System and methods for automated detection of input and output validation and resource management vulnerability
First Claim
Patent Images
1. A method executed by a physical computer comprising a processor within a system, the method comprising, by the processor:
- as a process of a computer application executes at runtime;
analyzing a set of computer routines of the process, the analyzing including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set, the analyzing determining the likelihood of vulnerability including performing a simulation to cause at least one failure condition and observing response of the one or more computer routines to the simulation, the performed simulation injecting into the process, code that causes the at least one failure condition;
based upon the analysis, identifying the one or more computer routines of the set having the likelihood of vulnerability;
asynchronously and dynamically manipulating at least one of the one or more identified computer routines through a testing technique; and
determining unexpected behavior of the at least one of the one or more identified computer routines;
wherein analysis further includes at least one of;
extracting a histogram including a frequency of usage associated with at least one computer routine of the set;
a determination of size of one or more buffer read or write computer operations associated with the one or more identified computer routines;
a determination of size of one or more corresponding stacks associated with the one or more identified computer routines;
a determination of size of one or more memory read or write operations based upon examining at least one of a corresponding loop size; and
a taint analysis of at least one computer routine of the set.
2 Assignments
0 Petitions
Accused Products
Abstract
In an example embodiment, a system analyzes a set of computer routines. The system may perform an analysis including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set. Based upon the analysis, the system may identify one or more computer routines of the set having the likelihood of vulnerability. The system may asynchronously and dynamically manipulate at least one of the one or more computer routines through a testing technique. The system may determine unexpected behavior of at least one of the one or more computer routines.
178 Citations
22 Claims
-
1. A method executed by a physical computer comprising a processor within a system, the method comprising, by the processor:
- as a process of a computer application executes at runtime;
analyzing a set of computer routines of the process, the analyzing including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set, the analyzing determining the likelihood of vulnerability including performing a simulation to cause at least one failure condition and observing response of the one or more computer routines to the simulation, the performed simulation injecting into the process, code that causes the at least one failure condition;
based upon the analysis, identifying the one or more computer routines of the set having the likelihood of vulnerability;
asynchronously and dynamically manipulating at least one of the one or more identified computer routines through a testing technique; and
determining unexpected behavior of the at least one of the one or more identified computer routines;
wherein analysis further includes at least one of;
extracting a histogram including a frequency of usage associated with at least one computer routine of the set;
a determination of size of one or more buffer read or write computer operations associated with the one or more identified computer routines;
a determination of size of one or more corresponding stacks associated with the one or more identified computer routines;
a determination of size of one or more memory read or write operations based upon examining at least one of a corresponding loop size; and
a taint analysis of at least one computer routine of the set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 22)
- as a process of a computer application executes at runtime;
-
10. A system comprising:
- an analysis engine configured to;
as a process of a computer application executes at runtime;
perform an analysis of a set of computer routines of the process, the analysis including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set, the analysis determining the likelihood of vulnerability including performing a simulation to cause at least one failure condition and observing response of the one or more computer routines to the simulation, the performed simulation injecting into the process, code that causes the at least one failure condition; and
based upon the analysis, identify the one or more computer routines of the set having the likelihood of vulnerability; and
a validation engine communicatively coupled to the analysis engine, the validation engine configured to;
asynchronously and dynamically manipulate at least one of the one or more identified computer routines through a testing technique; and
determine unexpected behavior of the at least one of the one or more identified computer routines;
wherein the analysis engine is further configured to perform at least one of the following;
extract a histogram including a frequency of usage associated with at least one computer routine of the set;
determine a size of one or more buffer read or write computer operations associated with the one or more identified computer routines;
determine a size of one or more corresponding stacks associated with the one or more identified computer routines;
determine of a size of one or more memory read or write operations based upon examining a corresponding loop size; and
perform a taint analysis of at least one computer routine of the set. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- an analysis engine configured to;
Specification