专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

61. 发明申请

US20130086562A1 STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS 有权
标题翻译：计算机软件应用的静态分析
公开(公告)号：US20130086562A1
公开(公告)日：2013-04-04
申请号：US13411779
申请日：2012-03-05
申请人： MARCO PISTOIA , Omer Tripp
发明人： MARCO PISTOIA , Omer Tripp
IPC分类号： G06F9/44
CPC分类号： G06F8/43
摘要： Static analysis of a computer software application can be performed by applying a first level of abstraction to model a plurality of run-time objects, thereby producing a set of object abstractions. Static data-flow analysis of the computer software application can be performed using the set of object abstractions, thereby producing a first data-flow propagation graph. A data-flow bottleneck can be identified within the data-flow propagation graph. A second level of abstraction can be applied to model any of the run-time objects having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck. The applying the second level of abstraction can decompose the corresponding object abstraction into a set of object abstractions, thereby modifying the set of object abstractions. Static data-flow analysis of the computer software application can be performed using the modified set of object abstractions.
摘要翻译：可以通过应用第一级抽象来对多个运行时对象建模来执行计算机软件应用的静态分析，从而产生一组对象抽象。可以使用一组对象抽象来执行计算机软件应用的静态数据流分析，从而产生第一数据流传播图。数据流传输图可以识别数据流瓶颈。可以应用第二级抽象来建模具有对象抽象集合的任何运行时对象，该对象抽象可追溯到数据流瓶颈。应用第二级抽象可以将相应的对象抽象分解成一组对象抽象，从而修改对象抽象集合。计算机软件应用程序的静态数据流分析可以使用修改后的对象抽象集执行。

62. 发明授权

US08381199B2 Modular and/or demand-driven string analysis of a computer program 失效
标题翻译：计算机程序的模块化和/或需求驱动的字符串分析
公开(公告)号：US08381199B2
公开(公告)日：2013-02-19
申请号：US12907974
申请日：2010-10-19
申请人： Takaaki Tateishi , Omer Tripp , Marco Pistoia
发明人： Takaaki Tateishi , Omer Tripp , Marco Pistoia
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F9/4482
摘要： Modular and/or demand-driven string analysis of a computer program is performed. Each method of the program is encoded into monadic second-order logic (M2L) to yield a set of predicate declarations and a set of constraints. The two sets for each method are composed to yield a union set of predicate declarations and a union set of constraints for the program. The union set of constraints includes a particular set of constraints corresponding to call relationships among the methods. An M2L formula including a free variable corresponding to a program variable is added to the union set of constraints. The two union sets are processed to verify a satisfiability of the constraints in relation to an illegal pattern. Where the constraints are satisfiable, the program can generate a string containing the illegal pattern. Where the constraints are not satisfiable, the program never generates a string containing the illegal pattern.
摘要翻译：执行计算机程序的模块化和/或需求驱动的字符串分析。程序的每个方法被编码成一元二阶逻辑（M2L），以产生一组谓词声明和一组约束。每个方法的两个集合被组合以产生一个联合集的谓词声明和该程序的约束集合。联合约束集包括与方法之间的调用关系相对应的特定一组约束。包含与程序变量相对应的自由变量的M2L公式被添加到约束集合中。处理两个联合集以验证与非法模式相关的约束的可满足性。在约束满足的情况下，程序可以生成包含非法模式的字符串。在约束不可满足的情况下，程序不会生成包含非法模式的字符串。

63. 发明申请

US20120254839A1 SIMULATING BLACK BOX TEST RESULTS USING INFORMATION FROM WHITE BOX TESTING 有权
标题翻译：使用白盒测试中的信息模拟黑盒测试结果
公开(公告)号：US20120254839A1
公开(公告)日：2012-10-04
申请号：US13493067
申请日：2012-06-11
申请人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号： G06F9/44
CPC分类号： G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.
摘要翻译：系统，方法是使用从白盒测试获得的信息来模拟黑盒测试结果的程序产品，包括分析计算机软件（例如应用程序）以识别计算机软件应用程序中的潜在漏洞以及与潜在漏洞相关联的多个里程碑，其中每个里程碑指示计算机软件应用程序内的位置，跟踪从第一个里程碑到入口点的路径到计算机软件应用程序中，识别入口点的输入将导致控制流从描述在描述入口点和输入的描述中的潜在漏洞，以及经由计算机控制的输出介质呈现描述的入口点和通过每个里程碑。

64. 发明申请

US20120096440A1 Modular and/or demand-driven string analysis of a computer program 失效
标题翻译：计算机程序的模块化和/或需求驱动的字符串分析
公开(公告)号：US20120096440A1
公开(公告)日：2012-04-19
申请号：US12907974
申请日：2010-10-19
申请人： Takaaki Tateishi , Omer Tripp , Marco Pistoia
发明人： Takaaki Tateishi , Omer Tripp , Marco Pistoia
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F9/4482
摘要： Modular and/or demand-driven string analysis of a computer program is performed. Each method of the program is encoded into monadic second-order logic (M2L) to yield a set of predicate declarations and a set of constraints. The two sets for each method are composed to yield a union set of predicate declarations and a union set of constraints for the program. The union set of constraints includes a particular set of constraints corresponding to call relationships among the methods. An M2L formula including a free variable corresponding to a program variable is added to the union set of constraints. The two union sets are processed to verify a satisfiability of the constraints in relation to an illegal pattern. Where the constraints are satisfiable, the program can generate a string containing the illegal pattern. Where the constraints are not satisfiable, the program never generates a string containing the illegal pattern.
摘要翻译：执行计算机程序的模块化和/或需求驱动的字符串分析。程序的每个方法被编码成一元二阶逻辑（M2L），以产生一组谓词声明和一组约束。每个方法的两个集合被组合以产生一个联合集的谓词声明和该程序的约束集合。联合约束集包括与方法之间的呼叫关系相对应的特定一组约束。包含与程序变量相对应的自由变量的M2L公式被添加到约束集合中。处理两个联合集以验证与非法模式相关的约束的可满足性。在约束满足的情况下，程序可以生成包含非法模式的字符串。在约束不可满足的情况下，程序不会生成包含非法模式的字符串。

65. 发明申请

US20120084755A1 CONFIDENCE-BASED STATIC ANALYSIS 失效
标题翻译：基于信心的静态分析
公开(公告)号：US20120084755A1
公开(公告)日：2012-04-05
申请号：US12895470
申请日：2010-09-30
申请人： Marco Pistoia , Omer Tripp
发明人： Marco Pistoia , Omer Tripp
IPC分类号： G06F9/44
CPC分类号： G06F11/3604
摘要： Systems, methods and program products are provided for confidence-based static analysis, including initiating a static analysis of computer software, associating a confidence value with a first element of the static analysis, determining a current state of the static analysis, calculating an adjusted confidence value in accordance with a confidence adjustment function as applied to the current state and the confidence value associated with the first element, associating the adjusted confidence value with a second element of the static analysis resulting from a transition from the first element, and eliminating the second element from the static analysis if the adjusted confidence value meets elimination criteria.
摘要翻译：提供系统，方法和程序产品用于基于置信度的静态分析，包括启动计算机软件的静态分析，将置信度值与静态分析的第一要素相关联，确定静态分析的当前状态，计算调整后的置信度根据应用于当前状态的置信度调整函数和与第一元素相关联的置信度值，将调整后的置信度值与由第一元素的转变产生的静态分析的第二元素相关联，并且消除第二元素如果调整的置信度值符合消除标准，则来自静态分析的元素。

66. 发明申请

US20110277037A1 Enforcement Of Data Privacy To Maintain Obfuscation Of Certain Data 有权
标题翻译：执行数据隐私来维护某些数据的混淆
公开(公告)号：US20110277037A1
公开(公告)日：2011-11-10
申请号：US12776465
申请日：2010-05-10
申请人： Michael G. Burke , Igor Peshansky , Marco Pistoia , Omer Tripp
发明人： Michael G. Burke , Igor Peshansky , Marco Pistoia , Omer Tripp
IPC分类号： G06F21/24
CPC分类号： G06F21/60 , G06F19/00 , G06F21/6245 , G16H10/60
摘要： A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed.
摘要翻译：公开了一种计算机可读介质，其有形地体现了可由数字处理装置执行的机器可读指令的程序，以执行操作，以执行包括确定要从数据库释放的数据是否与所述数据集中的数据集之间的一个或多个机密映射相关联数据库。操作还包括响应于与一个或多个机密映射相关联的数据，确定数据的释放是否符合匿名策略的一个或多个预定匿名要求。还公开了方法和装置。

67. 发明申请

US20090300266A1 IDENTIFICATION OF READ/WRITE CHAINS DURING STATIC ANALYSIS OF COMPUTER SOFTWARE 有权
标题翻译：计算机软件静态分析期间读/写链的识别
公开(公告)号：US20090300266A1
公开(公告)日：2009-12-03
申请号：US12129894
申请日：2008-05-30
申请人： Marco Pistoia , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Marco Pistoia , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F12/00
CPC分类号： G06F8/433
摘要： A system for identifying read/write chains in computer software, including a static analysis engine identifying within computer software logical container accesses, a string analyzer configured to at least partly resolve any variables identifying the logical container in any of the accesses by determining a set of potential values of any of the variables, and a Logical Container Access Virtualization component (LCAV) configured to identify the type and scope of any permutations of the accesses, where each of the permutations is defined by substituting any of the potential values for any of the access variables, and identify any read/write chains within the computer software by matching any of the access permutations that read from the logical container with any of the access permutations that write to the logical container if there is an intersection between the scopes of the read and write access permutations.
摘要翻译：一种用于识别计算机软件中的读/写链的系统，包括在计算机软件逻辑容器访问内识别的静态分析引擎，串行分析器，其被配置为至少部分地解析任何访问中识别逻辑容器的任何变量，任何变量的潜在值和逻辑容器访问虚拟化组件（LCAV），其被配置为识别访问的任何排列的类型和范围，其中每个排列通过将任何潜在值替换为任何访问变量，并通过将从逻辑容器读取的任何访问排列与写入逻辑容器的任何访问排列进行匹配，以识别计算机软件中的任何读/写链，如果读取范围之间存在交集并写入访问排列。

68. 发明授权

US09747187B2 Simulating black box test results using information from white box testing 有权
公开(公告)号：US09747187B2
公开(公告)日：2017-08-29
申请号：US12913314
申请日：2010-10-27
申请人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
发明人： Stephen Fink , Yinnon A. Haviv , Roee Hay , Marco Pistoia , Ory Segal , Adi Sharabani , Manu Sridharan , Frank Tip , Omer Tripp , Omri Weisman
IPC分类号： G06F11/36 , G06F9/445 , G06F9/455 , G06F21/57
CPC分类号： G06F11/3604 , G06F9/44589 , G06F9/455 , G06F11/36 , G06F11/362 , G06F21/577 , G06F2221/033
摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

69. 发明授权

US09424423B2 Static security analysis using a hybrid representation of string values 有权
标题翻译：使用字符串值的混合表示形式的静态安全性分析
公开(公告)号：US09424423B2
公开(公告)日：2016-08-23
申请号：US13611201
申请日：2012-09-12
申请人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
发明人： Salvatore A. Guarnieri , Marco Pistoia , Omer Tripp
IPC分类号： G06F17/27 , G06F21/55 , H04L29/06
CPC分类号： G06F21/577 , G06F17/211 , G06F17/2211 , G06F17/27 , G06F17/272 , G06F17/2765 , G06F21/552 , G06F21/554 , G06F21/563 , H04L63/1408 , H04L63/1433 , H04L63/168
摘要： Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.
摘要翻译：用于创建混合字符串表示的方法包括接收字符串信息作为输入; 解析字符串信息以产生一个或多个字符串组件; 确定可以通过将一个或多个组件与一组已知具体化进行比较来具体表示的字符串组件; 抽象出不能具体表现的所有字符串组件; 以及创建包括至少一个具体字符串组件和至少一个抽象字符串组件的混合字符串表示。

70. 发明授权

US09275246B2 System and method for static detection and categorization of information-flow downgraders 有权
标题翻译：信息流降级的静态检测和分类的系统和方法
公开(公告)号：US09275246B2
公开(公告)日：2016-03-01
申请号：US12575647
申请日：2009-10-08
申请人： Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
发明人： Yinnon Haviv , Roee Hay , Marco Pistoia , Guy Podjarny , Adi Sharabani , Takaaki Tateishi , Omer Tripp , Omri Weisman
IPC分类号： G06F17/30 , G06F7/00 , G06F21/62 , G06F9/45 , G06F11/36
CPC分类号： H04L63/1416 , G06F8/49 , G06F11/3608 , G06F21/6218
摘要： A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.
摘要翻译：用于信息流降级器的静态检测和分类的系统和方法包括通过静态分析程序变量来变换存储在存储器件中的程序，以产生对指令集中的每个变量的单个赋值。指令集被转换为具有字符串操作的生产规则。从生产规则生成上下文无关的语法，以识别有限的字符串集。通过根据一个或多个功能规范检查有限的字符串来识别信息流降级功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式