Invention Grant
US08572747B2 Policy-driven detection and verification of methods such as sanitizers and validators
失效
政策驱动的检测和验证方法,如消毒剂和验证器
- Patent Title: Policy-driven detection and verification of methods such as sanitizers and validators
- Patent Title (中): 政策驱动的检测和验证方法,如消毒剂和验证器
-
Application No.: US12950049Application Date: 2010-11-19
-
Publication No.: US08572747B2Publication Date: 2013-10-29
- Inventor: Ryan Berg , Marco Pistoia , Takaaki Tateishi , Omer Tripp
- Applicant: Ryan Berg , Marco Pistoia , Takaaki Tateishi , Omer Tripp
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Harrington & Smith
- Main IPC: G06F9/455
- IPC: G06F9/455
Abstract:
A method includes performing a static analysis on a program having sources and sinks to track string flow from the sources to the sinks. The static analysis includes, for string variables in the program that begin at sources, computing grammar of all possible string values for each of the string variables and, for methods in the program operating on any of the string variables, computing grammar of string variables returned by the methods. The static analysis also includes, in response to one of the string variables reaching a sink that performs a security-sensitive operation, comparing current grammar of the one string variable with a policy corresponding to the security-sensitive operation, and performing a reporting operation based on the comparing. Apparatus and computer program products are also disclosed.
Public/Granted literature
- US20120131668A1 Policy-Driven Detection And Verification Of Methods Such As Sanitizers And Validators Public/Granted day:2012-05-24
Information query
