Detection and healing of vulnerabilities in computer code
First Claim
1. A method performed by one or more processing devices, comprising:
- during compilation of computer code by the one or more processing devices;
performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and
inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and
during execution of the computer code by the one or more processing devices;
updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and
using the healing template to inhibit the one or more subsequent attacks.
1 Assignment
0 Petitions
Accused Products
Abstract
An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.
30 Citations
28 Claims
-
1. A method performed by one or more processing devices, comprising:
-
during compilation of computer code by the one or more processing devices; performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and during execution of the computer code by the one or more processing devices; updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and using the healing template to inhibit the one or more subsequent attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory machine-readable storage media storing instructions that are executable by one or more processing devices to perform operations comprising:
-
during compilation of computer code by the one or more processing devices; performing a static analysis of the computer code to identify a memory instruction in the computer code that constitutes a potential vulnerability in the computer code, the memory instruction comprising a memory store instruction that is repeatable and that uses contiguous memory during a repetition; and inserting a healing template into the computer code at a location that is based on the potential vulnerability, the healing template being generic to a class of vulnerabilities; and during execution of the computer code by the one or more processing devices; updating the healing template based on an attack that occurred at the potential vulnerability, the healing template for inhibiting one or more subsequent attacks that occur at the potential vulnerability; and using the healing template to inhibit the one or more subsequent attacks. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification