会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Determining whether method of computer program is a validator
    • 确定计算机程序的方法是否为验证程序
    • US08365281B2
    • 2013-01-29
    • US12950432
    • 2010-11-19
    • Takaaki TateishiMarco PistoiaOmer TrippRyan BergRobert Wiener
    • Takaaki TateishiMarco PistoiaOmer TrippRyan BergRobert Wiener
    • G06F11/00G06F11/30H04L29/06H04L9/32
    • G06F21/50G06F21/563
    • An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator.
    • 接收到具有方法的非法模式和计算机程序。 该方法具有一个或多个返回语句和一些基本块。 该方法被归一化,使得与非法模式相关的目标方法的每个返回语句返回一个常量布尔值。 确定用于一个或多个对应路径的第一路径条件和第二路径条件,使得一个或多个对应的基本块返回针对第一路径条件的常数布尔值为true,对于第二路径条件返回常量布尔值为假。 使用一元二阶逻辑(M2L)技术确定每个路径条件的不满足性。 如果任一路径条件的不满足性为假,则将该方法报告为不是验证器。 如果任一路径条件的不满足性为真,则将该方法报告为验证器。
    • 2. 发明申请
    • Static Analysis Of Validator Routines
    • 验证程序的静态分析
    • US20120297372A1
    • 2012-11-22
    • US13109170
    • 2011-05-17
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • G06F9/44
    • G06F11/3612G06F8/436G06F11/3604
    • A method includes accessing a validator routine having an input string and one or more return points, each return point returning a return value having two possible values; finding the return points in the validator routine; for each of the return points, performing a backwards traversal from a return point through a code section and determining constraints on the input string based at least on one or both of the two possible return values for the return point; using the determined constraints for the input string, determining whether all of the return values returned from the one or more return points meet validation constraints; and outputting one or more indications of whether all of the returned values returned from the return points meet the validation constraints for the one or both of the two possible return values. Apparatus and computer program products are also disclosed.
    • 一种方法包括访问具有输入字符串和一个或多个返回点的验证器程序,每个返回点返回具有两个可能值的返回值; 找到验证程序的返回点; 对于每个返回点,通过代码部分从返回点执行向后遍历,并且基于返回点的两个可能返回值中的至少一个或两个来确定对输入字符串的约束; 使用确定的输入字符串的约束,确定从一个或多个返回点返回的所有返回值是否满足验证约束; 并且输出一个或多个指示是否从返回点返回的所有返回值是否满足两个可能返回值中的一个或两个的验证约束。 还公开了装置和计算机程序产品。
    • 3. 发明申请
    • Determining whether method of computer program is a validator
    • 确定计算机程序的方法是否为验证程序
    • US20120131669A1
    • 2012-05-24
    • US12950432
    • 2010-11-19
    • Takaaki TateishiMarco PistoiaOmer TrippRyan BergRobert Wiener
    • Takaaki TateishiMarco PistoiaOmer TrippRyan BergRobert Wiener
    • G06F21/00
    • G06F21/50G06F21/563
    • An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator.
    • 接收到具有方法的非法模式和计算机程序。 该方法具有一个或多个返回语句和一些基本块。 该方法被归一化,使得与非法模式相关的目标方法的每个返回语句返回一个常量布尔值。 确定用于一个或多个对应路径的第一路径条件和第二路径条件,使得一个或多个对应的基本块返回针对第一路径条件的常数布尔值为true,对于第二路径条件返回常量布尔值为假。 使用一元二阶逻辑(M2L)技术确定每个路径条件的不满足性。 如果任一路径条件的不满足性为假,则将该方法报告为不是验证器。 如果任一路径条件的不满足性为真,则将该方法报告为验证器。
    • 5. 发明授权
    • Policy-driven detection and verification of methods such as sanitizers and validators
    • 政策驱动的检测和验证方法,如消毒剂和验证器
    • US08572747B2
    • 2013-10-29
    • US12950049
    • 2010-11-19
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • G06F9/455
    • G06F8/75G06F21/577
    • A method includes performing a static analysis on a program having sources and sinks to track string flow from the sources to the sinks. The static analysis includes, for string variables in the program that begin at sources, computing grammar of all possible string values for each of the string variables and, for methods in the program operating on any of the string variables, computing grammar of string variables returned by the methods. The static analysis also includes, in response to one of the string variables reaching a sink that performs a security-sensitive operation, comparing current grammar of the one string variable with a policy corresponding to the security-sensitive operation, and performing a reporting operation based on the comparing. Apparatus and computer program products are also disclosed.
    • 一种方法包括对具有源和汇的程序执行静态分析以跟踪从源到汇的字符串流。 静态分析包括对于从源头开始的程序中的字符串变量,计算每个字符串变量的所有可能的字符串值的语法,对于在任何字符串变量上运行的程序中的方法,返回的字符串变量的计算语法 通过方法。 静态分析还响应于到达执行安全敏感操作的汇点之一的字符串变量之一,将一个字符串变量的当前语法与对应于安全敏感操作的策略进行比较,并且基于 在比较上。 还公开了装置和计算机程序产品。
    • 6. 发明申请
    • Policy-Driven Detection And Verification Of Methods Such As Sanitizers And Validators
    • 政策驱动的检测和验证方法如消毒剂和验证器
    • US20120131668A1
    • 2012-05-24
    • US12950049
    • 2010-11-19
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • G06F21/00G06F9/44
    • G06F8/75G06F21/577
    • A method includes performing a static analysis on a program having sources and sinks to track string flow from the sources to the sinks. The static analysis includes, for string variables in the program that begin at sources, computing grammar of all possible string values for each of the string variables and, for methods in the program operating on any of the string variables, computing grammar of string variables returned by the methods. The static analysis also includes, in response to one of the string variables reaching a sink that performs a security-sensitive operation, comparing current grammar of the one string variable with a policy corresponding to the security-sensitive operation, and performing a reporting operation based on the comparing. Apparatus and computer program products are also disclosed.
    • 一种方法包括对具有源和汇的程序执行静态分析以跟踪从源到汇的字符串流。 静态分析包括对于从源头开始的程序中的字符串变量,计算每个字符串变量的所有可能的字符串值的语法,对于在任何字符串变量上运行的程序中的方法,返回的字符串变量的计算语法 通过方法。 静态分析还响应于到达执行安全敏感操作的汇点之一的字符串变量之一,将一个字符串变量的当前语法与对应于安全敏感操作的策略进行比较,并且基于 在比较上。 还公开了装置和计算机程序产品。
    • 7. 发明授权
    • Static analysis of validator routines
    • 验证程序的静态分析
    • US08726246B2
    • 2014-05-13
    • US13109170
    • 2011-05-17
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • Ryan BergMarco PistoiaTakaaki TateishiOmer Tripp
    • G06F9/44
    • G06F11/3612G06F8/436G06F11/3604
    • A method includes accessing a validator routine having an input string and one or more return points, each return point returning a return value having two possible values; finding the return points in the validator routine; for each of the return points, performing a backwards traversal from a return point through a code section and determining constraints on the input string based at least on one or both of the two possible return values for the return point; using the determined constraints for the input string, determining whether all of the return values returned from the one or more return points meet validation constraints; and outputting one or more indications of whether all of the returned values returned from the return points meet the validation constraints for the one or both of the two possible return values. Apparatus and computer program products are also disclosed.
    • 一种方法包括访问具有输入字符串和一个或多个返回点的验证器程序,每个返回点返回具有两个可能值的返回值; 找到验证程序的返回点; 对于每个返回点,通过代码部分从返回点执行向后遍历,并且基于返回点的两个可能返回值中的至少一个或两个来确定对输入字符串的约束; 使用确定的输入字符串的约束,确定从一个或多个返回点返回的所有返回值是否满足验证约束; 并且输出一个或多个指示是否从返回点返回的所有返回值是否满足两个可能返回值中的一个或两个的验证约束。 还公开了装置和计算机程序产品。
    • 9. 发明申请
    • Static Analysis For Verification Of Software Program Access To Secure Resources For Computer Systems
    • 静态分析用于验证软件程序访问以确保计算机系统的资源
    • US20120331547A1
    • 2012-12-27
    • US13602549
    • 2012-09-04
    • Ryan BergPaolina CentonzeMarco PistoiaOmer Tripp
    • Ryan BergPaolina CentonzeMarco PistoiaOmer Tripp
    • G06F21/00
    • G06F21/577
    • Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.
    • 公开了计算机程序产品和设备。 使用静态分析,分析软件程序以确定软件程序是否访问计算机系统的安全资源,而不验证软件程序可以访问安全资源。 响应于软件程序对安全资源的访问,而不验证安全资源可以被软件程序访问,则输出指示分析的结果。 公开了一种装置,其包括向用户提供安全报告的用户界面,该安全报告指示软件程序是否访问用于计算机系统的安全资源的分析结果,而无需验证该安全资源可被访问 由软件程序。
    • 10. 发明授权
    • Static analysis for verification of software program access to secure resources for computer systems
    • 用于验证软件程序访问计算机系统安全资源的静态分析
    • US08683599B2
    • 2014-03-25
    • US13602549
    • 2012-09-04
    • Ryan BergPaolina CentonzeMarco PistoiaOmer Tripp
    • Ryan BergPaolina CentonzeMarco PistoiaOmer Tripp
    • G06F21/00
    • G06F21/577
    • Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.
    • 公开了计算机程序产品和设备。 使用静态分析,分析软件程序以确定软件程序是否访问计算机系统的安全资源,而不验证软件程序可以访问安全资源。 响应于软件程序对安全资源的访问,而不验证安全资源可以被软件程序访问,则输出指示分析的结果。 公开了一种装置,其包括向用户提供安全报告的用户界面,该安全报告指示软件程序是否访问用于计算机系统的安全资源的分析结果,而无需验证该安全资源可被访问 由软件程序。