What technology area does this patent fall under?

Primary CPC classification G06F21/577. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Feb 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Detecting second-order security vulnerabilities in libraries

US11586740B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11586740-B2
Application number	US-202117163193-A
Country	US
Kind code	B2
Filing date	Jan 29, 2021
Priority date	Jan 29, 2021
Publication date	Feb 21, 2023
Grant date	Feb 21, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for executing a second-order taint analysis on library code may include generating, by executing a first-order taint analysis on the library code starting at a sink, a first execution path from a load instruction to the sink. The load instruction may perform: reading a first value using a first global identifier. The method may further include determining a store instruction by matching the load instruction and the store instruction. The store instruction may perform: writing a second value using a second global identifier. The method may further include, generating a second execution path from the store instruction to the load instruction, generating, by executing the first-order taint analysis on the library code starting at the store instruction, a third execution path from an entry point to the store instruction, and forming a potential second-order taint flow by joining the first, second, and third execution paths.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for executing a second-order taint analysis on library code, comprising: generating, by executing a first-order taint analysis on the library code starting at a sink, a first execution path from a first load instruction to the sink, wherein the first load instruction performs: reading a first value using a first global identifier, and wherein the library code comprises a plurality of entry points; determining a first store instruction of one or more store instructions by matching the first load instruction and the first store instruction, wherein the first store instruction performs: writing a second value using a second global identifier; in response to matching the first load instruction and the first store instruction, generating a second execution path from the first store instruction to the first load instruction; generating, by executing the first-order taint analysis on the library code starting at the first store instruction, a third execution path from a first entry point of the plurality of entry points to the first store instruction; and forming a first potential second-order taint flow by joining the first execution path, the second execution path, and the third execution path. 2. The method of claim 1 , wherein matching the first load instruction and the first store instruction comprises: matching the first global identifier and the second global identifier. 3. The method of claim 1 , wherein matching the first load instruction and the first store instruction comprises: determining that the first global identifier is mapped to a third global identifier; and matching the third global identifier and the second global identifier. 4. The method of claim 1 , further comprising: in response to executing the first-order taint analysis on the library code starting at the first store instruction, generating a fourth execution path from a second load instruction to the first store instruction, wherein the second load instruction performs: reading a third value using a third global identifier; determining a second store instruction by matching the second load instruction and the second store instruction, wherein the second store instruction performs: writing the third value using the third global identifier; in response to matching the second load instruction and the second store instruction, generating a fifth execution path from the second store instruction to the second load instruction; generating, by executing the first-order taint analysis on the library code starting at the second store instruction, a sixth execution path from a second entry point of the plurality of entry points to the second store instruction; and forming a second potential second-order taint flow by joining the first execution path, the second execution path, the fourth execution path, the second fifth path, and the sixth execution path. 5. The method of claim 4 , further comprising: associating, with each of the one or more store instructions, an already-seen global identifier list; adding the first global identifier to the already-seen global identifier list; and in response to matching the second load instruction and the second store instruction, determining that the third global identifier is excluded from the already-seen global identifier list associated with the first store instruction, wherein the fifth execution path is generated in response to determining that the third global identifier is excluded from the already-seen global identifier list associated with the first store instruction. 6. The method of claim 1 , wherein the first global identifier comprises an identifier of a table in a database and an identifier of a column of the table. 7. The method of claim 1 , wherein the first global identifier comprises an identifier of an object and an identifier of an attribute of the object, and wherein the object is generated in response to application code invoking the library code at one of the plurality of entry points. 8. A system comprising: a computer processor; a repository configured to store library code comprising a plurality of entry points, a first load instruction, a first store instruction of one or more store instructions, and a sink, wherein the first load instruction performs: reading a first value using a first global identifier, and wherein the first store instruction performs: writing a second value using a second global identifier; and a library analyzer, executing on the computer processor and configured to: generate, by executing a first-order taint analysis on the library code starting at the sink, a first execution path from the first load instruction to the sink, determine the first store instruction by matching the first load instruction and the first store instruction, in response to matching the first load instruction and the first store instruction, generate a second execution path from the first store instruction to the first load instruction, generate, by executing the first-order taint analysis on the library code starting at the first store instruction, a third execution path from a first entry point of the plurality of entry points to the first store instruction, and form a first potential second-order taint flow by joining the first execution path, the second execution path, and the third execution path. 9. The system of claim 8 , wherein the library analyzer is further configured to match the first load instruction and the first store instruction by: matching the first global identifier and the second global identifier. 10. The system of claim 8 , wherein the library analyzer is further configured to match the first load instruction and the first store instruction by: determining that the first global identifier is mapped to a third global identifier, matching the third global identifier and the second global identifier. 11. The system of claim 8 , wherein the library analyzer is further configured to: in response to executing the first-order taint analysis on the library code starting at the first store instruction, generate a fourth execution path from a second load instruction to the first store instruction, wherein the second load instruction performs: reading a third value using a third global identifier, determine a second store instruction by matching the second load instruction and the second store instruction, wherein the second store instruction performs: writing the third value using the third global identifier, in response to matching the second load instruction and the second store instruction, generate a fifth execution path from the second store instruction to the second load instruction, generate, by executing the first-order taint analysis on the library code starting at the second store instruction, a sixth execution path from a second entry point of the plurality of entry points to the second store instruction, and form a second potential second-order taint flow by joining the first execution path, the second execution path, the fourth execution path, the second fifth path, and the sixth execution path. 12. The system of claim 11 , wherein the library analyzer is further configured to: associate, with each of the one or more store instructions, an already-seen global identifier list, add the first global identifier to the already-seen global identifier list, and in response to matching the second load instruction and the second store instruction, determine that the third global identifier is excluded from the already-seen global identifier list associated with the first store instruction, wherein the fifth execution path is generated in response to determin

Assignees

Oracle Int Corp

Inventors

Classifications

G06F2221/033
Test or assess software · CPC title
G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
G06F21/563
by source code analysis · CPC title

Patent family

Related publications grouped by family.

View patent family 82612504

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11586740B2 cover?: A method for executing a second-order taint analysis on library code may include generating, by executing a first-order taint analysis on the library code starting at a sink, a first execution path from a load instruction to the sink. The load instruction may perform: reading a first value using a first global identifier. The method may further include determining a store instruction by matchin…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification G06F21/577. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Feb 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).