AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS

US 20140237602A1
Filed: 02/15/2013
Published: 08/21/2014
Est. Priority Date: 02/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for automatic correction of security downgraders, comprising:

performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable;

locating candidate downgraders on said flows;

determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and

transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for automatic correction of security downgraders includes performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; locating candidate downgraders on the flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and transforming candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.

Citations

11 Claims

1. A method for automatic correction of security downgraders, comprising:
- performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable;
  
  locating candidate downgraders on said flows;
  
  determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and
  
  transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein transforming candidate downgraders comprises adding a validating or sanitizing step to the candidate downgraders that checks for a known vulnerability.
  - 3. The method of claim 2, wherein transforming candidate downgraders comprises concatenating the added validating or sanitizing step with an existing candidate downgrader in a respective flow.
  - 4. The method of claim 2, wherein transforming candidate downgraders comprises injecting a validating or sanitizing step into an existing precompiled candidate downgrader in a respective flow.
  - 5. The method of claim 2, further comprising repeating said steps of determining and transforming until each candidate downgrader has been enhanced to address all known vulnerabilities associated with candidate downgrader'"'"'s respective flow.
  - 6. The method of claim 1, further comprising generating a report that includes information regarding flows that have no downgrader and a list of transformations made to the candidate downgraders.
  - 7. The method of claim 1, wherein determining whether each of the candidate downgraders protects against all vulnerabilities comprises providing a set of test inputs to each of the candidate downgraders to determine whether said candidate downgraders correctly downgrade the input.
  - 8. The method of claim 7, further comprising generating a set of test inputs for each vulnerable flow that includes at least one test input that exploits each vulnerability associated with the vulnerable flow.
  - 9. The method of claim 1, further comprising adding a complete downgrader to any each flow that has no downgrader.

10. A method for automatic correction of security downgraders, comprising:
- performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable;
  
  generating a set of test inputs for each vulnerable flow that includes at least one test input that exploits each vulnerability associated with the vulnerable flow;
  
  locating candidate downgraders on said flows;
  
  determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow by providing the set of test inputs for each flow to each of the respective candidate downgraders to determine whether said candidate downgraders correctly downgrade the input; and
  
  transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities by adding a validating or sanitizing step to the candidate downgraders that checks for a known vulnerability, such that the transformed downgraders do protect against all of the associated vulnerabilities.

11-20. -20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Guarnieri, Salvatore A., Pistoia, Marco, Tripp, Omer

Granted Patent

US 8,990,949 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/1433   Vulnerability analysis

AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links