Abstract: Methods and systems of detecting vulnerabilities in source code using inter-procedural analysis of source code. Vulnerabilities in a pre-existing source code listing are detected. The variables in the source code listing are modeled in the context of at least one of the inherent control flow and inherent data flow. The variable models are used to create models of arguments to routine calls in the source code listing. The source code listing is modeled with a call graph to represent routine call interactions expressed in the source code listing. The arguments to routine calls are modeled to account for inter-procedural effects and dependencies on the arguments as expressed in the source code listing.
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.
Type:
Grant
Filed:
April 15, 2004
Date of Patent:
August 26, 2008
Assignee:
Ounce Labs, Inc.
Inventors:
Ryan James Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.
Type:
Grant
Filed:
June 13, 2007
Date of Patent:
July 8, 2008
Assignee:
Ounce Labs, Inc.
Inventors:
Ryan J. Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routines posses one or more of pre-selected vulnerabilities.
Type:
Grant
Filed:
April 15, 2004
Date of Patent:
July 8, 2008
Assignee:
Ounce Labs, Inc.
Inventors:
Ryan James Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.
Type:
Grant
Filed:
April 15, 2004
Date of Patent:
July 3, 2007
Assignee:
Ounce Labs, Inc.
Inventors:
Ryan James Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.
Type:
Application
Filed:
April 15, 2004
Publication date:
December 23, 2004
Applicant:
Ounce Labs, Inc.
Inventors:
Ryan James Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein
Abstract: A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routines posses one or more of pre-selected vulnerabilities.
Type:
Application
Filed:
April 15, 2004
Publication date:
December 16, 2004
Applicant:
Ounce Labs, Inc.
Inventors:
Ryan James Berg, Larry Rose, John Peyton, John J. Danahy, Robert Gottlieb, Chris Rehbein