Autonomous reasoning system for vulnerability analysis
First Claim
1. A method of vulnerability analysis of a deployed program, the method comprising:
- receiving a binary program under analysis (BPUA) derived from the deployed program;
analyzing input/output (I/O) behavior of the deployed program;
discovering inputs to the deployed program based on application of two or more exploration techniques to the BPUA and analysis of the I/O behavior, the inputs including a first set of inputs discovered during a symbolic execution process, a second set of inputs discovered during a side-channel input generation, and a third set of inputs from an I/O state machine module (stateful model) generation process;
determining which of the inputs are negative inputs, the negative inputs including a portion of the inputs that trigger a response that includes a vulnerability of the deployed program;
based on the negative inputs and triggered responses, developing a patch for the deployed program that modifies the deployed program to process at least some of the negative inputs without triggering a response that includes the vulnerability; and
automatically dispatching the patch to the deployed program.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of vulnerability analysis of a deployed program (program) includes inputting a binary program under analysis (BPUA) derived from the program. The method includes analyzing input/output (I/O) behavior of the program. The method includes discovering inputs to the program based on application of exploration techniques to the BPUA and analysis of the I/O behavior. The method includes determining which of the inputs are negative inputs. The negative inputs are inputs that trigger a response that includes a vulnerability of the program. Based on the negative inputs and triggered responses, the method includes developing a patch for the program that modifies the program to process at least some of the negative inputs without triggering a response that includes the vulnerability. The method includes automatically dispatching the patch.
-
Citations
20 Claims
-
1. A method of vulnerability analysis of a deployed program, the method comprising:
-
receiving a binary program under analysis (BPUA) derived from the deployed program; analyzing input/output (I/O) behavior of the deployed program; discovering inputs to the deployed program based on application of two or more exploration techniques to the BPUA and analysis of the I/O behavior, the inputs including a first set of inputs discovered during a symbolic execution process, a second set of inputs discovered during a side-channel input generation, and a third set of inputs from an I/O state machine module (stateful model) generation process; determining which of the inputs are negative inputs, the negative inputs including a portion of the inputs that trigger a response that includes a vulnerability of the deployed program; based on the negative inputs and triggered responses, developing a patch for the deployed program that modifies the deployed program to process at least some of the negative inputs without triggering a response that includes the vulnerability; and automatically dispatching the patch to the deployed program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more non-transitory computer-readable media having encoded therein programming code executable by one or more processors to perform operations, the operations comprising:
-
receiving a binary program under analysis (BPUA) derived from a deployed program; analyzing input/output (I/O) behavior of the deployed program; discovering inputs to the deployed program based on application of two or more exploration techniques to the BPUA and analysis of the I/O behavior, the inputs including a first set of inputs discovered during a symbolic execution process, a second set of inputs discovered during a side-channel input generation, and a third set of inputs from an I/O state machine module (stateful model) generation process; determining which of the inputs are negative inputs, the negative inputs including a portion of the inputs that trigger a response that includes a vulnerability of the deployed program; based on the negative inputs and triggered responses, developing a patch for the deployed program that modifies the deployed program to process at least some of the negative inputs without triggering a response that includes the vulnerability; and automatically dispatching the patch to the deployed program. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification