Automatic extraction of sensitive code fragments to be executed in a sandbox

US 9,830,149 B2
Filed: 01/14/2016
Issued: 11/28/2017
Est. Priority Date: 01/14/2016
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of refactoring a source code that includes a plurality of references to sensitive data into at least two separate source codes, comprising:

receiving a source code comprising a plurality of references to sensitive data;

identifying a plurality of code blocks comprising said plurality of references, one or more of said plurality of code blocks is identified in said source code by assigning a weighting factor to words in a source code according to a list of sensitive data terms and by extracting words from compound phrases in source code according to at least one rule or coding standard of a member of a group consisting of;

a camel case, an underscore separation, a compound name, and a programming language naming convention;

using an information retrieval algorithm to identify synonyms to words or phrases in said source code and assigning said weighting factor to said synonyms according to said list of sensitive data;

refactoring said source code into an enterprise source code having a plurality of functions containing said plurality of code blocks and a cloud source code that is semantically equivalent when executed to said source code when executed; and

replacing within said cloud source code at least one of said plurality of code blocks with a call to a function within said enterprise source code, said function containing at least one code block semantically identical to said at least one replaced code block.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an aspect of some embodiments of the present invention there is provided a computer implemented method of refactoring a source code that includes a plurality of references to sensitive data into at least two separate source codes, comprising receiving a source code comprising a plurality of references to sensitive data, identifying a plurality of code blocks comprising the plurality of references, refactoring the source code into an enterprise source code having a plurality of functions containing the plurality of code blocks and a cloud source code that is semantically equivalent when executed to the source code when executed, and replacing within the cloud source code at least one of the plurality of code blocks with a call to a function within the enterprise source code, the function containing a code block that is semantically identical to the replaced code block.

55 Citations

18 Claims

1. A computer implemented method of refactoring a source code that includes a plurality of references to sensitive data into at least two separate source codes, comprising:
- receiving a source code comprising a plurality of references to sensitive data;
  
  identifying a plurality of code blocks comprising said plurality of references, one or more of said plurality of code blocks is identified in said source code by assigning a weighting factor to words in a source code according to a list of sensitive data terms and by extracting words from compound phrases in source code according to at least one rule or coding standard of a member of a group consisting of;
  
  a camel case, an underscore separation, a compound name, and a programming language naming convention;
  
  using an information retrieval algorithm to identify synonyms to words or phrases in said source code and assigning said weighting factor to said synonyms according to said list of sensitive data;
  
  refactoring said source code into an enterprise source code having a plurality of functions containing said plurality of code blocks and a cloud source code that is semantically equivalent when executed to said source code when executed; and
  
  replacing within said cloud source code at least one of said plurality of code blocks with a call to a function within said enterprise source code, said function containing at least one code block semantically identical to said at least one replaced code block.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein said sensitive data comprising data that is not meant for public access, for example credit card numbers, passwords, and/or trade secrets.
  - 3. The method of claim 1, wherein said sensitive data is received from a list generated automatically by parsing documentation of said source code and/or by manual input by a person.
  - 4. The method of claim 1, wherein said one or more of a plurality of said code blocks is identified in said source code by one or more of a plurality of methodologies comprising information retrieval algorithms, manually by a person, and/or any other link traceability method.
  - 5. The method of claim 1, wherein said refactoring is accomplished according to one or more of a plurality of methodologies for refactoring non contiguous code selected from a group consisting of:
    - Fine Slicing theory and applications for computational extraction, extract computation, extract method, and program slicing and sliding.
  - 6. The method of claim 1, wherein references to a database in said source code are replaced with references to a user specific enterprise databases in said enterprise source code according to manual changes to said enterprise source code.
  - 7. The method of claim 1, wherein said call from said cloud source code to said enterprise source code is implemented by one or more of a plurality of methodologies comprising a remote procedure call (RPC), Remote Method Invocation (RMI), SAP Remote Function Call, Java Remote Method Invocation, Apache Thrift protocol and framework, Microsoft.NET Remoting, and/or any other variation of RPC.
  - 8. The method of claim 7, wherein a return value of said RPC and/or said variation of RPC is dynamically changed to remove sensitive data by one of a plurality of methods selected from a dynamic analysis method.
  - 9. The method of claim 1, further comprising transferring of sensitive data from said enterprise source code when executing to said cloud source code when executing is prevented by manually preventing transfer of sensitive data from said enterprise source code and/or by Scheme for dynamic dataflow analysis for dynamic languages with support for asynchrony and reflection and/or a dynamic analysis method.
  - 10. The method of claim 1, wherein said code block contained by said function is semantically equivalent to said replaced code block.
  - 11. The method of claim 1, wherein an entry point to said cloud source code when executed is identical to an entry point to said software code when executed.
  - 12. The method of claim 1, wherein said cloud source code when executed is semantically equivalent to said source code when executed.

13. A system for refactoring a source code into two separate source codes, comprising:
- an interface for communicating with a user;
  
  one or more non-transitory computer-readable storage mediums;
  
  code instructions stored on at least one of said one or more storage mediums;
  
  one or more processors coupled to said interface and said program store for executing said code instructions, said code instructions comprising;
  
  code instructions for receiving a source code comprising a plurality of references to sensitive data, said source code is received according to a user input via said interface;
  
  code instructions for identifying a plurality of code blocks comprising said plurality of references in said source code, one or more of said plurality of code blocks is identified in said source code by assigning a weighting factor to words in a source code according to a list of sensitive data terms and by extracting words from compound phrases in source code according to at least one rule or coding standard of a member of a group consisting of;
  
  a camel case, an underscore separation, a compound name, and any programming language naming convention;
  
  code instructions for using an information retrieval algorithm to identify synonyms to words or phrases in said source code and assigning said weighting factor to said synonyms according to said list of sensitive data;
  
  code instructions for refactoring said source code into an enterprise source code having a plurality of functions containing said plurality of code blocks and a cloud source code that is semantically equivalent when executed to said source code when executed; and
  
  code instructions for replacing within said cloud source code at least one of said plurality of code blocks with a call to a function containing a corresponding code block located within said enterprise source code.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising code instructions for receiving a file comprising a text list of said sensitive to determine said code blocks, said list is received according to a user input received via said interface.
  - 15. The system of claim 13, further comprising said interface comprising a graphic user interface (GUI) allowing said user to input said source code by manually inputting a file name and a directory path and/or to said list of sensitive data, and/or to drag and drop a file containing said source code and/or a the containing said list of sensitive data into said GUI.
  - 16. The system of claim 13, further comprising code instructions for receiving via a interface, text input manually by said user, said text input comprising a list of sensitive data.
  - 17. The system of claim 13, further comprising code instructions for said interface to allow said user to initiate execution of said code instructions.
  - 18. The system of claim 13, further comprising a source code that when executed dynamically identifies and removes sensitive data from data fields sent by said functions in said enterprise source code when executed to said cloud source code when executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DoorDash, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Abadi, Aharon, Ben-Harrush, Idan, Ifergan-Guy, Nili, Pikus, Dmitri
Primary Examiner(s)
Dao, Thuy
Assistant Examiner(s)
Rivera, Anibal

Application Number

US14/995,217
Publication Number

US 20170206082A1
Time in Patent Office

684 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/6263   during internet communicati...

G06F 21/645   using a third party

G06F 8/48   Incremental compilation sof...

G06F 8/65   Updates security arrangemen...

G06F 8/70   Software maintenance or man...

G06F 8/72   Code refactoring

Automatic extraction of sensitive code fragments to be executed in a sandbox

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic extraction of sensitive code fragments to be executed in a sandbox

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links