Patents by Inventor Stephen Darwin Teilhet
Stephen Darwin Teilhet has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10586050Abstract: A static analysis tool is augmented to provide a mechanism by which a large set (and potentially all) security warnings output from the tool may be represented to the user in a manner that is manageable for consumption by the user. According to this disclosure, a static analysis is run on a program to generate a set of security warnings. Using dynamic programming, the set of security warnings output by the static analysis are mapped onto a collection of fix points, wherein a fix point captures a location within the program that should be visited to fix a set of warnings that map to that fix point. The fix points represent the highest probable locations of particular potential vulnerabilities in the program. They are computed in a parametric manner, preferably according to user preferences, by solving an instance of a “knapsack” problem.Type: GrantFiled: December 5, 2016Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Kristofer Alyn Duer, Jonathan J. Butler, John Thomas Peyton, Jr., Stephen Darwin Teilhet, Omer Tripp
-
Patent number: 10091232Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.Type: GrantFiled: August 7, 2017Date of Patent: October 2, 2018Assignee: International Business Machines CorporationInventors: Stephen Darwin Teilhet, Kristofer Alyn Duer, John Thomas Peyton, Jr., Omer Tripp
-
Patent number: 10055590Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.Type: GrantFiled: September 13, 2013Date of Patent: August 21, 2018Assignee: International Business Machines CorporationInventors: Salvatore Angelo Guarnieri, Marco Pistoia, Stephen Darwin Teilhet, Omer Tripp
-
Publication number: 20180157844Abstract: A static analysis tool is augmented to provide a mechanism by which a large set (and potentially all) security warnings output from the tool may be represented to the user in a manner that is manageable for consumption by the user. According to this disclosure, a static analysis is run on a program to generate a set of security warnings. Using dynamic programming, the set of security warnings output by the static analysis are mapped onto a collection of fix points, wherein a fix point captures a location within the program that should be visited to fix a set of warnings that map to that fix point. The fix points represent the highest probable locations of particular potential vulnerabilities in the program. They are computed in a parametric manner, preferably according to user preferences, by solving an instance of a “knapsack” problem.Type: ApplicationFiled: December 5, 2016Publication date: June 7, 2018Inventors: Kristofer Alyn Duer, Jonathan J. Butler, John Thomas Peyton, JR., Stephen Darwin Teilhet, Omer Tripp
-
Publication number: 20180091544Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.Type: ApplicationFiled: August 7, 2017Publication date: March 29, 2018Inventors: Stephen Darwin Teilhet, Kristofer Alyn Duer, John Thomas Peyton, JR., Omer Tripp
-
Patent number: 9729569Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.Type: GrantFiled: April 21, 2015Date of Patent: August 8, 2017Assignee: International Business Machines CorporationInventors: Stephen Darwin Teilhet, Kristofer Alyn Duer, John Thomas Peyton, Jr., Omer Tripp
-
Patent number: 9544327Abstract: A cloud-based static analysis security tool accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments.Type: GrantFiled: November 20, 2015Date of Patent: January 10, 2017Assignee: International Business Machines CorporationInventors: Babita Sharma, Kristofer Alyn Duer, Richard Myer Goldberg, Stephen Darwin Teilhet, Jeffrey Charles Turnham, Shu Wang, Hua Xiao
-
Publication number: 20160315960Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.Type: ApplicationFiled: April 21, 2015Publication date: October 27, 2016Inventors: Stephen Darwin Teilhet, Kristofer Alyn Duer, John Thomas Peyton, Jr., Omer Tripp
-
Patent number: 9384354Abstract: A method includes a computing system reading a rule file that includes one or more rules having specified paths to methods, such that each method corresponds to one of a sink, source, or sanitizer. The method includes the computing system matching the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes the computing system, using the sinks, sources, and sanitizers found by the matching, performing a taint analysis to determine at least tainted flows from sources to sinks, the tainted flows being flows that pass information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also shown.Type: GrantFiled: February 20, 2013Date of Patent: July 5, 2016Assignee: International Business Machines CorporationInventors: Salvatore Angelo Guarnieri, Marco Pistoia, Stephen Darwin Teilhet, Omer Tripp
-
Publication number: 20140237604Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.Type: ApplicationFiled: September 13, 2013Publication date: August 21, 2014Applicant: International Business Machines CorporationInventors: Salvatore Angelo Guarnieri, Marco Pistoia, Stephen Darwin Teilhet, Omer Tripp
-
Publication number: 20140237603Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.Type: ApplicationFiled: February 20, 2013Publication date: August 21, 2014Applicant: International Business Machines CorporationInventors: Salvatore Angelo Guarnieri, Marco Pistoia, Stephen Darwin Teilhet, Omer Tripp