Patents by Inventor Behnaz Hassanshahi
Behnaz Hassanshahi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240054232Abstract: A method includes receiving multiple security framework requirements, mapping the security framework requirements to a predicate, mapping the predicate to a system-specific implementation, evaluating, using a runtime system, the target system by analyzing a multitude of build files using the system-specific implementation, and presenting a report indicating whether the security framework requirements are satisfied.Type: ApplicationFiled: August 15, 2022Publication date: February 15, 2024Applicant: Oracle International CorporationInventors: Trong Nhan MAI, Behnaz HASSANSHAHI, Padmanabhan KRISHNAN
-
Patent number: 11755744Abstract: A method may include identifying, by executing an application, an entry point corresponding to a Universal Resource Locator (URL) path, extracting, from the application, an entry point declaration corresponding to the entry point, determining, by performing a static analysis starting at the entry point declaration, that a parameter is accessible by the application, and inferring, by the static analysis, a type of the parameter by analyzing usage of the parameter by the application.Type: GrantFiled: November 7, 2019Date of Patent: September 12, 2023Assignee: Oracle International CorporationInventors: Francois Gauthier, Behnaz Hassanshahi, Max Marius Schlüter
-
Patent number: 11250139Abstract: A method may include sending, to an entry point of an instrumented web application, a first request including a first value of a parameter. The first value may correspond to a first vulnerability category. The method may further include receiving, from the instrumented web application, first taint analysis results, determining that the first taint analysis results include a sink function corresponding to a second vulnerability category, and sending, to the entry point, a second request including a second value of the parameter. The second value may correspond to the second vulnerability category. The method may further include receiving, from the instrumented web application and in response to sending the second request, second taint analysis results including the sink function, and detecting, in the instrumented web application and using the second taint analysis results, a vulnerability corresponding to the sink function and the second vulnerability category.Type: GrantFiled: April 27, 2020Date of Patent: February 15, 2022Assignee: Oracle International CorporationInventors: François Gauthier, Behnaz Hassanshahi, Benjamin Selwyn-Smith
-
Patent number: 11163876Abstract: A method may include generating a callgraph by performing a static analysis of code that includes event handlers, and selecting, using the callgraph, a state of the code, selecting, using the callgraph, an event enabled in the selected state. The event corresponds to an event handler. The method may further include obtaining an input, obtaining a next state by executing the event handler with the obtained input in the selected state, in response to executing the event handler, generating an input modification rule using the obtained input, and generating, using the input modification rule and the obtained input, a modified input that bypasses a guard in the code that controls access to the point of interest.Type: GrantFiled: January 29, 2019Date of Patent: November 2, 2021Assignee: Oracle International CorporationInventors: Behnaz Hassanshahi, Hyunjun Lee
-
Publication number: 20210334385Abstract: A method may include sending, to an entry point of an instrumented web application, a first request including a first value of a parameter. The first value may correspond to a first vulnerability category. The method may further include receiving, from the instrumented web application, first taint analysis results, determining that the first taint analysis results include a sink function corresponding to a second vulnerability category, and sending, to the entry point, a second request including a second value of the parameter. The second value may correspond to the second vulnerability category. The method may further include receiving, from the instrumented web application and in response to sending the second request, second taint analysis results including the sink function, and detecting, in the instrumented web application and using the second taint analysis results, a vulnerability corresponding to the sink function and the second vulnerability category.Type: ApplicationFiled: April 27, 2020Publication date: October 28, 2021Applicant: Oracle International CorporationInventors: François Gauthier, Behnaz Hassanshahi, Benjamin Selwyn-Smith
-
Publication number: 20210141904Abstract: A method may include identifying, by executing an application, an entry point corresponding to a Universal Resource Locator (URL) path, extracting, from the application, an entry point declaration corresponding to the entry point, determining, by performing a static analysis starting at the entry point declaration, that a parameter is accessible by the application, and inferring, by the static analysis, a type of the parameter by analyzing usage of the parameter by the application.Type: ApplicationFiled: November 7, 2019Publication date: May 13, 2021Inventors: Francois Gauthier, Behnaz Hassanshahi, Max Marius Schlüter
-
Patent number: 10915639Abstract: A method may include obtaining, from a runtime system that executes code, a source value at a source point of the code and a sink value at a sink point of the code, identifying a potential taint flow from the source point to the sink point by performing a series of taint inferences that each infer a relationship between the source value and the sink value, and determining whether the potential taint flow is an actual taint flow by performing a series of taint checks that each analyze the execution of the code using the source value and the sink value.Type: GrantFiled: August 8, 2018Date of Patent: February 9, 2021Assignee: Oracle International CorporationInventors: Behnaz Hassanshahi, Hyunjun Lee, Alexander Jordan, Francois Gauthier
-
Patent number: 10783245Abstract: A method may include obtaining a list of to-be-analyzed modules of an application. The list of to-be-analyzed modules may include a first module including a statement. The method may further include generating initial results by performing an initial iteration of a static analysis that analyzes each module in the list of to-be-analyzed modules, determining, by the initial iteration, that the statement is a function call to a second module not in the list of to-be-analyzed modules, in response to the determination, assigning, by the initial iteration, an abstract value to a memory address associated with the statement, adding, to the abstract value, a tag including a name of the second module, updating, using the tag and the initial results, the list of to-be-analyzed modules, and generating next results by performing a next iteration of the static analysis that analyzes each module in the updated list of to-be-analyzed modules.Type: GrantFiled: November 30, 2018Date of Patent: September 22, 2020Assignee: Oracle International CorporationInventors: Behnaz Hassanshahi, Benjamin Barslev Nielsen
-
Publication number: 20200242244Abstract: A method may include generating a callgraph by performing a static analysis of code that includes event handlers, and selecting, using the callgraph, a state of the code, selecting, using the callgraph, an event enabled in the selected state. The event corresponds to an event handler. The method may further include obtaining an input, obtaining a next state by executing the event handler with the obtained input in the selected state, in response to executing the event handler, generating an input modification rule using the obtained input, and generating, using the input modification rule and the obtained input, a modified input that bypasses a guard in the code that controls access to the point of interest.Type: ApplicationFiled: January 29, 2019Publication date: July 30, 2020Applicant: Oracle International CorporationInventors: Behnaz Hassanshahi, Hyunjun Lee
-
Publication number: 20200175163Abstract: A method may include obtaining a list of to-be-analyzed modules of an application. The list of to-be-analyzed modules may include a first module including a statement. The method may further include generating initial results by performing an initial iteration of a static analysis that analyzes each module in the list of to-be-analyzed modules, determining, by the initial iteration, that the statement is a function call to a second module not in the list of to-be-analyzed modules, in response to the determination, assigning, by the initial iteration, an abstract value to a memory address associated with the statement, adding, to the abstract value, a tag including a name of the second module, updating, using the tag and the initial results, the list of to-be-analyzed modules, and generating next results by performing a next iteration of the static analysis that analyzes each module in the updated list of to-be-analyzed modules.Type: ApplicationFiled: November 30, 2018Publication date: June 4, 2020Applicant: Oracle International CorporationInventors: Behnaz Hassanshahi, Benjamin Barslev Nielsen
-
Publication number: 20190311131Abstract: A method may include obtaining, from a runtime system that executes code, a source value at a source point of the code and a sink value at a sink point of the code, identifying a potential taint flow from the source point to the sink point by performing a series of taint inferences that each infer a relationship between the source value and the sink value, and determining whether the potential taint flow is an actual taint flow by performing a series of taint checks that each analyze the execution of the code using the source value and the sink value.Type: ApplicationFiled: August 8, 2018Publication date: October 10, 2019Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Behnaz Hassanshahi, Hyunjun Lee, Alexander Jordan, Francois Gauthier
-
Patent number: 10318257Abstract: A method for points-to program analysis includes extracting a kernel from a program, performing a fixed object sensitive points to analysis of the kernel to obtain fixed analysis results, and assigning, for a first candidate object in the kernel, a first context depth to the first candidate object. The candidate objects are identified using the fixed analysis results. The method further includes assigning, for a second candidate object, a second context depth to the second candidate object. The second context depth is different than the first context depth. The method further includes performing, to obtain selective analysis results, a selective object sensitive points to analysis using the first context depth for the first candidate object and the second context depth for the second candidate object, and performing an action based on the selective analysis results.Type: GrantFiled: May 20, 2016Date of Patent: June 11, 2019Assignee: Oracle International CorporationInventors: Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard F. Scholz, Yi Lu
-
Publication number: 20170337118Abstract: A method for points-to program analysis includes extracting a kernel from a program, performing a fixed object sensitive points to analysis of the kernel to obtain fixed analysis results, and assigning, for a first candidate object in the kernel, a first context depth to the first candidate object. The candidate objects are identified using the fixed analysis results. The method further includes assigning, for a second candidate object, a second context depth to the second candidate object. The second context depth is different than the first context depth. The method further includes performing, to obtain selective analysis results, a selective object sensitive points to analysis using the first context depth for the first candidate object and the second context depth for the second candidate object, and performing an action based on the selective analysis results.Type: ApplicationFiled: May 20, 2016Publication date: November 23, 2017Inventors: Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard F. Scholz, Yi Lu