The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 29, 2013
Filed:
Nov. 19, 2010
Ryan Berg, Sudbury, MA (US);
Marco Pistoia, Amawalk, NY (US);
Takaaki Tateishi, Yamato, JP;
Omer Tripp, Har-Adar, IL;
Ryan Berg, Sudbury, MA (US);
Marco Pistoia, Amawalk, NY (US);
Takaaki Tateishi, Yamato, JP;
Omer Tripp, Har-Adar, IL;
International Business Machines Corporation, Armonk, NY (US);
Abstract
A method includes performing a static analysis on a program having sources and sinks to track string flow from the sources to the sinks. The static analysis includes, for string variables in the program that begin at sources, computing grammar of all possible string values for each of the string variables and, for methods in the program operating on any of the string variables, computing grammar of string variables returned by the methods. The static analysis also includes, in response to one of the string variables reaching a sink that performs a security-sensitive operation, comparing current grammar of the one string variable with a policy corresponding to the security-sensitive operation, and performing a reporting operation based on the comparing. Apparatus and computer program products are also disclosed.