Detection and healing of vulnerabilities in computer code

US 10,248,792 B1
Filed: 08/10/2017
Issued: 04/02/2019
Est. Priority Date: 11/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed by one or more processing devices, comprising:

during compilation of computer code by the one or more processing devices;

performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and

inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and

during execution of the computer code by the one or more processing devices;

updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and

using the healing template to inhibit the one or more subsequent attacks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.

30 Citations

View as Search Results

28 Claims

1. A method performed by one or more processing devices, comprising:
- during compilation of computer code by the one or more processing devices;
  
  performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and
  
  inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and
  
  during execution of the computer code by the one or more processing devices;
  
  updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and
  
  using the healing template to inhibit the one or more subsequent attacks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the memory instruction has a linear access during execution of the computer code.
  - 3. The method of claim 1, wherein the memory instruction operates on an induction variable.
  - 4. The method of claim 1, wherein the potential vulnerability has potential for user-system or system-system interactions to cause violation of predefined boundaries in the memory instruction.
  - 5. The method of claim 1, further comprising:
    - preventing execution of the memory instruction using the healing template.
  - 6. The method of claim 1, wherein the one or more subsequent attacks are of a same type as the attack that occurred at the potential vulnerability.
  - 7. The method of claim 1, wherein the healing template is updated to include code that changes a boundary for a memory access by the memory instruction.
  - 8. The method of claim 1, wherein the healing template is updated to include code to replace the memory instruction with a branch instruction.
  - 9. The method of claim 1, wherein the healing template is inserted into the computer code adjacent to the point of vulnerability in execution sequence.
  - 10. The method of claim 1, wherein the healing template is inserted into the computer code prior to the point of vulnerability in execution sequence.
  - 11. The method of claim 1, wherein the static analysis comprises:
    - performing a static call-graph analysis to identify unique procedure caller-callee sets in the computer code; and
      
      modifying how a stack is organized inside a procedure of the computer code.
  - 12. The method of claim 1, further comprising:
    - performing a filtering process that includes the memory instruction, the filtering process identifying the memory instruction as one that has a potential to be influenced by system-system or user-system interactions.
  - 13. The method of claim 1, wherein the healing template is updated to include code to prevent the memory instruction from being reached.
  - 14. The method of claim 13, wherein the code to prevent the memory instruction from being reached comprises code to branch-out of a loop containing the memory instruction to prevent an execution of the memory instruction.

15. One or more non-transitory machine-readable storage media storing instructions that are executable by one or more processing devices to perform operations comprising:
- during compilation of computer code by the one or more processing devices;
  
  performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and
  
  inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and
  
  during execution of the computer code by the one or more processing devices;
  
  updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and
  
  using the healing template to inhibit the one or more subsequent attacks.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The one or more non-transitory machine-readable storage media of claim 15, wherein the memory instruction has a linear access during execution of the computer code.
  - 17. The one or more non-transitory machine-readable storage media of claim 15, wherein the memory instruction operates on an induction variable.
  - 18. The one or more non-transitory machine-readable storage media of claim 15, wherein the potential vulnerability has potential for user-system or system-system interactions to cause violation of predefined boundaries in the memory instruction.
  - 19. The one or more non-transitory machine-readable storage media of claim 15, wherein the operations comprise:
    - preventing execution of the memory instruction using the healing template.
  - 20. The one or more non-transitory machine-readable storage media of claim 15, wherein the one or more subsequent attacks are of a same type as the attack that occurred at the potential vulnerability.
  - 21. The one or more non-transitory machine-readable storage media of claim 15, wherein the healing template is updated to include code that changes a boundary for a memory access by the memory instruction.
  - 22. The one or more non-transitory machine-readable storage media of claim 15, wherein the healing template is updated to include code to replace the memory instruction with a branch instruction.
  - 23. The one or more non-transitory machine-readable storage media of claim 15, wherein the healing template is inserted into the computer code adjacent to the point of vulnerability in execution sequence.
  - 24. The one or more non-transitory machine-readable storage media of claim 15, wherein the healing template is inserted into the computer code prior to the point of vulnerability in execution sequence.
  - 25. The one or more non-transitory machine-readable storage media of claim 15, wherein the static analysis comprises:
    - performing a static call-graph analysis to identify unique procedure caller-callee sets in the computer code; and
      
      modifying how a stack is organized inside a procedure of the computer code.
  - 26. The one or more non-transitory machine-readable storage media of claim 15, wherein the operations comprise:
    - performing a filtering process that includes the memory instruction, the filtering process identifying the memory instruction as one that has a potential to be influenced by system-system or user-system interactions.
  - 27. The one or more non-transitory machine-readable storage media of claim 15, wherein the healing template is updated to include code to prevent the memory instruction from being reached.
  - 28. The one or more non-transitory machine-readable storage media of claim 27, wherein the code to prevent the memory instruction from being reached comprises code to branch-out of a loop containing the memory instruction to prevent an execution of the memory instruction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BlueRISC Inc.
Original Assignee
BlueRISC Inc.
Inventors
Moritz, Csaba Andras, Carver, Kristopher, Gummeson, Jeffry
Primary Examiner(s)
Lipman, Jacob

Application Number

US15/674,084
Time in Patent Office

600 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

Detection and healing of vulnerabilities in computer code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Detection and healing of vulnerabilities in computer code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others