News Column

Researchers Submit Patent Application, "Security Analysis Using Relational Abstraction of Data Structures", for Approval

June 3, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventor Tripp, Omer (Har-Adar, IL), filed on September 13, 2013, was made available online on May 22, 2014.

The patent's assignee is International Business Machines Corporation.

News editors obtained the following quote from the background information supplied by the inventors: "Security analysis is a topic of great importance for application program development. In many cases, security analysis for an application program is reduced to a data-flow problem. The application program that is undergoing security testing is represented as a data-flow graph. Representing the application program as a series of data-flows allows one to observe the flow of data into and out from various areas of the application program (or computing environment) to better identify security vulnerabilities.

"Examples of security vulnerabilities include those relating to system integrity and data confidentiality. An integrity-related vulnerability involves the flow of data from an untrusted source to a security-sensitive area of the application program. A confidentiality-related vulnerability relates to the flow of trusted data into a public or unprotected area of the application program which may allow untrusted third parties to access the data.

"A number of factors impede security analysis. One factor is the large scale of modern application programs such as Web-based applications, network-based applications, and the like. Tracking data-flows through such large systems is difficult. Another factor is the use of data structures, referred to as 'containers,' which tend to obfuscate the flow of data within the application program under test. In many cases, it is not feasible to accurately tracking a data-flow through a container due to significant complexity of the container. These impediments to security analysis often result in the test system generating one or more false positives for security vulnerabilities when testing program code."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventor's summary information for this patent application: "A method of analyzing program code includes detecting an instance of a container within the program code using a processor, selecting a model container correlated with the container using the processor, creating an instance of the model container within memory using the processor, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.

"A system for analyzing program code includes a processor programmed to initiate executable operations. The executable operations include detecting an instance of a container within the program code, selecting a model container correlated with the container, creating an instance of the model container within memory, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.

"A computer program product for analyzing program code includes a computer readable storage medium having program code embodied therewith. The program code is executable by a processor to perform a method. The method includes detecting an instance of a container within program code using a processor, selecting a model container correlated with the container using the processor, creating an instance of the model container within memory using the processor, and tracking a data-flow of the program code through the instance of the model container instead of the instance of the container.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

"FIG. 1 is a block diagram illustrating an exemplary data processing system.

"FIG. 2 is a block diagram illustrating an exemplary mapping 200 of containers to model containers.

"FIG. 3 is an example of program code under test.

"FIG. 4 illustrates an example of an incorrect data-flow interpretation by a conventional test system.

"FIG. 5 illustrates an exemplary instance of a model container.

"FIG. 6 is a flow chart illustrating an exemplary method of analyzing program code."

For additional information on this patent application, see: Tripp, Omer. Security Analysis Using Relational Abstraction of Data Structures. Filed September 13, 2013 and posted May 22, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=48&p=1&f=G&l=50&d=PG01&S1=20140515.PD.&OS=PD/20140515&RS=PD/20140515

Keywords for this news article include: Information Technology, Information and Data Architecture, International Business Machines Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters