Patents by Inventor Salvatore A. GUARNIERI
Salvatore A. GUARNIERI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956562Abstract: A security analysis of an application is performed by encoding predicates during a first operation by asserting a set of data flow facts comprising a mapping from a variable to a security-relevant substring of a string of the application. A respective truth value is associated with each data flow fact of the set of data flow facts. The set of data flow facts and each truth value are stored in a tangible computer-readable memory device. The truth value of at least one data flow fact of the set of data flow facts is updated in at least one subsequent operation using a set of abstract transformers to eliminate or reduce a security vulnerability in the application.Type: GrantFiled: June 14, 2017Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 10545848Abstract: An improved static program analysis procedure is provided by formulating a set of seeding configurations, and selecting a subset of queries posed by the static program analysis procedure. In response to one or more queries of the subset of queries being answered positively under at least one configuration of the set of seeding configurations, the one or more queries are determined to be valid queries. Each query of the valid queries is evaluated under each configuration of the set of seeding configurations to determine an accuracy score for each seeding configuration. A seeding configuration having a highest accuracy score is selected as a tool configuration to be used with the static program analysis procedure.Type: GrantFiled: October 11, 2016Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Salvatore Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 10372582Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.Type: GrantFiled: March 25, 2016Date of Patent: August 6, 2019Assignee: International Business Machines CorporationInventors: Salvatore A. Guarnieri, Marco Pistoia, Takaaki Tateishi, Omer Tripp
-
Publication number: 20180365414Abstract: A security analysis of an application is performed by encoding predicates during a first operation by asserting a set of data flow facts comprising a mapping from a variable to a security-relevant substring of a string of the application. A respective truth value is associated with each data flow fact of the set of data flow facts. The set of data flow facts and each truth value are stored in a tangible computer-readable memory device. The truth value of at least one data flow fact of the set of data flow facts is updated in at least one subsequent operation using a set of abstract transformers to eliminate or reduce a security vulnerability in the application.Type: ApplicationFiled: June 14, 2017Publication date: December 20, 2018Inventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Publication number: 20180101463Abstract: An improved static program analysis procedure is provided by formulating a set of seeding configurations, and selecting a subset of queries posed by the static program analysis procedure. In response to one or more queries of the subset of queries being answered positively under at least one configuration of the set of seeding configurations, the one or more queries are determined to be valid queries. Each query of the valid queries is evaluated under each configuration of the set of seeding configurations to determine an accuracy score for each seeding configuration. A seeding configuration having a highest accuracy score is selected as a tool configuration to be used with the static program analysis procedure.Type: ApplicationFiled: October 11, 2016Publication date: April 12, 2018Inventors: Salvatore Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9940464Abstract: Methods for creating a hybrid string representation include determining string components from input string information that may be represented concretely by comparing the one or more components to a set of known concretizations using a processor. The set of known concretizations includes string configurations that cannot be interfered with by an attacker. All string components that could not be represented concretely are abstracted. A hybrid string representation is created that includes at least one concrete string component and at least one abstracted string component.Type: GrantFiled: July 26, 2016Date of Patent: April 10, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9940465Abstract: A hybrid string constructor includes a database configured to store a set of known concretizations. A processor is configured to compare the one or more string components to the set of known concretizations to determine string components from input string information that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component. The set of known concretizations includes string configurations that cannot be interfered with by an attacker.Type: GrantFiled: September 12, 2016Date of Patent: April 10, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Publication number: 20160378995Abstract: A hybrid string constructor includes a database configured to store a set of known concretizations. A processor is configured to compare the one or more string components to the set of known concretizations to determine string components from input string information that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component. The set of known concretizations includes string configurations that cannot be interfered with by an attacker.Type: ApplicationFiled: September 12, 2016Publication date: December 29, 2016Inventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Publication number: 20160335434Abstract: Methods for creating a hybrid string representation include determining string components from input string information that may be represented concretely by comparing the one or more components to a set of known concretizations using a processor. The set of known concretizations includes string configurations that cannot be interfered with by an attacker. All string components that could not be represented concretely are abstracted. A hybrid string representation is created that includes at least one concrete string component and at least one abstracted string component.Type: ApplicationFiled: July 26, 2016Publication date: November 17, 2016Inventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9459986Abstract: A computer program to be subjected to static analysis includes at least one framework, in turn including high-level code and at least one configuration file. A specification which describes run-time behavior of the program, including run-time behavior of the at least one framework including the high-level code and the at least one configuration file, is created from the computer program. Based on the specification, synthetic high-level code which accurately simulates the run-time behavior of the at least one framework including the high-level code and the at least one configuration file, without framework usage, is created. Static analysis of the computer program is carried out based on the synthetic high-level code.Type: GrantFiled: August 28, 2013Date of Patent: October 4, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9460282Abstract: Systems for constructing hybrid string representations include a string parser configured to parse received string information to produce one or more string components, a database configured to store a set of known concretizations, and a processor configured to compare the one or more string components to the set of known concretizations to determine string components that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.Type: GrantFiled: September 12, 2012Date of Patent: October 4, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9424423Abstract: Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.Type: GrantFiled: September 12, 2012Date of Patent: August 23, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9405916Abstract: Methods and systems for automatic correction of security downgraders. For one or more flows having one or more candidate downgraders, it is determined whether each candidate downgrader protects against all vulnerabilities associated with the candidate downgrader's respective flow. Candidate downgraders that do not protect against all of the associated vulnerabilities are transformed, such that the transformed downgraders do protect against all of the associated vulnerabilities.Type: GrantFiled: March 10, 2015Date of Patent: August 2, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Publication number: 20160210217Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.Type: ApplicationFiled: March 25, 2016Publication date: July 21, 2016Inventors: Salvatore A. Guarnieri, Marco Pistoia, Takaaki Tateishi, Omer Tripp
-
Patent number: 9396336Abstract: Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities.Type: GrantFiled: August 12, 2015Date of Patent: July 19, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9336120Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.Type: GrantFiled: August 30, 2013Date of Patent: May 10, 2016Assignee: International Business Machines CorporationInventors: Salvatore A. Guarnieri, Marco Pistoia, Takaaki Tateishi, Omer Tripp
-
Patent number: 9223984Abstract: A method includes mapping, based on a first mapping from possible security findings to possible configuration-related sources of imprecision, actual security findings from a static analysis of a program to corresponding configuration-related sources of imprecision, the mapping of the actual security findings creating a second mapping. A user is requested to configure selected ones of the configuration-related sources of imprecision from the second mapping. Responsive to a user updating configuration corresponding to the selected ones of the configuration-related sources of imprecision, security analysis results are updated for the static analysis of the program at least by determining whether one or more security findings from the security analysis results are no longer considered to be vulnerable based on the updated configuration by the user. The updated security analysis results are output. Apparatus and program products are also disclosed.Type: GrantFiled: September 12, 2013Date of Patent: December 29, 2015Assignee: GlobalFoundries Inc.Inventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Patent number: 9208061Abstract: An exemplary apparatus and computer program product are disclosed which employ a method that includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis.Type: GrantFiled: September 12, 2013Date of Patent: December 8, 2015Assignee: GlobalFoundries Inc.Inventors: Salvatore A. Guarnieri, Marco Pistoia, Omer Tripp
-
Publication number: 20150347761Abstract: Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities.Type: ApplicationFiled: August 12, 2015Publication date: December 3, 2015Inventors: SALVATORE A. GUARNIERI, MARCO PISTOIA, OMER TRIPP
-
Publication number: 20150317237Abstract: An exemplary method includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis. Apparatus and program products are also disclosed.Type: ApplicationFiled: June 25, 2015Publication date: November 5, 2015Inventors: Salvatore A. GUARNIERI, Marco Pistoia, Omer Tripp