The patent's assignee is
News editors obtained the following quote from the background information supplied by the inventors: "Security analysis is a topic of great importance for application program development. In many cases, security analysis for an application program is reduced to a data-flow problem. The application program that is undergoing security testing is represented as a data-flow graph. Representing the application program as a series of data-flows allows one to observe the flow of data into and out from various areas of the application program (or computing environment) to better identify security vulnerabilities.
"Examples of security vulnerabilities include those relating to system integrity and data confidentiality. An integrity-related vulnerability involves the flow of data from an untrusted source to a security-sensitive area of the application program. A confidentiality-related vulnerability relates to the flow of trusted data into a public or unprotected area of the application program which may allow untrusted third parties to access the data.
"A number of factors impede security analysis. One factor is the large scale of modern application programs such as Web-based applications, network-based applications, and the like. Tracking data-flows through such large systems is difficult. Another factor is the use of data structures, referred to as 'containers,' which tend to obfuscate the flow of data within the application program under test. In many cases, it is not feasible to accurately tracking a data-flow through a container due to significant complexity of the container. These impediments to security analysis often result in the test system generating one or more false positives for security vulnerabilities when testing program code."
As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventor's summary information for this patent application: "A method of analyzing program code includes detecting an instance of a container within the program code using a processor, selecting a model container correlated with the container using the processor, creating an instance of the model container within memory using the processor, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.
"A system for analyzing program code includes a processor programmed to initiate executable operations. The executable operations include detecting an instance of a container within the program code, selecting a model container correlated with the container, creating an instance of the model container within memory, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.
"A computer program product for analyzing program code includes a computer readable storage medium having program code embodied therewith. The program code is executable by a processor to perform a method. The method includes detecting an instance of a container within program code using a processor, selecting a model container correlated with the container using the processor, creating an instance of the model container within memory using the processor, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
"FIG. 1 is a block diagram illustrating an exemplary data processing system.
"FIG. 2 is a block diagram illustrating an exemplary mapping 200 of containers to model containers.
"FIG. 3 is an example of program code under test.
"FIG. 4 illustrates an example of an incorrect data-flow interpretation by a conventional test system.
"FIG. 5 illustrates an exemplary instance of a model container.
"FIG. 6 is a flow chart illustrating an exemplary method of analyzing program code."
For additional information on this patent application, see: Tripp, Omer. Security Analysis Using Relational Abstraction of Data Structures. Filed
Keywords for this news article include: Information Technology, Information and Data Architecture,
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Florida Warns Beach-goers About Flesh-eating Bacteria
- Sutherland Responds to 'Unprofessional' Jibe
- Islamic State Fights for Control of Syrian Oil Wealth
- LivePro Is a Mobile Hot Spot, Projector in One
- How to Fit Green Energy Into Your Portfolio
- Adrienne Bailon Disses Ex-Lover Rob Kardashian
- Sanctions Will Hit Russia Hard if Not Lifted Quickly
- U.S. Economy Grows at Fastest Pace in 10 Years
- Jerry Brown Favors More Shelters for Immigrant Kids
- Business Leaders Set for CHCC Convention