Patents Assigned to Deja vu Security, LLC
-
Patent number: 9836617Abstract: The disclosed subject matter provides for code repository intrusion detection. A code developer profile can be generated based on characteristic features present in code composed by the developer. Characteristic features can be related to the coding propensities peculiar to individual developers and, over sufficient numbers of characteristic features, can be considered pseudo-signatures. A target code set is analyzed in view of one or more developer profiles to generate a validation score related to a likelihood of a particular developer composing a portion of the target code set. This can serve to confirm or refute a claim of authorship, or can serve to identify likely author candidates from a set of developers. Where the target code set authorship is determined to be sufficiently suspect, the code set can be subjected to further scrutiny to thwart intrusion into the code repository.Type: GrantFiled: March 22, 2016Date of Patent: December 5, 2017Assignee: DEJA VU SECURITY, LLCInventors: Adam Cecchetti, Michael Eddington
-
Patent number: 9323923Abstract: The disclosed subject matter provides for code repository intrusion detection. A code developer profile can be generated based on characteristic features present in code composed by the developer. Characteristic features can be related to the coding propensities peculiar to individual developers and, over sufficient numbers of characteristic features, can be considered pseudo-signatures. A target code set is analyzed in view of one or more developer profiles to generate a validation score related to a likelihood of a particular developer composing a portion of the target code set. This can serve to confirm or refute a claim of authorship, or can serve to identify likely author candidates from a set of developers. Where the target code set authorship is determined to be sufficiently suspect, the code set can be subjected to further scrutiny to thwart intrusion into the code repository.Type: GrantFiled: December 3, 2012Date of Patent: April 26, 2016Assignee: DEJA VU SECURITY, LLCInventors: Adam Cecchetti, Michael Eddington
-
Patent number: 9098352Abstract: The disclosed subject matter provides for software testing using metaphor based language fuzzing. Metaphor based language fuzzing can decompose a code segment into a metaphor representing the code segment. The metaphor can be mutated based on determined logical perturbations to any element of the metaphor. The mutation of the metaphor can act as a surrogate for mutation of the code segment. The mutated metaphor can be analyzed to reveal performance differences in comparison to the code segment. These performance difference can be correlated to mutation of the metaphor such that a corresponding mutation of the code segment can be correlated by extrapolation. Moreover, mutators can be stored and reused on other metaphors. Furthermore, employing a metaphor as a root language surrogate can facilitate generating a reduced number of mutators as compared to directly mutating code segments in a plurality of computer languages.Type: GrantFiled: June 19, 2014Date of Patent: August 4, 2015Assignee: DEJA VU SECURITY, LLCInventors: Michael Eddington, Adam Cecchetti
-
Publication number: 20140047275Abstract: Flow based fault testing is provided. A logical constraint model or a state model (LS model) can be generated based on logic/state characteristics of a system under test (SUT). The LS model can be generated from logical constraint grammar statements. The logical constraint grammar can be parsed as part of a pre-test analysis to seek faults related to the logic or states of the model. The inputs and outputs related to the SUT can be employed to determine faults, including post-test analysis for faults. The disclosed subject matter can capture in an automated or semi-automated manner faults that can be missed in more conventional fuzz testing. Further, flow based fault testing can be employed alone, along with, or in combination with conventional fuzz testing.Type: ApplicationFiled: May 9, 2013Publication date: February 13, 2014Applicant: DEJA VU SECURITY, LLCInventor: Michael Eddington
-
Publication number: 20130340076Abstract: The disclosed subject matter provides for code repository intrusion detection. A code developer profile can be generated based on characteristic features present in code composed by the developer. Characteristic features can be related to the coding propensities peculiar to individual developers and, over sufficient numbers of characteristic features, can be considered pseudo-signatures. A target code set is analyzed in view of one or more developer profiles to generate a validation score related to a likelihood of a particular developer composing a portion of the target code set. This can serve to confirm or refute a claim of authorship, or can serve to identify likely author candidates from a set of developers. Where the target code set authorship is determined to be sufficiently suspect, the code set can be subjected to further scrutiny to thwart intrusion into the code repository.Type: ApplicationFiled: December 3, 2012Publication date: December 19, 2013Applicant: Deja vu Security, LLCInventors: Adam Cecchetti, Michael Eddington