CONSTRAINT INJECTION SYSTEM FOR IMMUNIZING SOFTWARE PROGRAMS AGAINST VULNERABILITIES AND ATTACKS
First Claim
1. A computer-implemented method for protecting software, comprising:
- inserting constraint code into a computer program to be protected at a patch point which is between instructions of the computer program; and
executing the constraint code when a control flow of the computer program reaches the patch point.
5 Assignments
0 Petitions
Accused Products
Abstract
A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.
203 Citations
89 Claims
-
1. A computer-implemented method for protecting software, comprising:
-
inserting constraint code into a computer program to be protected at a patch point which is between instructions of the computer program; and
executing the constraint code when a control flow of the computer program reaches the patch point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. A computer-implemented method for protecting software, comprising:
-
identifying a vulnerability in a computer program;
developing a constraint for eliminating the vulnerability, the constraint comprising code which is inserted into the computer program at a specified point; and
releasing the constraint to at least one customer. - View Dependent Claims (73, 74, 75)
-
-
76. One or more processor readable storage devices having processor readable code embodied thereon for programming one or more processors to perform a method for protecting a software program comprising:
-
inserting constraint code into a computer program to be protected at a patch point which is between instructions of the computer program; and
executing the constraint code when a control flow of the computer program reaches the patch point. - View Dependent Claims (77, 78, 79, 80, 81, 82)
-
-
83. A computer-implemented system for protecting software, comprising:
-
one or more storage devices; and
one or more processors in communication with said one or more storage devices, said one or more processors performing a method comprising;
inserting constraint code into a computer program to be protected at a patch point which is between instructions of the computer program; and
executing the constraint code when a control flow of the computer program reaches the patch point. - View Dependent Claims (84, 85, 86, 87, 88, 89)
-
Specification