Invention Grant
- Patent Title: Runtime enforcement of security checks
- Patent Title (中): 运行时执行安全检查
-
Application No.: US12983407Application Date: 2011-01-03
-
Publication No.: US08646088B2Publication Date: 2014-02-04
- Inventor: Marco Pistoia , Omer Tripp , Martin Vechev , Eran Yahav
- Applicant: Marco Pistoia , Omer Tripp , Martin Vechev , Eran Yahav
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Harrington & Smith
- Agent Louis J. Percello
- Main IPC: G06F21/00
- IPC: G06F21/00
Abstract:
A method is disclosed that includes tracking untrusted inputs through an executing program into a sink, the tracking including maintaining context of the sink as strings based on the untrusted inputs flow into the sink. The method also includes, while tracking, in response to a string based on an untrusted input being about to flow into the sink and a determination the string could lead to an attack if the string flows into a current context of the sink, endorsing the string using an endorser selected based at least on the current context of the sink, and providing the endorsed string to the sink. Computer program products and apparatus are also disclosed.
Public/Granted literature
- US20120174229A1 Runtime Enforcement Of Security Checks Public/Granted day:2012-07-05
Information query
