Patents by Inventor Babita Sharma
Babita Sharma has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11650905Abstract: Embodiments are disclosed for testing source code changes. The techniques include generating an incremental intermediate representation of a security vulnerability fix to repair an identified security vulnerability of a source code application. The techniques also include merging the incremental intermediate representation with a full intermediate representation of a previous version of the source code application. The techniques further include generating an impact graph based on the merged intermediate representation. Additionally, the techniques include performing a security vulnerability analysis on the security vulnerability fix based on the merged intermediate representation, the impact graph, and the identified security vulnerability. Further, the techniques include updating the security vulnerability analysis by removing one or more findings that are not related to the impact graph.Type: GrantFiled: September 5, 2019Date of Patent: May 16, 2023Assignee: International Business Machines CorporationInventor: Babita Sharma
-
Patent number: 11544384Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: GrantFiled: April 12, 2019Date of Patent: January 3, 2023Assignee: International Business Machines CorporationInventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Publication number: 20210073107Abstract: Embodiments are disclosed for testing source code changes. The techniques include generating an incremental intermediate representation of a security vulnerability fix to repair an identified security vulnerability of a source code application. The techniques also include merging the incremental intermediate representation with a full intermediate representation of a previous version of the source code application. The techniques further include generating an impact graph based on the merged intermediate representation. Additionally, the techniques include performing a security vulnerability analysis on the security vulnerability fix based on the merged intermediate representation, the impact graph, and the identified security vulnerability. Further, the techniques include updating the security vulnerability analysis by removing one or more findings that are not related to the impact graph.Type: ApplicationFiled: September 5, 2019Publication date: March 11, 2021Inventor: BABITA SHARMA
-
Patent number: 10614218Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: GrantFiled: April 11, 2017Date of Patent: April 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Patent number: 10482262Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyses for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.Type: GrantFiled: October 9, 2017Date of Patent: November 19, 2019Assignee: International Business Machines CorporationInventors: Babita Sharma, Andrew Mak, Richard Myer Goldberg, John Thomas Peyton, Jr., Jeffrey Charles Turnham, Matthew Francis Murphy, Hua Xiao
-
Publication number: 20190236483Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: ApplicationFiled: April 12, 2019Publication date: August 1, 2019Inventors: Kristofer A. Duer, John T. Peyton, JR., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Patent number: 10339320Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: GrantFiled: November 18, 2016Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Publication number: 20180144127Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: ApplicationFiled: November 18, 2016Publication date: May 24, 2018Inventors: Kristofer A. Duer, John T. Peyton, JR., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Publication number: 20180137279Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: ApplicationFiled: April 11, 2017Publication date: May 17, 2018Inventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Publication number: 20180032737Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyses for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.Type: ApplicationFiled: October 9, 2017Publication date: February 1, 2018Inventors: Babita Sharma, Andrew Mak, Richard Myer Goldberg, John Thomas Peyton, JR., Jeffrey Charles Turnham, Matthew Francis Murphy, Hua Xiao
-
Patent number: 9785777Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyzes for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.Type: GrantFiled: December 19, 2014Date of Patent: October 10, 2017Assignee: International Business Machines CorporationInventors: Babita Sharma, Andrew Mak, Richard Myer Goldberg, John Thomas Peyton, Jr., Jeffrey Charles Turnham, Matthew Francis Murphy, Hua Xiao
-
Patent number: 9779252Abstract: A cloud-based static analysis security tool that is accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments.Type: GrantFiled: December 27, 2016Date of Patent: October 3, 2017Assignee: International Business Machines CorporationInventors: Babita Sharma, Richard Myer Goldberg, Jeffrey Charles Turnham
-
Publication number: 20170177879Abstract: A cloud-based static analysis security tool that is accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments.Type: ApplicationFiled: December 27, 2016Publication date: June 22, 2017Inventors: Babita Sharma, Richard Myer Goldberg, Jeffrey Charles Turnham
-
Patent number: 9544327Abstract: A cloud-based static analysis security tool accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments.Type: GrantFiled: November 20, 2015Date of Patent: January 10, 2017Assignee: International Business Machines CorporationInventors: Babita Sharma, Kristofer Alyn Duer, Richard Myer Goldberg, Stephen Darwin Teilhet, Jeffrey Charles Turnham, Shu Wang, Hua Xiao
-
Patent number: 9531745Abstract: A cloud-based static analysis security tool that is accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments.Type: GrantFiled: November 20, 2015Date of Patent: December 27, 2016Assignee: International Business Machines CorporationInventors: Babita Sharma, Richard Myer Goldberg, Jeffrey Charles Turnham
-
Publication number: 20160180096Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyses for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.Type: ApplicationFiled: December 19, 2014Publication date: June 23, 2016Inventors: Babita Sharma, Andrew Mak, Richard Myer Goldberg, John Thomas Peyton, JR., Jeffrey Charles Turnham, Matthew Francis Murphy, Hua Xiao
-
Publication number: 20120102474Abstract: Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application.Type: ApplicationFiled: October 26, 2010Publication date: April 26, 2012Applicant: International Business Machines CorporationInventors: Shay Artzi, Ryan Berg, Yinnon A. Haviv, John T. Peyton, JR., Marco Pistoia, Manu Sridharan, Babita Sharma, Omri Weisman, Robert Wiener