Abstract: Methods, software tools and systems for analyzing software applications, e.g., Web applications, are described. A software application to be analyzed is transformed into an abstract representation which preserves its information flow properties. The abstract interpretation is evaluated to identify vulnerabilities using, for example, type qualifiers to associate security levels with variables and/or functions in the application being analyzed and typestate checking. Runtime guards are inserted into the application to secure identified vulnerabilities.
Type:
Grant
Filed:
August 5, 2010
Date of Patent:
October 8, 2013
Assignee:
Armorize Technologies, Inc.
Inventors:
Yao-Wen Huang, Fang Yu, Chung-Hung Tsai, Christian Hang, Der-Tsai Lee, Sy-Yen Kuo
Abstract: Methods, software tools and systems for analyzing software applications, e.g., Web applications, are described. A software application to be analyzed is transformed into an abstract representation which preserves its information flow properties. The abstract interpretation is evaluated to identify vulnerabilities using, for example, type qualifiers to associate security levels with variables and/or functions in the application being analyzed and typestate checking. Runtime guards are inserted into the application to secure identified vulnerabilities.
Type:
Application
Filed:
August 5, 2010
Publication date:
August 11, 2011
Applicant:
ARMORIZE TECHNOLOGIES, INC.
Inventors:
Yao-Wen Huang, Fang Yu, Chung-Hung Tsai, Christian Hang, Der-Tsai Lee, Sy-Yen Kuo
Abstract: Methods, software tools and systems for analyzing software applications, e.g., Web applications, are described. A software application to be analyzed is transformed into an abstract representation which preserves its information flow properties. The abstract interpretation is evaluated to identify vulnerabilities using, for example, type qualifiers to associate security levels with variables and/or functions in the application being analyzed and typestate checking. Runtime guards are inserted into the application to secure identified vulnerabilities.
Type:
Grant
Filed:
May 16, 2006
Date of Patent:
August 17, 2010
Assignee:
Armorize Technologies, Inc.
Inventors:
Yao-Wen Huang, Fang Yu, Chung-Hung Tsai, Christian Hang, Der-Tsai Lee, Sy-Yen Kuo