US9880832B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9880832-B2 |
| Application number | US-201514640536-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 6, 2015 |
| Priority date | Mar 6, 2015 |
| Publication date | Jan 30, 2018 |
| Grant date | Jan 30, 2018 |
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
What the patent document calls the invention.
A short plain-language summary of the technical disclosure.
Who owns or filed the patent and who is credited as inventor.
Filing, priority, publication, and grant dates set the timeline.
The legal scope of protection — read this for what is actually claimed.
Technology tags used to group this patent with similar filings.
Prior art links and similar publications in this corpus.
Official abstract text for this publication.
Automated systems and methods for assessing the urgency of installing a patch for a component of a software application are described. The systems and methods involve identifying a set of defective programming constructs of the component that are altered by the patch, collecting execution traces of programming constructs of the software application and programming constructs of the component in a context of application use, and evaluating the execution traces to determine whether one or more defective programming constructs of the component are invoked in the context of application use.
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for securing a computer system against unauthorized access via a defective third-party component of a software application running on the computer system, the method comprising: assembling a list of programming constructs of the defective third-party component that are altered by a patch for the defective third-party component; sampling a subset of the application by collecting execution traces of programming constructs of the application that are used in a context of application use the sampled subset represented as an intersection of the programming constructs of the application and the collected execution traces representing a size of the sampled subset of the application; comparing the list with the execution traces to determine whether the programming constructs altered by the patch for the defective third-party component are invoked by the sampled subset of application; based on a fraction of the programming constructs of the defective third-party component in the software application that will be altered by the patch when installed in the software application and will be invoked in the context of application use, and the size of the sampled subset of the application, determining an urgency of installing the patch in the software application for the context of application use; and installing the patch for the defective third-party component in the software application for securing the computer system against unauthorized access, based on the determined urgency. 2. The method of claim 1 , wherein assembling the list of programming constructs of the defective third-party component that are altered by the patch for the defective third-party component includes comparing a pre-patch version and a post-patch version of source code of the component to identify defective programming constructs of the component that are altered by the patch. 3. The method of claim 2 , wherein comparing the pre-patch and post-patch versions of the source code of the component to identify defective programming constructs of the component includes retrieving executable files of the component that have been added, deleted or modified by the patch from the pre-patch and the post-patch versions of the source code of the component. 4. The method of claim 3 further comprising creating abstract syntax tree (AST) representations of the executable files, wherein the AST define programming constructs of the executable files. 5. The method of claim 4 , wherein for executable files of the component that have been added or deleted by the patch, all programming constructs identified by the respective AST representations of the added or deleted executable files are added to the list of programming constructs of the defective third-party component. 6. The method of claim 4 further comprising, for an executable file of the component that has been modified by the patch, comparing AST representations of pre-patch and post-patch versions of the executable file to identify programming constructs that have been modified by the patch. 7. The method of claim 1 , wherein collecting execution traces of programming constructs of the application that are used the context of application use in a context of application use includes embedding instrumentation code in code of the programming constructs. 8. The method of claim 1 further comprising generating a list of all the programming constructs in the software application and comparing the list of all the programming constructs with the execution traces to quantify a test coverage metric. 9. A system for securing a computer system against unauthorized access via a defective third-party component of a software application running on the computer system, the system comprising a memory and a semiconductor-based processor, the memory and the processor forming one or more logic circuits configured to: assemble a list of programming constructs of the defective third-party component that are altered by a patch for the defective third-party component; sample a subset of the application by collecting execution traces of programming constructs of the application that are used in a context of application use, the sampled subset represented as an intersection of the programming constructs of the application and the collected execution traces representing a size of the sampled subset of the application; compare the list with the execution traces to determine whether the programming constructs altered by the patch for the defective third-party component are invoked by the sampled subset of application; based on a fraction of the programming constructs of the defective third-party component in the software application that will be altered by the patch when installed in the software application and will be invoked in the context of application use, and the size of the sampled subset of the application, determine an urgency of installing the patch in the software application for the context of application use; and install the patch for the defective third-party component in the software application for securing the computer system against unauthorized access, based on the determined urgency. 10. The computer system of claim 9 , wherein the logic circuits are configured to compare a pre-patch version and a post-patch version of source code of the component to identify defective programming constructs of the component that are altered by the patch. 11. The computer system of claim 10 , wherein the logic circuits are configured to compare the pre-patch and post-patch versions of the source code of the component to identify defective programming constructs of the component by retrieving all executable files of the component that have been added, deleted or modified by the patch from the pre-patch and the post-patch versions of the source code of the component. 12. The computer system of claim 11 , wherein the logic circuits are configured to create abstract syntax tree (AST) representations of the executable files, wherein the AST define programming constructs of the executable files. 13. The computer system of claim 12 , wherein the logic circuits are further configured to, for executable files of the component that have been added or deleted by the patch, add all programming constructs identified by the respective AST representations of the added or deleted executable files to the list of programming constructs of the defective third-party component. 14. The computer system of claim 12 , wherein the logic circuits are further configured to, for an executable file of the component that has been modified by the patch, compare AST representations of pre-patch and post-patch versions of the executable file to identify programming constructs that have been modified by the patch. 15. The computer system of claim 9 , wherein the logic circuits are further configured to collect execution traces of programming constructs of the software application and programming constructs of the component in a context of application use by embedding instrumentation code in code of the programming constructs. 16. The computer system of claim 9 , wherein the logic circuits are further configured to generate a list of all the programming constructs in the software application and comparing the list of all the programming constructs with the execution traces to quantify a test coverage metric. 17. A non-transitory computer readable storage medium having instructions stored thereon, including instructions which, when executed by a microprocessor, secure a computer system agains
Related publications grouped by family.
Answers are generated from the same data shown on this page.