Systems and methods for detecting software security vulnerabilities
First Claim
Patent Images
1. A method of detecting buffer vulnerabilities in software, comprising:
- receiving a software artifact for analysis;
receiving a set of buffer vulnerabilities that may exist in the software artifact, wherein a buffer vulnerability is defined as a software feature capable of facilitating attacks against a user of the software;
at least one of creating and receiving a system dependency graph, the system dependency graph being a representation of (i) possible sequences of instructions that may be encountered if the software artifact were executed, and (ii) possible ways in which variables in the software artifact could have their values defined and used if the software artifact were executed;
defining constraints for a plurality of program statements of which the software artifact is a component, wherein each of the constraints comprises one or more mathematical assertions describing how a given statement, function or procedure affects the software artifact if the software artifact were executed;
for each potential buffer vulnerability, tracing through the system dependency graph by visiting statements in the plurality of program statements in a predetermined order determined by the system dependency graph, starting at a location of the potential buffer vulnerability, and collecting the constraints associated with each statement, function or procedure of the software artifact so visited determining a maximum value length that has been assigned to a buffer corresponding to a potential buffer vulnerability and comparing the determined maximum value length to an amount of memory that has been allocated to the buffer to detect a buffer vulnerability; and
displaying a list of buffer vulnerabilities that are not marked as being safe,wherein at least some of the constraints are linking constraints that link values of one variable between two consecutive program statements.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention relate to systems and methods for static analysis of a software application. According to an embodiment, a system includes a program scanner coupled to an analysis engine. The program scanner is configured to identify one or more vulnerability patterns in a software program and to output an initial potential vulnerability list. The analysis engine is configured to apply one or more rules to a potential vulnerability to determine whether the potential vulnerability is a vulnerability.
79 Citations
10 Claims
-
1. A method of detecting buffer vulnerabilities in software, comprising:
-
receiving a software artifact for analysis; receiving a set of buffer vulnerabilities that may exist in the software artifact, wherein a buffer vulnerability is defined as a software feature capable of facilitating attacks against a user of the software; at least one of creating and receiving a system dependency graph, the system dependency graph being a representation of (i) possible sequences of instructions that may be encountered if the software artifact were executed, and (ii) possible ways in which variables in the software artifact could have their values defined and used if the software artifact were executed; defining constraints for a plurality of program statements of which the software artifact is a component, wherein each of the constraints comprises one or more mathematical assertions describing how a given statement, function or procedure affects the software artifact if the software artifact were executed; for each potential buffer vulnerability, tracing through the system dependency graph by visiting statements in the plurality of program statements in a predetermined order determined by the system dependency graph, starting at a location of the potential buffer vulnerability, and collecting the constraints associated with each statement, function or procedure of the software artifact so visited determining a maximum value length that has been assigned to a buffer corresponding to a potential buffer vulnerability and comparing the determined maximum value length to an amount of memory that has been allocated to the buffer to detect a buffer vulnerability; and displaying a list of buffer vulnerabilities that are not marked as being safe, wherein at least some of the constraints are linking constraints that link values of one variable between two consecutive program statements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification