专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130111449A1 STATIC ANALYSIS WITH INPUT REDUCTION 审中-公开
标题翻译：具有输入减少的静态分析
公开(公告)号：US20130111449A1
公开(公告)日：2013-05-02
申请号：US13281653
申请日：2011-10-26
申请人： Yinnon A. HAVIV , Daniel KALMAN , Dmitri PIKUS , Omer TRIPP , Omri WEISMAN
发明人： Yinnon A. HAVIV , Daniel KALMAN , Dmitri PIKUS , Omer TRIPP , Omri WEISMAN
IPC分类号： G06F9/44
CPC分类号： G06F8/443 , G06F8/75 , G06F11/3604
摘要： Statically analyzing a computer software application can include identifying a plurality of objects within the instructions of a computer software application, where the objects in the plurality of objects are of the same object type, and preparing a modified version of the instructions in which any of the objects in the plurality of objects determined to be extraneous is omitted.
摘要翻译：静态分析计算机软件应用程序可以包括识别计算机软件应用程序的指令内的多个对象，其中多个对象中的对象具有相同的对象类型，并且准备指令的修改版本，其中，被确定为无关的多个对象中的对象被省略。

2. 发明申请

US20130007887A1 BLACK-BOX TESTING OF WEB APPLICATIONS WITH CLIENT-SIDE CODE EVALUATION 有权
公开(公告)号：US20130007887A1
公开(公告)日：2013-01-03
申请号：US13430013
申请日：2012-03-26
申请人： YINNON A. HAVIV , DANIEL KALMAN , DMITRI PIKUS , OMER TRIPP , OMRI WEISMAN
发明人： YINNON A. HAVIV , DANIEL KALMAN , DMITRI PIKUS , OMER TRIPP , OMRI WEISMAN
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： G06F21/577 , H04L63/1433 , H04L63/1441
摘要： Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.

3. 发明申请

US20120216177A1 Generating Sound and Minimal Security Reports Based on Static Analysis of a Program 有权
标题翻译：基于程序的静态分析生成声音和最小安全性报告
公开(公告)号：US20120216177A1
公开(公告)日：2012-08-23
申请号：US13033024
申请日：2011-02-23
申请人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Marco Pistoia , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F8/75 , G06F8/77
摘要： A method is disclosed that includes, using a static analysis, analyzing a software program to determine a number of paths from sources accepting information to sinks using that information or a modified version of that information and to determine multiple paths from the number of paths. The determined multiple paths have a same transition from an application portion of the software program to a library portion of the software program and require a same downgrading action to address a vulnerability associated with source-sink pairs in the multiple paths. The analyzing includes determining the multiple paths using a path-sensitive analysis. The method includes, for the determined multiple paths, grouping the determined multiple paths into a single representative indication of the determined multiple paths. The method includes outputting the single representative indication. Computer program products and apparatus are also disclosed.
摘要翻译：公开了一种方法，其包括使用静态分析来分析软件程序以使用该信息或该信息的修改版本从接收信息的信源到汇点确定多个路径，并且从路径数确定多条路径。所确定的多个路径具有从软件程序的应用部分到软件程序的库部分的相同转换，并且需要相同的降级动作来解决与多个路径中的源 - 汇对相关联的漏洞。分析包括使用路径敏感分析来确定多个路径。该方法包括对于所确定的多个路径，将所确定的多个路径分组成所确定的多个路径的单个代表性指示。该方法包括输出单个代表性指示。还公开了计算机程序产品和装置。

4. 发明申请

US20120198417A1 Static Analysis of Computer Software Applications Having A Model-View-Controller Architecture 失效
标题翻译：具有模型 - 视图 - 控制器架构的计算机软件应用程序的静态分析
公开(公告)号：US20120198417A1
公开(公告)日：2012-08-02
申请号：US13016364
申请日：2011-01-28
申请人： Yinnon A. HAVIV , Omer TRIPP , Omri WEISMAN
发明人： Yinnon A. HAVIV , Omer TRIPP , Omri WEISMAN
IPC分类号： G06F9/44
CPC分类号： G06F8/20 , G06F8/75
摘要： Preparing a computer software application for static analysis by identifying a control flow within a model portion of a computer software application having a model-view-controller architecture, where the control flow passes a value to a controller portion of the computer software application, analyzing a declarative specification of the controller portion of the computer software application to identify a view to which the controller portion passes control based on the value, and synthesizing a method within the computer software application, where the method calls the view.
摘要翻译：通过识别具有模型 - 视图 - 控制器架构的计算机软件应用的模型部分内的控制流来准备用于静态分析的计算机软件应用，其中控制流将值传递给计算机软件应用的控制器部分，分析计算机软件应用程序的控制器部分的声明性规范，以识别控制器部分基于该值传递控制的视图，以及在方法调用该视图的情况下合成计算机软件应用程序内的方法。

5. 发明申请

US20120023486A1 Verification of Information-Flow Downgraders 失效
标题翻译：信息流降级的验证
公开(公告)号：US20120023486A1
公开(公告)日：2012-01-26
申请号：US12843308
申请日：2010-07-26
申请人： Yinnon A. Haviv , Roee Hay , Marco Pistoia , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Yinnon A. Haviv , Roee Hay , Marco Pistoia , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F21/577 , H04L63/105
摘要： A method includes determining grammar for output of an information-flow downgrader in a software program. The software program directs the output of the information-flow downgrader to a sink. The method includes determining whether the grammar of the output conforms to one or more predetermined specifications of the sink. The method includes, in response to a determination the grammar of the output conforms to the one or more predetermined specifications of the sink, determining the information-flow downgrader is verified for the sink, wherein determining grammar, determining whether the grammar, and determining the information-flow downgrader are performed via static analysis of the software program. Apparatus and computer program products are also disclosed. An apparatus includes a user interface providing a result of whether or not output of an information-flow downgrader in the software program conforms to one or more predetermined specifications of a sink in the software program.
摘要翻译：一种方法包括在软件程序中确定信息流降级器的输出的语法。软件程序将信息流降级器的输出引导到宿。该方法包括确定输出的语法是否符合汇的一个或多个预定规范。该方法包括响应于确定，输出的语法符合信宿的一个或多个预定规范，确定信宿流降级器对于汇点进行验证，其中确定语法，确定语法，并确定信息流降级器通过软件程序的静态分析来执行。还公开了装置和计算机程序产品。一种装置，包括提供软件程序中的信息流下载器的输出是否符合软件程序中的接收器的一个或多个预定规格的结果的用户界面。

6. 发明授权

US08528095B2 Injection context based static analysis of computer software applications 有权
标题翻译：基于注入场景的静态分析计算机软件应用
公开(公告)号：US08528095B2
公开(公告)日：2013-09-03
申请号：US12825293
申请日：2010-06-28
申请人： Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F11/00 , H04L9/32 , G06F15/173 , G06F9/44
CPC分类号： G06F11/3604 , G06F8/75 , G06F21/577
摘要： Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions.
摘要翻译：本发明的实施例一般涉及计算机软件应用的基于注入上下文的静态分析。本发明的实施例可以包括选择计算机软件应用程序内的汇点，跟踪通向计算机软件应用程序内的汇点的字符输出流，确定汇点处的字符输出流的注入上下文，其中注入上下文在与汇点处的字符输出流的状态相关联，识别已经与所识别的注入上下文相关联地预定义的任何动作，以及提供动作的报告。

7. 发明申请

US20120102474A1 STATIC ANALYSIS OF CLIENT-SERVER APPLICATIONS USING FRAMEWORK INDEPENDENT SPECIFICATIONS 审中-公开
标题翻译：使用框架独立规范的客户端服务器应用的静态分析
公开(公告)号：US20120102474A1
公开(公告)日：2012-04-26
申请号：US12912382
申请日：2010-10-26
申请人： Shay Artzi , Ryan Berg , Yinnon A. Haviv , John T. Peyton, JR. , Marco Pistoia , Manu Sridharan , Babita Sharma , Omri Weisman , Robert Wiener
发明人： Shay Artzi , Ryan Berg , Yinnon A. Haviv , John T. Peyton, JR. , Marco Pistoia , Manu Sridharan , Babita Sharma , Omri Weisman , Robert Wiener
IPC分类号： G06F9/45
CPC分类号： G06F8/75
摘要： Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application. The software application is statically analyzed based on the call graphs and the intermediate representations so as to generate analysis results for the software application.
摘要翻译：提供了系统和方法，用于静态分析基于至少一个框架的软件应用程序。根据该方法，分析软件应用的源代码和与软件应用相关的规范。该规范包括对软件应用程序的框架相关行为进行建模的综合方法列表，以及指示框架可以调用的软件应用程序的合成方法和/或应用方法的入口点列表。基于源代码和规范，生成源代码和合成方法的中间表示。基于中间表示和规范，生成调用图来模拟软件应用程序的哪些应用程序调用软件应用程序的合成方法或其他应用程序。基于调用图和中间表示静态分析软件应用程序，以生成软件应用程序的分析结果。

8. 发明申请

US20110321016A1 INJECTION CONTEXT BASED STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS 有权
标题翻译：基于注入上下文的计算机软件应用的静态分析
公开(公告)号：US20110321016A1
公开(公告)日：2011-12-29
申请号：US12825293
申请日：2010-06-28
申请人： YINNON A. HAVIV , ROEE HAY , MARCO PISTOIA , ORY SEGAL , ADI SHARABANI , TAKAAKI TATEISHI , OMER TRIPP , OMRI WEISMAN
发明人： YINNON A. HAVIV , ROEE HAY , MARCO PISTOIA , ORY SEGAL , ADI SHARABANI , TAKAAKI TATEISHI , OMER TRIPP , OMRI WEISMAN
IPC分类号： G06F11/36 , G06F9/44
CPC分类号： G06F11/3604 , G06F8/75 , G06F21/577
摘要： Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions.
摘要翻译：本发明的实施例一般涉及计算机软件应用的基于注入上下文的静态分析。本发明的实施例可以包括选择计算机软件应用程序内的汇点，跟踪通向计算机软件应用程序内的汇点的字符输出流，确定汇点处的字符输出流的注入上下文，其中注入上下文在与汇点处的字符输出流的状态相关联，识别已经与所识别的注入上下文相关联地预定义的任何动作，以及提供动作的报告。

9. 发明授权

US10157049B2 Static analysis with input reduction 有权
公开(公告)号：US10157049B2
公开(公告)日：2018-12-18
申请号：US13281653
申请日：2011-10-26
申请人： Yinnon A. Haviv , Daniel Kalman , Dmitri Pikus , Omer Tripp , Omri Weisman
发明人： Yinnon A. Haviv , Daniel Kalman , Dmitri Pikus , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44 , G06F8/41 , G06F11/36 , G06F8/75
摘要： Statically analyzing a computer software application can include identifying a plurality of objects within the instructions of a computer software application, where the objects in the plurality of objects are of the same object type, and preparing a modified version of the instructions in which any of the objects in the plurality of objects determined to be extraneous is omitted.

10. 发明授权

US09720798B2 Simulating black box test results using information from white box testing 有权
公开(公告)号：US09720798B2
公开(公告)日：2017-08-01
申请号：US13493067
申请日：2012-06-11
申请人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44 , G06F9/45 , G06F11/36 , G06F9/445 , G06F9/455 , G06F21/57
CPC分类号： G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式