AUTOMATIC CORRECTION OF SECURITY DOWNGRADERS
First Claim
Patent Images
1. A method for automatic correction of security downgraders, comprising:
- performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable;
locating candidate downgraders on said flows;
determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and
transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for automatic correction of security downgraders includes performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; locating candidate downgraders on the flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and transforming candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.
-
Citations
11 Claims
-
1. A method for automatic correction of security downgraders, comprising:
-
performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; locating candidate downgraders on said flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow; and transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for automatic correction of security downgraders, comprising:
-
performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; generating a set of test inputs for each vulnerable flow that includes at least one test input that exploits each vulnerability associated with the vulnerable flow; locating candidate downgraders on said flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader'"'"'s respective flow by providing the set of test inputs for each flow to each of the respective candidate downgraders to determine whether said candidate downgraders correctly downgrade the input; and transforming with a processor candidate downgraders that do not protect against all of the associated vulnerabilities by adding a validating or sanitizing step to the candidate downgraders that checks for a known vulnerability, such that the transformed downgraders do protect against all of the associated vulnerabilities.
-
-
11-20. -20. (canceled)
Specification