Method and system for detecting vulnerabilities in source code

Patent 7398517 Issued on July 8, 2008. Estimated Expiration Date:

June 13, 2027. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Automatic immune system for computers and computer networks
Patent #: 5440723
Issued on: 08/08/1995
Inventor: Arnold, et al.

System and method for statically detecting potential race conditions in multi-threaded computer programs
Patent #: 6343371
Issued on: 01/29/2002
Inventor: Flanagan, et al.

Method for secure function execution by calling address validation
Patent #: 6412071
Issued on: 06/25/2002
Inventor: Hollander, et al.

Multiple-nip calender and calendering arrangement
Patent #: 6827009
Issued on: 12/07/2004
Inventor: Koivukunnas, et al.

Method and system for simulating execution of a target program in a simulated target system
Patent #: 6973417
Issued on: 12/06/2005
Inventor: Maxwell, III, et al.

Software analysis framework Patent #: 7051322
Issued on: 05/23/2006
Inventor: Rioux

Inventors

Assignee

Ounce Labs, Inc.

Application

No. 11762475 filed on 06/13/2007

US Classes:

717/126, Program verification717/125, Having interactive or visual726/25Vulnerability assessment

Examiners

Primary: Kiss, Eric B.

Attorney, Agent or Firm

Wilmer Cutler Pickering Hale & Dorr LLP

International Classes

G06F 9/44
G06F 12/14
G06F 21/00

Abstract

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

Other References

Zovi, D.D., “Security Applications of Dynamic Binary Translation, Thesis,” The University of New Mexico (2002).
Xu, et al., “An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs”, SIGSOFT '04/FSE-12, Newport Beach , CA, Oct. 31-Nov. 6, 2004.
Xie, et al., “Archer: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors”, ESEC/FSE '03, Helsinki, Finland, Sep. 1-5, 2003.
Wagner, et al., “A First Step Toward Automated Detection of Buffer Overrun Vulnerabilities,” Proceedings of the Network Distributed System Security Symposium, University of California, Berkeley, Feb. 2000.
Viega, et al., “ITS4: A Static Vulnerability Scanner For C and C++ Code,” Proceedings Of The Annual Computer Security Applications Conference (2000).
“The Java Language Environment,” White Paper, Sun Microsystems, Inc. (1997).
Projects Agency (Contract FF44620-73-C-0034), Air Force Office of Scientific Research (Contract DAHC-15-72-C-0308), University of Toyko Computation Center, pp. 132-143, 1997.
Suzuki, et al., “Implementation of An Array Bound Checker,” Defense Advanced Research.
“Splint Manual,” Version 3.0.6, University of Virginia, pp. 1-119, Feb. 11, 2002.
Sirer, et al., “An Access Control Language for Web Services,” SACMAT '02, Jun.3-4, 2002, Monterey, CA, ACM 1-58113-496-7/02/0006, pp. 23-30 (2002).
Simon, et al., “Analyzing String Buffers in C”, International Conference on Algebraic Methodology and Software Technology (H. Krichner and C. Ringeissen, Eds.), vol. 2422 of Lecture Notes in Computer Science (Springer), pp. 365-379, Sep. 2002.
Shankar, et al., “Detecting Format String Vulnerabilities with Type Qualifiers”, Proceedings of the 10th USENIX Security Symposium, Washington, DC, Aug. 2001.
Schneider, F.B., “Enforcable Security Policies,” ACM Transactions on Information and System Security, vol. 3, No. 1, pp. 30-50 (Feb. 2000).
Rugina, et al., “Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions”, ACM Transactions of Programming Languages and Systems, vol. 27, No. 2, pp. 185-234, 2005.
Pincus, J., “Steering the Pyramids—Tools, Technology, and Process in Engineering at Microsoft,” Microsoft Research (Oct. 5, 2002).
Macrakis, S., “From UNCOL to ANDF: Progress in Standard Intermediate Languages,” Open Software Foundation, macrakis@osf.org, pp. 1-18 (1993).
Lhee, et al., “Type-Assisted Dynamic Buffer Overflow Detection”, 11th USENIX Security Symposium, pp. 81-88, Aug. 2002.
Leino, et al., “Checking Java Program via Guarded Commands,” Technical Report 1999-02, Compaq Systems Research Center (May 1999).
Larus, et al., “Righting Software”, , pp. 92-100, May/Jun. 2004.
Larochelle and Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities, Proceedings of the 2001 USENIX Security Symposium, Aug. 2001.
Kiriansky, et al., “Secure Execution Via Program Shepherding,” 11th USENIX Security Symposium (Security '02), San Francisco, CA (Aug. 2002).
Haugh, et al., “Testing C Programs for Buffer Overflow Vulnerabilities”, Proceedings of the 2003 Symposium on Networked and Distributed System Security (SNDSS 2003), Feb. 2003.
Gordon, et al., “Typing a Multi-Language Intermediate Code,” Technical Report MSR-TR-2000-106, Microsoft Research, Microsoft Corporation (Dec. 2000).
Ganapathy, et al., “Buffer Overrun Detection Using Linear Programming and Static Analysis”, CCS '03, Washington, DC, Oct. 27-30, 2003.
Frailey, D.J., “An Intermediate Language for Source and Target Independent Code Optimization,” ACM, 0-89791-002-8/79/0800-0188, pp. 188-200 (1979).
Foster, et al., “A Theory of Type Qualifiers”, Programming Language Design and Implementation (PLDI'99), pp. 192-203, Atlanta, GA, May 1999.
Evans and Larochelle, “Improving Security Using Extensible Lightweight Static Analysis,” IEEE Software, vol. 19, Issue 1, pp. 42-51, Jan.-Feb. 2002.
Dor, et al., “Cleanness Checking of String Manipulations in C Programs via Integer Analysis”, 8th International Symposium on Static Analysis (SAS), pp. 194-212, Jul. 2001.
Dor, et al., “CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C”, PLDI ′03, San Diego, California, Jun. 9-11, 2003.
Dijkstra, E.W., “Guarded Commands, Nondeterminacy and Formal Derivation of Programs,” Communications of the ACM, vol. 18, No. 8, pp. 453-457 (Aug. 1975).
Detlefs, et al., “Extended Static Checking,” Technical Report 159, Compaq Systems Research Center (1998).
Choi, et al., “Static Datarace Analysis for Multithreaded Object-Oriented Programs,” IBM, RC22146 (WO108-016), pp. 1-18 (Aug. 9, 2001).
Chess, et al., “Static Analysis for Security,” IEEE Computer Society, IEEE Security and Privacy, 1540-7993 (2004).
Chess, et al., “Improving Computer Security Using Extended Static Checking,” IEEE Symposium on Security and Privacy (May 2002).
Bush, et al., “A Static Analyzer for Finding Dynamic Programming Errors”, Software—Practice and Experience, vol. 30, No. 7, 2000.
Bishop and Dilger, “Checking for Race Conditions in File Accesses,” Computing Systems 9(2), pp. 131-152 (manuscript version: 20 pages) (1996).
Banatre, et al., “Mechanical Proofs of Security Properties,” Institut de Recherche en Informatique et Systemes Aleatories, Centre National de la Recherche Scientifique (URA 227) Universite de Rennes 1, Insa de Rennes, France, ISSN 1166-8687, Publication Interne No. 825, May 1994.
Ashcraft, et al., “Using Programmer-Written Compiler Extensions to Catch Security Holes”, IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.
Aho, et al., “Principles of Compiler Design,” Addison-Wesley Publishing Co., Mar. 1978.