Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Global variable security analysis
US9075997B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9075997-B2 |
| Application number | US-201414153128-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 13, 2014 |
| Priority date | Nov 22, 2010 |
| Publication date | Jul 7, 2015 |
| Grant date | Jul 7, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked, the selected global variables being less than all the global variables in the program, wherein a given one of the selected global variables comprises at least one key of a map object; and using a static analysis performed on the program, comprising tracking flow through the program for the selected global variables, tracking flow through the program for a selected one of the at least one key of a map object of the given one of the selected global variables, and determining and updating grammar for the selected key for each string manipulation in which the selected key is involved; in response to the tracking of the one or more of the selected global variables, when the one or more of the selected global variables is used in security-sensitive operations in the flow, analyzing use of each one of the selected global variables in corresponding security-sensitive operations, wherein in response to the analyzing, if the use may be a potential security violation, then reporting the potential security violation; and in response to the tracking of the selected key, when the selected key is used in a security-sensitive operation in the flow, comparing a current grammar of the selected key with a specified grammar corresponding to the security-sensitive operation, wherein when the comparison indicates a security violation, then reporting a potential security violation based on the comparison. 2. The method of claim 1 , wherein reporting comprises placing indicia of the potential security violation into a file. 3. The method of claim 1 , wherein reporting further comprises displaying indicia of the potential security violation using a user interface displayed on a display. 4. The method of claim 1 , wherein determining the selected global variables in the program for which flow of the selected global variables through the program is to be tracked further comprises using at least one of a name of the selected global variable or a type of the selected global variable to determine that the flow of the selected global variable through the program is to be tracked. 5. The method of claim 1 , wherein tracking further comprises tracking flow through the program for the selected global variables by passing the selected global variables in method calls between methods of the program. 6. The method of claim 1 , wherein tracking further comprises tracking flow through the program for a given one of the selected global variables by reusing a same representation of the one global variable for different scopes of the one global variable and resetting analysis data for the global variable prior to analyzing the different scopes. 7. The method of claim 1 , wherein a given one of the selected global variables comprises at least one key of a map object and wherein using a static analysis performed on the program further comprises tracking flow through the program for each of the at least one keys; in response to one of the at least one keys being used in a security-sensitive operation in the flow, analyzing use of the one key in the security-sensitive operation; and in response to a determination the use of the one key may be a potential security violation, reporting the potential security violation. 8. A computer program product, comprising: a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising code for: determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked, the selected global variables being less than all the global variables in the program, wherein a given one of the selected global variables comprises at least one key of a map object; and using a static analysis performed on the program, comprising code for tracking flow through the program for the selected global variables, tracking flow through the program for a selected one of the at least one key of a map object of the given one of the selected global variables, and determining and updating grammar for the selected key for each string manipulation in which the selected key is involved; in response to the tracking of the one or more of the selected global variables, when the one or more of the selected global variables is used in security-sensitive operations in the flow, analyzing use of each one of the selected global variables in corresponding security-sensitive operations, wherein in response to the analyzing, if the use may be a potential security violation, then reporting the potential security violation; and in response to the tracking of the selected key, when the selected key is used in a security-sensitive operation in the flow, comparing a current grammar of the selected key with a specified grammar corresponding to the security-sensitive operation, wherein when the comparison indicates a security violation, then reporting a potential security violation based on the comparison. 9. The computer program product of claim 8 , wherein reporting comprises placing indicia of the potential security violation into a file. 10. The computer program product of claim 8 , wherein reporting further comprises displaying indicia of the potential security violation using a user interface displayed on a display. 11. The computer program product of claim 8 , wherein determining the selected global variables in the program for which flow of the selected global variables through the program is to be tracked further comprises using at least one of a name of the selected global variable or a type of the selected global variable to determine that the flow of the selected global variable through the program is to be tracked. 12. The computer program product of claim 8 , wherein tracking further comprises tracking flow through the program for the selected global variables by passing the selected global variables in computer program product calls between methods of the program. 13. The computer program product of claim 8 , wherein a given one of the selected global variables comprises at least one key of a map object and wherein using a static analysis performed on the program further comprises tracking flow through the program for each of the at least one keys; in response to one of the at least one keys being used in a security-sensitive operation in the flow, analyzing use of the one key in the security-sensitive operation; and in response to a determination the use of the one key may be a potential security violation, reporting the potential security violation. 14. An apparatus, comprising: at least one memory comprising computer code; and at least one processor, the computer code controlling the at least one processor to perform at least the following: determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked, the selected global variables being less than all the global variables in the program, wherein a given one of the selected global variables comprises at least one key of a map object; and using a static analysis performed on the program, comprising tracking flow through the program for the selected global variables, tracking flow through the program for a selected one of the at least one key of a map object of the given one of the selected global variables, and determining and updating grammar for the selected key for each string manipulation in which the selected
Assignees
Inventors
Classifications
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Test or assess a computer or a system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9075997B2 cover?
- A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 07 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).