公开(公告)号：US12299134B1

公开(公告)日：2025-05-13

申请号：US17936993

申请日：2022-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Peixuan Li ,  Yingjun Lyu ,  Qiang Zhou ,  Lee Pike ,  Michael McDougall ,  Thodoris Sotiropoulos

IPC: G06F21/57 ,  G06N5/022

Abstract: Security vulnerability analysis may be performed using policy inference. Application code may have operations that are labeled according to the respective functions that they perform. Some operations may be labeled according to a knowledge database of known operations while others may be inferred through similarity to known operations. The knowledge database may be associated with libraries of programmatic interfaces. Once components of the application code are labeled, a vulnerability database may be that identifies potential vulnerabilities based on data sources, data sinks and threat mitigation operations. Using the labeled operations, one or more potential vulnerabilities may be identified based on labeled data sources and data sinks. The application may then be evaluated for potential security threats based on the identified potential vulnerabilities.

公开(公告)号：US11586437B1

公开(公告)日：2023-02-21

申请号：US17218590

申请日：2021-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Rajdeep Mukherjee ,  Michael Wilson ,  Yingjun Lyu

IPC: G06F9/44 ,  G06F8/75 ,  G06F9/54 ,  G06N20/00

Abstract: Techniques for program verification are described. An exemplary method includes receiving a request to evaluate code based on a customized rule, the customized rule comprising one or more conditions for which the customized rule is applicable and one or more postconditions to indicate at least one check to perform for a given node in a graph for the code, wherein an application of the customized rule performs one or more of: an interleave between a backward analysis and forward analysis based on user-specified conditions, an analysis between sub-graphs by a query from a first sub-graph to a second sub-graph, and an operation on a sub-graph, storage of a result of the operation on the sub-graph, and usage of the stored result in a subsequent operation; generating a graph for the code; and evaluating the code by applying the customized rule to the generated graph.