SYSTEM AND METHODS FOR DETECTING SOFTWARE VULNERABILITIES AND MALICIOUS CODE
First Claim
1. A method of determining whether software includes malicious code, comprising the steps of:
- providing a validation machine;
instrumenting the validation machine with tools and monitors that capture the static and dynamic behavior of software;
executing software on the validation machine;
using the tools and monitors to log data representative of the behavior of the software during execution to detect vulnerable or malicious code;
automatically performing one or more operations on the software to enhance the security of the software by neutralizing the vulnerable or malicious code; and
flagging for human inspection activities that cannot be neutralized automatically.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method determines whether software includes malicious code. A validation machine is instrumented with tools and monitors that capture the static and dynamic behavior of software. Software under examination is executed on the validation machine, and the tools and monitors are used to log data representative of the behavior of the software to detect vulnerable or malicious code. If possible, one or more operations are automatically performed on the software to enhance the security of the software by neutralizing the vulnerable or malicious code. Activities that cannot be neutralized automatically are flagged for human inspection. The software executed on the validation machine may be source code or non-source code, with different operations being disclosed and described in each case.
-
Citations
28 Claims
-
1. A method of determining whether software includes malicious code, comprising the steps of:
-
providing a validation machine; instrumenting the validation machine with tools and monitors that capture the static and dynamic behavior of software; executing software on the validation machine; using the tools and monitors to log data representative of the behavior of the software during execution to detect vulnerable or malicious code; automatically performing one or more operations on the software to enhance the security of the software by neutralizing the vulnerable or malicious code; and flagging for human inspection activities that cannot be neutralized automatically. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification