Automatic classification of security vulnerabilities in computer software applications
First Claim
1. A system for automatically classifying security vulnerabilities in computer software applications, the system comprising:
- a hardware processor configured to initiate executable operations comprising;
identifying a plurality of candidate security vulnerabilities in a learning set including at least a first computer software application;
classifying each of the plurality of candidate security vulnerabilities with any classification selected from a set of predefined classifications;
determining, for each of the plurality of candidate security vulnerabilities, values for a plurality of predefined properties;
creating, for each of the plurality of candidate security vulnerabilities, a set of correlations between the values for the plurality of predefined properties and the respective classification of the candidate security vulnerability;
identifying a candidate security vulnerability in a second computer software application;
determining, for the candidate security vulnerability in the second computer software application, values for the plurality of predefined properties; and
classifying, using the set of correlations, the candidate security vulnerability in the second computer software application with a classification selected from the set of predefined classifications that best correlates with the values for the plurality of predefined properties of the candidate security vulnerability in the second computer software application.
1 Assignment
0 Petitions
Accused Products
Abstract
Automatically classifying security vulnerabilities in computer software applications by identifying candidate security vulnerabilities in a learning set including at least a first computer software application, classifying each of the candidate security vulnerabilities using predefined classifications, determining, for each of the candidate security vulnerabilities, values for predefined properties, creating a set of correlations between the property values and the classifications of the candidate security vulnerabilities, identifying a candidate security vulnerability in a second computer software application, determining, for the candidate security vulnerability in the second computer software application, values for the predefined properties, and using the set of correlations to classify the candidate security vulnerability in the second computer software application with a classification from the predefined classifications that best correlates with the property values of the candidate security vulnerability in the second computer software application.
13 Citations
13 Claims
-
1. A system for automatically classifying security vulnerabilities in computer software applications, the system comprising:
-
a hardware processor configured to initiate executable operations comprising; identifying a plurality of candidate security vulnerabilities in a learning set including at least a first computer software application; classifying each of the plurality of candidate security vulnerabilities with any classification selected from a set of predefined classifications; determining, for each of the plurality of candidate security vulnerabilities, values for a plurality of predefined properties; creating, for each of the plurality of candidate security vulnerabilities, a set of correlations between the values for the plurality of predefined properties and the respective classification of the candidate security vulnerability; identifying a candidate security vulnerability in a second computer software application; determining, for the candidate security vulnerability in the second computer software application, values for the plurality of predefined properties; and classifying, using the set of correlations, the candidate security vulnerability in the second computer software application with a classification selected from the set of predefined classifications that best correlates with the values for the plurality of predefined properties of the candidate security vulnerability in the second computer software application. - View Dependent Claims (2)
-
-
3. A system for automatically classifying security vulnerabilities in computer software applications comprising:
-
a hardware processor configured to initiate executable operations comprising; identifying a candidate security vulnerability in a computer software application; determining, for the candidate security vulnerability, values for a plurality of predefined properties selected from a group consisting of a number of instructions within the candidate security vulnerability, a percentage of the instructions within the candidate security vulnerability that lie within library code, a number of unique methods that are used by the instructions within the candidate security vulnerability, a number and kind of control-flow tests performed within the candidate security vulnerability, a number of taint carriers used to propagate vulnerable data within the candidate security vulnerability, a number of string manipulation statements within the candidate security vulnerability, a number of static variables through which data flow within the candidate security vulnerability, and a number of containers through which data flow within the candidate security vulnerability; and classifying, using a set of correlations between values for the plurality of predefined properties and a set of predefined classifications of security vulnerabilities, the candidate security vulnerability with a classification selected from the set of predefined classifications of security vulnerabilities that best correlates with the values for the plurality of predefined properties of the candidate security vulnerability. - View Dependent Claims (4, 5)
-
-
6. A method for automatically classifying security vulnerabilities in computer software applications, the method comprising:
-
identifying a plurality of candidate security vulnerabilities in a learning set including at least a first computer software application; classifying each of the plurality of candidate security vulnerabilities with any classification selected from a set of predefined classifications; determining, using a hardware processor, for each of the plurality of candidate security vulnerabilities, values for a plurality of predefined properties; creating, for each of the plurality of candidate security vulnerabilities, a set of correlations between the values for the plurality of predefined properties and the respective classification of the candidate security vulnerability; identifying a candidate security vulnerability in a second computer software application; determining for the candidate security vulnerability in the second computer software application, values for the plurality of predefined properties; and classifying, using the set of correlations, the candidate security vulnerability in the second computer software application with a classification selected from the set of predefined classifications that best correlates with the values for the plurality of predefined properties of the candidate security vulnerability in the second computer software application. - View Dependent Claims (7)
-
-
8. A method for automatically classifying security vulnerabilities in computer software applications, the method comprising:
-
identifying a candidate security vulnerability in a computer software application; determining, using a hardware processor, for the candidate security vulnerability, values for a plurality of predefined properties; and classifying, using a set of correlations between values for the plurality of predefined properties and a set of predefined classifications of security vulnerabilities, the candidate security vulnerability with a classification selected from the set of predefined classifications of security vulnerabilities that best correlates with the values for the plurality of predefined properties of the candidate security vulnerability, wherein the plurality of predefined properties are selected from a group consisting of a number of instructions within the candidate security vulnerability, a percentage of the instructions within the candidate security vulnerability that lie within library code, a number of unique methods that are used by the instructions within the candidate security vulnerability, a number and kind of control-flow tests performed within the candidate security vulnerability, a number of taint carriers used to propagate vulnerable data within the candidate security vulnerability, a number of string manipulation statements within the candidate security vulnerability, a number of static variables through which data flow within the candidate security vulnerability, and a number of containers through which data flow within the candidate security vulnerability. - View Dependent Claims (9, 10)
-
-
11. A computer program product for automatically classifying security vulnerabilities in computer software applications, the computer program product comprising:
-
a computer-readable storage device, wherein the computer-readable storage device is not a transitory, propagating signal, per se; and computer-readable program code embodied in the computer-readable storage device, wherein the computer-readable program code is configured to; identify a candidate security vulnerability in a computer software application; determine, for the candidate security vulnerability, values for a plurality of predefined properties selected from a group consisting of a number of instructions within the candidate security vulnerability, a percentage of the instructions within the candidate security vulnerability that lie within library code, a number of unique methods that are used by the instructions within the candidate security vulnerability, a number and kind of control-flow tests performed within the candidate security vulnerability, a number of taint carriers used to propagate vulnerable data within the candidate security vulnerability, a number of string manipulation statements within the candidate security vulnerability, a number of static variables through which data flow within the candidate security vulnerability, and a number of containers through which data flow within the candidate security vulnerability; and classifying, using a set of correlations between values of security vulnerabilities and classifications of security vulnerabilities, the candidate security vulnerability with a classification selected from the set of predefined classifications that best correlates with the values of security vulnerabilities of the candidate security vulnerability. - View Dependent Claims (12, 13)
-
Specification