Patents by Inventor Raghavendra Kagalavadi Ramesh

Raghavendra Kagalavadi Ramesh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220019677
    Abstract: A method may include determining that a source variable receives a source value from a source function, determining that a source statement writes, using the source variable, the source value to a column in a table, and obtaining, for a first sink statement, a first set of influenced variables influenced by the source variable. The method may further include obtaining, for a second sink statement, a second set of influenced variables influenced by the first set of influenced variables, and adding nodes to a trace graph. The method may further include determining that the first sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the first sink statement, and a defect trace using the trace graph.
    Type: Application
    Filed: September 30, 2021
    Publication date: January 20, 2022
    Applicant: Oracle International Corporation
    Inventors: Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Yi Lu
  • Patent number: 11163888
    Abstract: A method may include determining that a source variable in code receives a source value from a source function specified by a target analysis, determining that a source statement in the code writes, using the source variable, the source value to a column in a table, obtaining, for a sink statement in the code, a set of influenced variables influenced by the source variable, determining that the sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the sink statement.
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: November 2, 2021
    Assignee: Oracle International Corporation
    Inventors: Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Yi Lu
  • Publication number: 20200265143
    Abstract: A method may include determining that a source variable in code receives a source value from a source function specified by a target analysis, determining that a source statement in the code writes, using the source variable, the source value to a column in a table, obtaining, for a sink statement in the code, a set of influenced variables influenced by the source variable, determining that the sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the sink statement.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Applicant: Oracle International Corporation
    Inventors: Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Yi Lu
  • Patent number: 10719424
    Abstract: A method for performing a static analysis may include extracting, from a caller function in code, a context-free inter-procedural rule including a callsite and a return value of a callee function. The callsite may invoke the callee function. The method may further include extracting, from the caller function, a context-sensitive parameter mapping rule that maps an input parameter of the callee function to an invocation value provided by the caller function at the callsite, deriving a derived value for the callsite using the context-free inter-procedural rule and the context-sensitive parameter mapping rule, and identifying a defect in the code by performing the static analysis using the derived value for the callsite.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: July 21, 2020
    Assignee: Oracle International Corporation
    Inventors: Padmanabhan Krishnan, Raghavendra Kagalavadi Ramesh, Yang Zhao
  • Patent number: 10540255
    Abstract: A method for analyzing code may include generating, via a flow-insensitive points-to analysis, initial interest points each corresponding to a statement in the code, generating, via a flow-sensitive points-to analysis, flow tuples and refined interest points by removing a subset of the initial interest points, and constructing a flow graph using the refined interest points. The flow graph may include nodes each corresponding to a statement in the code, and edges corresponding to the flow tuples. The method may further include identifying a trace through the flow graph. The trace may include a node corresponding to an interest point of the refined interest points.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: January 21, 2020
    Assignee: Oracle International Corporation
    Inventors: Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Francois Gauthier
  • Patent number: 10318257
    Abstract: A method for points-to program analysis includes extracting a kernel from a program, performing a fixed object sensitive points to analysis of the kernel to obtain fixed analysis results, and assigning, for a first candidate object in the kernel, a first context depth to the first candidate object. The candidate objects are identified using the fixed analysis results. The method further includes assigning, for a second candidate object, a second context depth to the second candidate object. The second context depth is different than the first context depth. The method further includes performing, to obtain selective analysis results, a selective object sensitive points to analysis using the first context depth for the first candidate object and the second context depth for the second candidate object, and performing an action based on the selective analysis results.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: June 11, 2019
    Assignee: Oracle International Corporation
    Inventors: Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard F. Scholz, Yi Lu
  • Publication number: 20190129826
    Abstract: A method for analyzing code may include generating, via a flow-insensitive points-to analysis, initial interest points each corresponding to a statement in the code, generating, via a flow-sensitive points-to analysis, flow tuples and refined interest points by removing a subset of the initial interest points, and constructing a flow graph using the refined interest points. The flow graph may include nodes each corresponding to a statement in the code, and edges corresponding to the flow tuples. The method may further include identifying a trace through the flow graph. The trace may include a node corresponding to an interest point of the refined interest points.
    Type: Application
    Filed: October 31, 2017
    Publication date: May 2, 2019
    Inventors: Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Francois Gauthier
  • Patent number: 10108802
    Abstract: A method for using static program analysis for detecting security bugs in application source code including receiving and determining a plurality of variables based on the application source code. The method further includes determining a plurality of information flow relations comprising a source variable and a target variable, determining a confidentiality requirement and a capability for each of the source variables, and determining an integrity requirement and a capability for each of the target variables. The method further includes generating an error report log entry when the capability of the target variable is not greater than and not equal to the confidentiality requirement of the source variable or the capability of the source variable is not greater than and not equal to the integrity requirement of the target variable. The method further includes generating an error report log.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: October 23, 2018
    Assignee: Oracle International Corporation
    Inventors: Yi Lu, Raghavendra Kagalavadi Ramesh
  • Publication number: 20170344348
    Abstract: A method for analyzing a program may include obtaining the program and obtaining a points-to analysis that may include points-to tuples. The method may further include obtaining a result of a query based on the program. The method may further include extracting a data-flow trace specification that includes flow tuples. Each flow tuple may include a source variable defined in a first method and a sink variable defined in a second method. The method may further include adding, in a recursive manner until a termination condition is triggered, a trace edge to a data-flow trace graph for each points-to tuple of a list of points-to tuples. The respective points-to tuple and a first flow tuple may be used to form a first points-to tuple that is added to the list of points-to tuples. The list of points-to tuples may be initialized to the result of the query.
    Type: Application
    Filed: May 31, 2016
    Publication date: November 30, 2017
    Inventors: Stepan Sindelar, Padmanabhan Krishnan, Bernhard Scholz, Raghavendra Kagalavadi Ramesh, Yi Lu
  • Publication number: 20170337118
    Abstract: A method for points-to program analysis includes extracting a kernel from a program, performing a fixed object sensitive points to analysis of the kernel to obtain fixed analysis results, and assigning, for a first candidate object in the kernel, a first context depth to the first candidate object. The candidate objects are identified using the fixed analysis results. The method further includes assigning, for a second candidate object, a second context depth to the second candidate object. The second context depth is different than the first context depth. The method further includes performing, to obtain selective analysis results, a selective object sensitive points to analysis using the first context depth for the first candidate object and the second context depth for the second candidate object, and performing an action based on the selective analysis results.
    Type: Application
    Filed: May 20, 2016
    Publication date: November 23, 2017
    Inventors: Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard F. Scholz, Yi Lu
  • Patent number: 9811322
    Abstract: A method for analyzing a program may include obtaining the program and obtaining a points-to analysis that may include points-to tuples. The method may further include obtaining a result of a query based on the program. The method may further include extracting a data-flow trace specification that includes flow tuples. Each flow tuple may include a source variable defined in a first method and a sink variable defined in a second method. The method may further include adding, in a recursive manner until a termination condition is triggered, a trace edge to a data-flow trace graph for each points-to tuple of a list of points-to tuples. The respective points-to tuple and a first flow tuple may be used to form a first points-to tuple that is added to the list of points-to tuples. The list of points-to tuples may be initialized to the result of the query.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: November 7, 2017
    Assignee: Oracle International Corporation
    Inventors: Stepan Sindelar, Padmanabhan Krishnan, Bernhard Scholz, Raghavendra Kagalavadi Ramesh, Yi Lu
  • Publication number: 20170318026
    Abstract: A method for analyzing a software library may include obtaining the software library, identifying a candidate security-sensitive entity in the software library, and generating a control flow graph that includes execution paths. Each execution path may include a public entry node corresponding to a public entry and a candidate security-sensitive entity node corresponding to the candidate security-sensitive entity. The public entry is a point where an application program external to the software library may access the software library. The method may further include determining whether each execution path in the control flow graph includes a permission check node between the respective public entry node and the candidate security-sensitive entity node in the respective execution path. Each permission check node may correspond to a permission check in the software library.
    Type: Application
    Filed: April 29, 2016
    Publication date: November 2, 2017
    Inventors: Yi Lu, Padmanabhan Krishnan, Raghavendra Kagalavadi Ramesh, Sora Bae
  • Patent number: 9807101
    Abstract: A method for analyzing a software library may include obtaining the software library, identifying a candidate security-sensitive entity in the software library, and generating a control flow graph that includes execution paths. Each execution path may include a public entry node corresponding to a public entry and a candidate security-sensitive entity node corresponding to the candidate security-sensitive entity. The public entry is a point where an application program external to the software library may access the software library. The method may further include determining whether each execution path in the control flow graph includes a permission check node between the respective public entry node and the candidate security-sensitive entity node in the respective execution path. Each permission check node may correspond to a permission check in the software library.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: October 31, 2017
    Assignee: Oracle International Corporation
    Inventors: Yi Lu, Padmanabhan Krishnan, Raghavendra Kagalavadi Ramesh, Sora Bae
  • Publication number: 20170185504
    Abstract: A method for analyzing software with pointer analysis may include obtaining a software program, and determining a first independent program slice of the software program describing a first code segment of the software program. The method may further include determining, using a first pointer analysis objective, a first result from performing a first pointer analysis on the first independent program slice, and determining, using the first result, a first dependent program slice of the software program. The method may further include determining, using a second pointer analysis objective, a second result from performing a second pointer analysis on the first dependent program slice. The method may further include generating a report, using these results, indicating whether the software program satisfies a predetermined criterion.
    Type: Application
    Filed: December 23, 2015
    Publication date: June 29, 2017
    Inventors: Padmanabhan Krishnan, Raghavendra Kagalavadi Ramesh
  • Publication number: 20160224793
    Abstract: A method for using static program analysis for detecting security bugs in application source code including receiving and determining a plurality of variables based on the application source code. The method further includes determining a plurality of information flow relations comprising a source variable and a target variable, determining a confidentiality requirement and a capability for each of the source variables, and determining an integrity requirement and a capability for each of the target variables. The method further includes generating an error report log entry when the capability of the target variable is not greater than and not equal to the confidentiality requirement of the source variable or the capability of the source variable is not greater than and not equal to the integrity requirement of the target variable. The method further includes generating an error report log.
    Type: Application
    Filed: January 30, 2015
    Publication date: August 4, 2016
    Inventors: Yi Lu, Raghavendra Kagalavadi Ramesh