Remediation of security vulnerabilities in computer software
First Claim
1. A method for processing a downgrader specification, the method comprising:
- constructing a set of candidate downgrader placement locations found within a computer software application, wherein each of the candidate downgrader placement locations corresponds to a transition between a different pair of instructions within the computer software application, and wherein each of the transitions participates in any of a plurality of data flows in a set of security-sensitive data flows within the computer software application;
applying a downgrader specification to the set of candidate downgrader placement locations using a processor, wherein applying the downgrader specification comprises eliminating from the set of candidate downgrader placement locations any of the candidate downgrader placement locations whose elimination is indicated by the downgrader specification; and
determining that the downgrader specification provides full coverage of the set of security-sensitive data flows within the computer software application if at least one candidate downgrader placement location within each of the security-sensitive data flows is a member of the set of candidate downgrader placement locations.
1 Assignment
0 Petitions
Accused Products
Abstract
Processing a downgrader specification by constructing a set of candidate downgrader placement locations found within a computer software application, where each of the candidate downgrader placement locations corresponds to a transition between a different pair of instructions within the computer software application, and where each of the transitions participates in any of a plurality of data flows in a set of security-sensitive data flows within the computer software application, applying a downgrader specification to the set of candidate downgrader placement locations, and determining that the downgrader specification provides full coverage of the set of security-sensitive data flows within the computer software application if at least one candidate downgrader placement location within each of the security-sensitive data flows is a member of the set of candidate downgrader placement locations.
23 Citations
12 Claims
-
1. A method for processing a downgrader specification, the method comprising:
-
constructing a set of candidate downgrader placement locations found within a computer software application, wherein each of the candidate downgrader placement locations corresponds to a transition between a different pair of instructions within the computer software application, and wherein each of the transitions participates in any of a plurality of data flows in a set of security-sensitive data flows within the computer software application; applying a downgrader specification to the set of candidate downgrader placement locations using a processor, wherein applying the downgrader specification comprises eliminating from the set of candidate downgrader placement locations any of the candidate downgrader placement locations whose elimination is indicated by the downgrader specification; and determining that the downgrader specification provides full coverage of the set of security-sensitive data flows within the computer software application if at least one candidate downgrader placement location within each of the security-sensitive data flows is a member of the set of candidate downgrader placement locations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for processing a downgrader specification, the method comprising:
-
constructing a set of candidate downgraders for processing a set of security-sensitive data flows within a computer software application, wherein each of the security-sensitive data flows is processable by at least one of the candidate downgraders; applying a downgrader specification to the set of candidate downgraders using a processor, wherein applying the downgrader specification comprises eliminating from the set of candidate downgraders any of the candidate downgraders whose elimination is indicated by the downgrader specification; and determining that the downgrader specification provides full coverage of the set of security-sensitive data flows within the computer software application if each of the security-sensitive data flows is processable by at least one of the candidate downgraders remaining in the set of candidate downgraders. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification