公开(公告)号：US08914890B2

公开(公告)日：2014-12-16

申请号：US13018342

申请日：2011-01-31

申请人： Marco Pistoia ,  Ori Segal ,  Omer Tripp

发明人： Marco Pistoia ,  Ori Segal ,  Omer Tripp

IPC分类号： G06F11/00 ,  H04L29/06 ,  G06F21/57 ,  G06F21/56

CPC分类号： G06F21/563 ,  G06F21/577 ,  H04L63/1433

摘要： Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.

公开(公告)号：US20140075561A1

公开(公告)日：2014-03-13

申请号：US13611201

申请日：2012-09-12

申请人： Salvatore A. Guarnieri ,  Marco Pistoia ,  Omer Tripp

发明人： Salvatore A. Guarnieri ,  Marco Pistoia ,  Omer Tripp

IPC分类号： G06F21/00

CPC分类号： G06F21/577 ,  G06F17/211 ,  G06F17/2211 ,  G06F17/27 ,  G06F17/272 ,  G06F17/2765 ,  G06F21/552 ,  G06F21/554 ,  G06F21/563 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/168

摘要： Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

摘要翻译： 用于创建混合字符串表示的方法包括接收字符串信息作为输入; 解析字符串信息以产生一个或多个字符串组件; 确定可以通过将一个或多个组件与一组已知具体化进行比较来具体表示的字符串组件; 抽象出不能具体表现的所有字符串组件; 以及创建包括至少一个具体字符串组件和至少一个抽象字符串组件的混合字符串表示。

公开(公告)号：US08671284B1

公开(公告)日：2014-03-11

申请号：US13611064

申请日：2012-09-12

申请人： Bard Bloom ,  John H. Field ,  Salvatore Guarnieri ,  Marco Pistoia

发明人： Bard Bloom ,  John H. Field ,  Salvatore Guarnieri ,  Marco Pistoia

IPC分类号： G06F9/44

CPC分类号： G06F21/6218 ,  G06F8/20 ,  G06F21/554 ,  G06F21/566 ,  G06F21/6227 ,  G06F2221/2113 ,  H04L63/08 ,  H04L63/20

摘要： An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified.

摘要翻译： 应用程序包括：编程模型，包括服务提供者，第一组件，第二组件和通过消息进行通信的接收器。 每个第二个组件被分配一个独特的功能。 一个给定的第一个组件将消息从给定的第一个组件路由到第二个组件，然后到一个sink。 每个第二组件将消息发送到服务提供商。 服务提供商创建至少对应于接收到的消息和分配给相关联的第二组件的唯一能力的令牌，并将令牌发送到第二组件中的相关联的一个。 所选择的接收器接收消息和对应于每个第二组件的令牌，验证每个接收到的令牌，并且如果接收到的令牌中的每一个被验证，则接收该消息，或者如果接收到的令牌中的至少一个令牌 没有验证。

公开(公告)号：US20140053029A1

公开(公告)日：2014-02-20

申请号：US13614671

申请日：2012-09-13

申请人： Marco Pistoia ,  Omer Tripp

发明人： Marco Pistoia ,  Omer Tripp

IPC分类号： G06F11/07

CPC分类号： G06F11/0751

摘要： A useful embodiment of the invention is directed to a method associated with a computer program comprising one or more basic blocks, wherein the program defines and uses multiple data structures, such as the list of all customers of a bank along with their account information. The method includes identifying one or more invariants, wherein each invariant is associated with one of the data structures. The method further includes determining at specified times whether an invariant has been violated. Responsive to detecting a violation of one of the invariants, the detected violation is flagged as an anomaly.

公开(公告)号：US08544104B2

公开(公告)日：2013-09-24

申请号：US12776465

申请日：2010-05-10

申请人： Michael George Burke ,  Igor Peshansky ,  Marco Pistoia ,  Omer Tripp

发明人： Michael George Burke ,  Igor Peshansky ,  Marco Pistoia ,  Omer Tripp

IPC分类号： G06F21/00

CPC分类号： G06F21/60 ,  G06F19/00 ,  G06F21/6245 ,  G16H10/60

摘要： A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed.

公开(公告)号：US08533659B2

公开(公告)日：2013-09-10

申请号：US12511506

申请日：2009-07-29

申请人： Nikolai A. Joukov ,  Birgit M. Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

发明人： Nikolai A. Joukov ,  Birgit M. Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

IPC分类号： G06F9/44

CPC分类号： G06F11/3692 ,  G06F8/70

摘要： Calls to stop functions are identified in a computer program file. The stop functions are functions that interact with external resources. Parameters of the calls to the stop functions that are references to the external resources are identified. An analysis is performed over the computer program file to find out possible values of the parameters of the calls.

公开(公告)号：US08453125B2

公开(公告)日：2013-05-28

申请号：US12966556

申请日：2010-12-13

申请人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

发明人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

IPC分类号： G06F9/44

CPC分类号： G06F11/3684 ,  H04L69/40

摘要： The present invention provides a system, computer program product, and a computer implemented method for analyzing a set of two or more communicating applications. The method begins with receiving a first second application that communicates with each other during execution. Next, an initial input for executing the first application and the second application is received. The initial input is added to a set of inputs. An iterative execution loop is performed at least once. The loop begins with selecting inputs out of the set of inputs for execution. Next, using the selected inputs, the first and/or the second application is executed while information regarding the execution and information communicated to the other application are recorded. A set of one or more new application inputs for either applications is generated based the second application recorded information and the first application information. These new inputs are added to the set of inputs.

摘要翻译： 本发明提供了一种系统，计算机程序产品和用于分析一组两个或多个通信应用的计算机实现的方法。 该方法开始于在执行期间接收彼此通信的第一个第二应用程序。 接下来，接收用于执行第一应用和第二应用的初始输入。 初始输入被添加到一组输入。 执行迭代执行循环至少一次。 循环从选择输入集合中的输入开始执行。 接下来，使用所选择的输入，执行第一和/或第二应用，同时记录关于执行的信息和传送给其他应用的信息。 基于第二应用记录信息和第一应用信息生成用于任一应用的一组或多个新的应用输入。 这些新的输入被添加到该组输入。

公开(公告)号：US20130091079A1

公开(公告)日：2013-04-11

申请号：US13412121

申请日：2012-03-05

申请人： Marco Pistoia ,  Takaaki Tateishi ,  Omer Tripp

发明人： Marco Pistoia ,  Takaaki Tateishi ,  Omer Tripp

IPC分类号： G06F15/18

CPC分类号： G06N5/00

摘要： A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined.

摘要翻译： 用于动态选择字符串分析算法的方法可以开始于字符串分析模块的动态字符串分析处理程序的训练，以有效地处理在教学环境中从客户端应用程序接收的具有上下文元数据的字符串查询的子集。 培训模块的有效性可以基于客户端应用程序的反馈。 完成培训后，可以合成字符串分析算法选择策略。 字符串分析算法选择策略可以将子集中的字符串查询的上下文与字符串分析算法的使用相关联。 在操作环境中，动态字符串分析处理程序可以根据字符串分析算法选择策略来动态地处理具有从客户端应用程序接收的上下文元数据的字符串查询。 用于字符串查询的字符串分析算法可以动态和独立地确定。

公开(公告)号：US08387111B2

公开(公告)日：2013-02-26

申请号：US10002439

申请日：2001-11-01

申请人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

发明人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

IPC分类号： G06F12/14

CPC分类号： G06F21/53 ,  G06F2221/2145

摘要： A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.

摘要翻译： 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制，通过该机制，可以将大量的权限组分配给代码源，而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后，开发人员可以为已安装的类分配一个基本权限，从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式，安全提供程序不需要知道应用程序中定义的所有权限类型。 此外，安全提供商可以无缝地集成许多应用程序，而无需更改其访问控制和策略存储语义。 此外，应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改，也不需要更改应用程序代码。

公开(公告)号：US08365281B2

公开(公告)日：2013-01-29

申请号：US12950432

申请日：2010-11-19

申请人： Takaaki Tateishi ,  Marco Pistoia ,  Omer Tripp ,  Ryan Berg ,  Robert Wiener

发明人： Takaaki Tateishi ,  Marco Pistoia ,  Omer Tripp ,  Ryan Berg ,  Robert Wiener

IPC分类号： G06F11/00 ,  G06F11/30 ,  H04L29/06 ,  H04L9/32

CPC分类号： G06F21/50 ,  G06F21/563

摘要： An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator.

摘要翻译： 接收到具有方法的非法模式和计算机程序。 该方法具有一个或多个返回语句和一些基本块。 该方法被归一化，使得与非法模式相关的目标方法的每个返回语句返回一个常量布尔值。 确定用于一个或多个对应路径的第一路径条件和第二路径条件，使得一个或多个对应的基本块返回针对第一路径条件的常数布尔值为true，对于第二路径条件返回常量布尔值为假。 使用一元二阶逻辑（M2L）技术确定每个路径条件的不满足性。 如果任一路径条件的不满足性为假，则将该方法报告为不是验证器。 如果任一路径条件的不满足性为真，则将该方法报告为验证器。