Abstract: Malicious software is identified in an executable file by identifying malicious structural features, decryption code, and cryptographic functions. A malicious structural feature is identified by comparing a known malicious structural feature to one or more instructions of the executable file. A malicious structural feature is also identified by graphically and statistically comparing windows of bytes or instructions in a section of the executable file. Cryptography is an indicator of malicious software. Decryption code is identified in an executable file by identifying a tight loop around a reversible instruction that writes to random access memory. Cryptographic functions are identified in an executable file be obtaining a known cryptographic function and performing a string comparison of the numeric constants of the known cryptographic function with the executable file.

Abstract: Systems and methods to understand how commercial-off-the-shelf (COTS) software components interact with a system when the COTS components are integrated into a system. A software wrapping technology is utilized to encase the COTS software components such that a wrapper isolates the COTS components during testing.

Abstract: Embodiments of the present invention relate to systems and methods for static analysis of a software application. According to an embodiment, a system includes a program scanner coupled to an analysis engine. The program scanner is configured to identify one or more vulnerability patterns in a software program and to output an initial potential vulnerability list. The analysis engine is configured to apply one or more rules to a potential vulnerability to determine whether the potential vulnerability is a vulnerability.

Abstract: Embodiments of the present invention relate to systems and methods for detecting software buffer security vulnerabilities. According to an embodiment, a computer-readable medium stores a plurality of instructions to be executed by a processor for detecting software buffer security vulnerabilities. The plurality of instructions comprise instructions to receive software code associated with a potential buffer vulnerability, generate constraints related to the software code associated with the potential buffer vulnerability, partition the software code into one or more procedures, and generate for each procedure a set of constraints that summarizes the impact of a procedure on buffer variables.

Abstract: A system and method for certifying software for essential and security-critical systems. The system and method provide a methodology and corresponding analysis engines increase the level of confidence that common vulnerabilities are not present in a particular application. A pipeline system consisting of independent modules which involve increasingly complex analysis is disclosed. The pipeline approach allows the user to reduce computation time by focusing resources on only those code segments which were not eliminated previously in the pipeline.