×

Method for static security enforcement of a DSL

  • US 10,379,824 B2
  • Filed: 02/26/2016
  • Issued: 08/13/2019
  • Est. Priority Date: 02/26/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method for securing computer code, the method comprising:

  • receiving the computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;

    using a compiler to perform static analysis on the computer code, the static analysis including referencing a security policy defining one or more unacceptable program behaviors;

    performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;

    indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL;

    accessing a predefined compile context for the DSL, wherein the compile context accessible by the compiler and used by the compiler to access metadata included in the security policy and applicable to the DSL, wherein the compiler is adapted to visit all expression nodes in a syntax tree associated with the computer code written using the DSL;

    using the compile context, on visit of an expression node of the syntax tree, to determine if the expression node is secure; and

    if access to a computing object associated with the expression node is not secure, then;

    terminating compilation of the computer code written using the DSL and displaying a compiler error message.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×