The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 07, 2010
Filed:
Oct. 07, 2005
Ramanathan N Venkatapathy, Redmond, WA (US);
Jayaraman Thiagarajan, Redmond, WA (US);
Dong Wei, Redmond, WA (US);
Ramanathan N Venkatapathy, Redmond, WA (US);
Jayaraman Thiagarajan, Redmond, WA (US);
Dong Wei, Redmond, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
Methods and systems for analyzing a computer program use static and interprocedural analysis techniques and engines. A data processing operation, such as a function, is automatically identified within the computer program. It is determined whether the function represents a potential source for entry of untrusted data into the computer program. A course of the untrusted data is modeled through the identified function to produce a validation result, such as a call stack. Based on an attribute of the untrusted data (for example, whether the untrusted data is an unbounded integer or a string), it is determined whether the validation result identifies a security vulnerability of the computer program. A security vulnerability may exist, for example, when the modeled course of an unbounded integer through the function produces a buffer overrun in a call stack. The validation result is provided, via an API, software development tool, or user interface, for example.