Invention Grant
- Patent Title: Determining the vulnerability of computer software applications to privilege-escalation attacks
- Patent Title (中): 确定计算机软件应用程序对特权升级攻击的脆弱性
-
Application No.: US13542214Application Date: 2012-07-05
-
Publication No.: US08910293B2Publication Date: 2014-12-09
- Inventor: Marco Pistoia , Ori Segal , Omer Tripp
- Applicant: Marco Pistoia , Ori Segal , Omer Tripp
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: North Shore Patents, P.C.
- Agent Michele Liu Baillie
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F21/56 ; H04L29/06 ; G06F21/57
Abstract:
Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.
Public/Granted literature
- US20120272322A1 DETERMINING THE VULNERABILITY OF COMPUTER SOFTWARE APPLICATIONS TO PRIVILEGE-ESCALATION ATTACKS Public/Granted day:2012-10-25
Information query
