CODE PROPERTY ANALYSIS FOR SECURITY MITIGATIONS

US 20100205673A1
Filed: 02/06/2009
Published: 08/12/2010
Est. Priority Date: 02/06/2009
Status: Active Grant

First Claim

Patent Images

1. A system for mitigating security risks in computer program code comprising:

a processor and a memory including a risk analysis module configured to cause the processor to;

identify areas of source code that are vulnerable to unauthorized exploitation;

identify areas of source code within the identified vulnerable areas of the source code for which security mitigation code will not be inserted;

filter out the identified areas of source code within the identified vulnerable areas of the source code for which security mitigation code will not be inserted; and

insert security mitigating code for source code remaining after the filtering out of the source code for which security mitigation code will not be inserted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Attempts to make code secure often are associated with performance penalties. To facilitate striking an acceptable balance between performance and security, vulnerable areas of source code are identified. The vulnerable areas are examined for areas that are actually safe and the safe areas are filtered from the universe of code that receives security mitigations. The remaining code receives security mitigations appropriate to the level of risk of the code.

40 Citations

View as Search Results

20 Claims

1. A system for mitigating security risks in computer program code comprising:
- a processor and a memory including a risk analysis module configured to cause the processor to;
  
  identify areas of source code that are vulnerable to unauthorized exploitation;
  
  identify areas of source code within the identified vulnerable areas of the source code for which security mitigation code will not be inserted;
  
  filter out the identified areas of source code within the identified vulnerable areas of the source code for which security mitigation code will not be inserted; and
  
  insert security mitigating code for source code remaining after the filtering out of the source code for which security mitigation code will not be inserted.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the processor is configured to determine risk based on a combination of allocation size of a symbol, type of the symbol and structure of the symbol in the remaining source code and to provide varying levels of code protection based on the determined risk.
  - 3. The system of claim 1, wherein the risk analysis module is external to a compiler.
  - 4. The system of claim 1, wherein the risk analysis module is static.
  - 5. The system of claim 1, wherein the risk analysis module overrides built-in compiler heuristics that determine areas of source code that are vulnerable to unauthorized exploitation.
  - 6. The system of claim 1, wherein the risk analysis module causes a compiler to categorize the remaining source code into categories of degrees of risk, wherein varying levels of security mitigation protection are provided based on a degree of risk category into which an area of the remaining source code has been categorized.
  - 7. The system of claim 1, wherein the risk analysis module causes a compiler to categorize an area of source code'"'"'s vulnerability to exploitationbased on an allocation size of a local variable symbol;
    - based on a size of an array element;
      
      based on an array element type;
      
      based on an element count of an array;
      
      based on an analysis of a structure, wherein the structure comprises an array;
      
      or based on an analysis of a structure, wherein the structure is a pure data structure.

8. A method of performing security mitigations comprising:
- identifying areas of source code that are vulnerable to unauthorized exploitation via a risk analysis module executing on a software development computer;
  
  filtering out safe areas for which insertion of security mitigating code will not be done from the identified vulnerable areas to create a remaining area of source code for which insertion of security mitigating code will be done; and
  
  applying security mitigations to the remaining area of source code;
  
  wherein the preceding steps are performed by at least one processor.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the identifying comprises examining historical data to find areas in the source code that have been exploited or comprises utilizing an automated heuristic that determines where in the source code security mitigation code is currently not present.
  - 10. The method of claim 8, wherein the applying security mitigations comprises classifying the remaining area of source code into categories of risk and inserting varying levels of code protection in code generated from the remaining area of source code, based on the risk classification category.
  - 11. The method of claim 8,wherein a safe area of the safe areas comprises an area where a potentially vulnerable local variable is used as a parameter to a known trusted function, wherein other parameters in a call to the known trusted function are analyzed to determine that the call is safe.
  - 12. The method of claim 8,wherein a safe area of the safe areas is determined by analysis of intra- or inter-procedural ranges, wherein the analysis comprises determining that local writes to a local variable are safe or comprises determining that functions are safe by tracking parameter usage.
  - 13. The method of claim 8, further comprising:
    - classifying the identified areas of source code into categories of levels of risk and applying varying levels of code protection based on the risk level of the identified area of source code.

14. A computer-readable storage medium comprising computer-executable instructions which when executed cause at least one processor to:
- identify an area of source code that is vulnerable to unauthorized exploitation;
  
  classify the identified area of source code into a level of risk;
  
  apply a level of risk protection to code based on the level of risk into which the identified area was classified; and
  
  filter out safe areas for which insertion of security mitigating code will not be done from the identified areas to create a remaining area of source code for which insertion of security mitigating code is done.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - apply security mitigations to code generated from the remaining area of source code.
  - 16. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - inform a compiler of a safe area of the safe areas by a source code annotation, wherein the source code annotation overrides built-in compiler heuristics and prevents existing security mitigating code insertions from being applied to the safe area.
  - 17. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - inform a compiler of a safe area of the safe areas by a source code annotation comprising a declaration specification.
  - 18. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - classify the identified area of source code into a level of risk based on an evaluation of a combination of symbol allocation size, type and structure.
  - 19. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - increase severity of a warning generated by a static analysis tool where identified source code is determined not to be mitigated.
  - 20. The computer-readable storage medium of claim 14, comprising further computer-executable instructions, which when executed cause the at least one processor to:
    - identify an area of source code that is vulnerable to unauthorized exploitation by examination of;
      
      an allocation size of a local variable symbol;
      
      for an array, a size of an element of the array;
      
      for an array, an array element count of the array;
      
      for an array, an array element type of the array;
      
      orfor a structure, an analysis of the structure wherein structures including vulnerable arrays and pure data structures are protected by insertion of mitigating code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Burrell, Tim W., Shupak, Richard M., Caves, Jonathan E., Lafreniere, Louis

Granted Patent

US 8,990,930 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/554   involving event detection a...

G06F 21/563   by source code analysis

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

CODE PROPERTY ANALYSIS FOR SECURITY MITIGATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CODE PROPERTY ANALYSIS FOR SECURITY MITIGATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links