利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

137 条记录 (耗时 0.024 秒)

    INCREMENTAL STATIC ANALYSIS
    1.
    发明申请
    INCREMENTAL STATIC ANALYSIS 审中-公开
    增量静态分析

    公开(公告)号:US20120054724A1

    公开(公告)日:2012-03-01

    申请号:US12873219

    申请日:2010-08-31

    申请人: Daniel Kalman Marco Pistoia Guy Podjarny Omer Tripp Omri Weisman

    发明人: Daniel Kalman Marco Pistoia Guy Podjarny Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F8/75 G06F11/3604 G06F21/577

    摘要: A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g., an application), where the changed portion was changed subsequent to performing a static analysis on the application, a static analysis result invalidator for invalidating any static analysis result that is dependent on the changed portion, and an incremental static analyzer for performing a first incremental static analysis on at least the changed portion, presenting the results of the first incremental static analysis, receiving a request to provide additional information regarding a selected result of the first incremental static analysis, performing, responsive to receiving the request, a second incremental static analysis on any portion of the application to gather the additional information, and presenting results of the second incremental static analysis, thereby providing the additional information regarding the selected result of the first incremental static analysis.

    摘要翻译: 一种用于增量静态分析的系统,方法和计算机程序产品,包括用于识别计算机软件(例如,应用程序)的改变部分的变化影响分析器,其中在对应用执行静态分析之后改变部分被改变, 静态分析结果无效器,用于使依赖于改变的部分的任何静态分析结果无效;以及增量静态分析器,用于至少对所述改变的部分执行第一增量静态分析,呈现第一增量静态分析的结果, 请求提供关于第一增量静态分析的选定结果的附加信息,响应于接收到请求执行,对应用的任何部分进行第二增量静态分析以收集附加信息,以及呈现第二增量静态分析的结果 ,从而提供附加信息rega 选择第一个增量静态分析的结果。

    WEB CRAWLING USING STATIC ANALYSIS
    2.
    发明申请
    WEB CRAWLING USING STATIC ANALYSIS 审中-公开
    使用静态分析的WEB抓取

    公开(公告)号:US20120215757A1

    公开(公告)日:2012-08-23

    申请号:US13032638

    申请日:2011-02-22

    申请人: Omri Weisman Yinnon Avraham Haviv Adi Sharabani Omer Tripp Marco Pistoia Takaaki Tateishi Guy Podjarny

    发明人: Omri Weisman Yinnon Avraham Haviv Adi Sharabani Omer Tripp Marco Pistoia Takaaki Tateishi Guy Podjarny

    IPC分类号: G06F17/30

    CPC分类号: G06F16/951

    摘要: A crawler including a document retriever configured to retrieve a first computer-based document, a link identifier configured to identify an actual string within the computer-based document as being a hyperlink-type string, and a static analyzer configured to perform static analysis of an operation on a variable within the first computer-based document to identify a possible string value of the variable as being a hyperlink-type string, where any of the strings indicate a location of at least a second computer-based document.

    摘要翻译: 包括被配置为检索第一基于计算机的文档的文档检索器的爬行器,被配置为将所述基于计算机的文档内的实际字符串标识为超链接字符串的链接标识符和被配置为执行静态分析的静态分析器 操作第一基于计算机的文档中的变量,以将变量的可能字符串值标识为超链接类型的字符串,其中任何字符串指示至少第二基于计算机的文档的位置。

    Eliminating false reports of security vulnerabilities when testing computer software
    5.
    发明授权
    Eliminating false reports of security vulnerabilities when testing computer software 失效
    在测试计算机软件时,消除安全漏洞的虚假报告

    公开(公告)号:US08584246B2

    公开(公告)日:2013-11-12

    申请号:US12578013

    申请日:2009-10-13

    申请人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Yinnon Avraham Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F12/14

    CPC分类号: G06F21/57 G06F11/3692

    摘要: A system for eliminating false reports of security vulnerabilities when testing computer software, including a taint analysis engine configured to identify a tainted variable v in a computer application, a data mapping identification engine configured to identify a variable x within the application that holds data derived from v, where x is in a different format than v, an AddData identification engine configured to identify an AddData operation within the application that is performed on x, a signature identification engine configured to identify a Sign operation within the application that is performed on the results of the AddData operation on x, a signature comparison identification engine configured to identify an operation within the application that compares the results of the Sign operation with another value.

    摘要翻译: 一种用于在测试计算机软件时消除安全漏洞的虚假报告的系统,包括配置成识别计算机应用程序中的受污染变量v的污染分析引擎,配置为识别应用程序内的变量x,该变量x保存从 v,其中x与v不同的格式,被配置为识别在x上执行的应用程序内的AddData操作的AddData识别引擎,被配置为识别在结果上执行的应用程序内的签名操作的签名识别引擎 的签名比较识别引擎,所述签名比较识别引擎被配置为识别应用程序内将所述Sign操作的结果与另一值进行比较的操作。

    Identification of read/write chains during static analysis of computer software
    6.
    发明授权
    Identification of read/write chains during static analysis of computer software 有权
    在计算机软件的静态分析期间识别读/写链

    公开(公告)号:US08533694B2

    公开(公告)日:2013-09-10

    申请号:US12129894

    申请日:2008-05-30

    申请人: Marco Pistoia Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Marco Pistoia Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F9/45 G06F7/00 G06F17/30

    CPC分类号: G06F8/433

    摘要: A system for identifying read/write chains in computer software, including a static analysis engine identifying within computer software logical container accesses, a string analyzer configured to at least partly resolve any variables identifying the logical container in any of the accesses by determining a set of potential values of any of the variables, and a Logical Container Access Virtualization component (LCAV) configured to identify the type and scope of any permutations of the accesses, where each of the permutations is defined by substituting any of the potential values for any of the access variables, and identify any read/write chains within the computer software by matching any of the access permutations that read from the logical container with any of the access permutations that write to the logical container if there is an intersection between the scopes of the read and write access permutations.

    摘要翻译: 一种用于识别计算机软件中的读/写链的系统,包括在计算机软件逻辑容器访问内识别的静态分析引擎,串行分析器,其被配置为至少部分地解析任何访问中识别逻辑容器的任何变量, 任何变量的潜在值和逻辑容器访问虚拟化组件(LCAV),其被配置为识别访问的任何排列的类型和范围,其中每个排列通过将任何潜在值替换为任何 访问变量,并通过将从逻辑容器读取的任何访问排列与写入逻辑容器的任何访问排列进行匹配,以识别计算机软件中的任何读/写链,如果读取范围之间存在交集 并写入访问排列。

    Generating Sound and Minimal Security Reports Based on Static Analysis of a Program
    8.
    发明申请
    Generating Sound and Minimal Security Reports Based on Static Analysis of a Program 有权
    基于程序的静态分析生成声音和最小安全性报告

    公开(公告)号:US20120216177A1

    公开(公告)日:2012-08-23

    申请号:US13033024

    申请日:2011-02-23

    申请人: Stephen Fink Yinnon A. Haviv Marco Pistoia Omer Tripp Omri Weisman

    发明人: Stephen Fink Yinnon A. Haviv Marco Pistoia Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F8/75 G06F8/77

    摘要: A method is disclosed that includes, using a static analysis, analyzing a software program to determine a number of paths from sources accepting information to sinks using that information or a modified version of that information and to determine multiple paths from the number of paths. The determined multiple paths have a same transition from an application portion of the software program to a library portion of the software program and require a same downgrading action to address a vulnerability associated with source-sink pairs in the multiple paths. The analyzing includes determining the multiple paths using a path-sensitive analysis. The method includes, for the determined multiple paths, grouping the determined multiple paths into a single representative indication of the determined multiple paths. The method includes outputting the single representative indication. Computer program products and apparatus are also disclosed.

    摘要翻译: 公开了一种方法,其包括使用静态分析来分析软件程序以使用该信息或该信息的修改版本从接收信息的信源到汇点确定多个路径,并且从路径数确定多条路径。 所确定的多个路径具有从软件程序的应用部分到软件程序的库部分的相同转换,并且需要相同的降级动作来解决与多个路径中的源 - 汇对相关联的漏洞。 分析包括使用路径敏感分析来确定多个路径。 该方法包括对于所确定的多个路径,将所确定的多个路径分组成所确定的多个路径的单个代表性指示。 该方法包括输出单个代表性指示。 还公开了计算机程序产品和装置。

    Verification of Information-Flow Downgraders
    9.
    发明申请
    Verification of Information-Flow Downgraders 失效
    信息流降级的验证

    公开(公告)号:US20120023486A1

    公开(公告)日:2012-01-26

    申请号:US12843308

    申请日:2010-07-26

    申请人: Yinnon A. Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    发明人: Yinnon A. Haviv Roee Hay Marco Pistoia Adi Sharabani Takaaki Tateishi Omer Tripp Omri Weisman

    IPC分类号: G06F9/44

    CPC分类号: G06F21/577 H04L63/105

    摘要: A method includes determining grammar for output of an information-flow downgrader in a software program. The software program directs the output of the information-flow downgrader to a sink. The method includes determining whether the grammar of the output conforms to one or more predetermined specifications of the sink. The method includes, in response to a determination the grammar of the output conforms to the one or more predetermined specifications of the sink, determining the information-flow downgrader is verified for the sink, wherein determining grammar, determining whether the grammar, and determining the information-flow downgrader are performed via static analysis of the software program. Apparatus and computer program products are also disclosed. An apparatus includes a user interface providing a result of whether or not output of an information-flow downgrader in the software program conforms to one or more predetermined specifications of a sink in the software program.

    摘要翻译: 一种方法包括在软件程序中确定信息流降级器的输出的语法。 软件程序将信息流降级器的输出引导到宿。 该方法包括确定输出的语法是否符合汇的一个或多个预定规范。 该方法包括响应于确定,输出的语法符合信宿的一个或多个预定规范,确定信宿流降级器对于汇点进行验证,其中确定语法,确定语法,并确定 信息流降级器通过软件程序的静态分析来执行。 还公开了装置和计算机程序产品。 一种装置,包括提供软件程序中的信息流下载器的输出是否符合软件程序中的接收器的一个或多个预定规格的结果的用户界面。