪到宿中，所述跟踪包括基于所述不可信任的输入流入宿来维持宿的上下文作为字符串。该方法还包括响应于基于不可信输入的字符串的跟踪而被跟踪，并且如果字符串流入接收器的当前上下文，则确定该字符串可能导致攻击，认证字符串使用至少基于汇的当前上下文选择的支持者，并将批准的字符串提供给汇点。还公开了计算机程序产品和装置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式