1436 results about "Static analysis" patented technology

Analyzing computer code using a tree is described. For example, a client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and to the network. The gateway is configured to receive computer code from the non-trusted entity via the network. The gateway builds a tree representing the computer code. The tree has one or more nodes. A node of the tree represents a statement from the computer code. The gateway analyzes the statement to identify symbol data. The symbol data describes a name of the variable and the value of the variable. The gateway stores the symbol data in a symbol table.

This invention relates to one software analyzer and its test method based on source codes static analysis, wherein the analysis device comprises five function modules of code analysis device, codes analysis engine, safety risk report device, safety rules database and user interface; this invention gets programs safety risk to user according to the source program and grammar and meanings and delivers the safety leak to the user for audit and evaluation.

Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document.

An apparatus automatically inspects security of mobile applications. The apparatus includes a static analyzer to perform a static analysis by reversing an execution file of the mobile application, and an automatic execution processor to generate an automatic execution script used to automatically execute the execution file and execute the automatic execution script automatically to generate a log. The apparatus further includes a dynamic analyzer to analyze whether a pattern of malicious codes was executed in the execution file using the result of the static analysis and the log resulted from the automatic execution.

A method and apparatus is disclosed herein for detecting and preventing unsafe behavior of script programs. In one embodiment, a method comprises performing static analysis of a script program based on a first safety policy to detect unsafe behavior of the scrip program and preventing execution of the script program if a violation of the safety policy would occur when the script program is executed.

A method and apparatus for generating a noise circuit model for an electronic circuit includes analyzing the electronic circuit to determine a first circuit parameter for a victim and aggressor circuits and a second circuit parameter for the aggressor circuits, ordering the aggressor circuits based on their first and second circuit parameters, setting a current model parameter of the circuit model to an initial value, selecting a first aggressor circuit, determining whether to reduce the selected aggressor circuit into a virtual attacker model based on its first circuit parameter, updating the current model parameter in accordance with either the selected aggressor circuit or its virtual attacker model to be inserted, inserting either the selected aggressor circuit or its virtual attacker model to the circuit model, for each aggressor circuit.

According to one embodiment, a malware detection system is integrated with at least a static analysis engine and a dynamic analysis engine. The static analysis engine is configured to automatically determine an object type of a received object. The dynamic analysis engine is configured to automatically launch the object after selecting an action profile based on the object type. The dynamic analysis engine is further configured to, provide simulated user interaction to the object based on the selected action profile either in response to detecting a request for human interaction or as a result of a lapse of time since a previous simulated human interaction was provided.

A system and method for analyzing a computer program includes performing a static analysis on a program to determine property correctness. Test cases are generated and conducted to provide test output data. Hypotheses about aspects of execution of the program are produced to classify paths for test cases to determine whether the test cases have been encountered or otherwise. In accordance with the hypothesis, new test cases are generated to cause the program to exercise behavior which is outside of the encountered test cases.

A system and method for detecting the mutability of fields and classes in an arbitrary program component written in an object oriented programming language is disclosed. A variable is considered to be mutable if a new value is stored into it, as well as if any of its reachable variables are mutable. The system and method uses a static analysis algorithm which can be applied to any software component rather than whole programs. The analysis classifies fields and classes as either mutable or immutable. In order to facilitate open-world analysis, the algorithm identifies situations that expose variables to potential modification by code outside the component, as well as situations where variables are modified by the analyzed code. An implementation of the analysis is presented which focuses on detecting mutability of class variables, so as to avoid isolation problems. The implementation incorporates intra- and inter-procedural data-flow analyses and is shown to be highly scalable. Experimental results demonstrate the effectiveness of the algorithms.

A computer readable medium includes executable instructions to analyze program instructions for security vulnerabilities. Executable instructions identify potential security vulnerabilities within program instructions based upon input from an attack database and information derived during a static analysis of the program instructions. Vulnerability tests are applied to the program instructions in view of the security vulnerabilities. Performance results from the vulnerability tests are analyzed. The performance results are then reported.

Systems and methods are provided for performing static error analysis on source code. A computer system having an operating system may contain a number of source code files. During a normal build process, a build program may be used to set various compilation options and to invoke appropriate compilers that compile the source code files into executable code. Static analysis debugging tools may be used to perform static analysis on the source code files. The appropriate static analysis tools may be invoked using a static analysis tool management program. Directory, path and name modification may be used to invoke the analysis tools. A monitoring program may be used to determine how to invoke the tools. The operating system may be modified so that the static analysis tools are invoked in place of the compilers when the build program is run.

A system and method for automated determination of quasi-identifiers for sensitive data fields in a dataset are provided. In one aspect, the system and method identifies quasi-identifier fields in the dataset based upon a static analysis of program statements in a computer program having access to—sensitive data fields in the dataset. In another aspect, the system and method identifies quasi-identifier fields based upon a dynamic analysis of program statements in a computer program having access to—sensitive data fields in the dataset. Once such quasi-identifiers have been identified, the data stored in such fields may be anonymized using techniques such as k-anonymity. As a result, the data in the anonymized quasi-identifiers fields cannot be used to infer a value stored in a sensitive data field in the dataset.

Embodiments of the present invention relate to systems and methods for static analysis of a software application. According to an embodiment, a system includes a program scanner coupled to an analysis engine. The program scanner is configured to identify one or more vulnerability patterns in a software program and to output an initial potential vulnerability list. The analysis engine is configured to apply one or more rules to a potential vulnerability to determine whether the potential vulnerability is a vulnerability.

The invention provides a quantitative characterization method of low penetration double-medium sandstone oil reservoir microscopic aperture structure, which comprises the following steps: selecting experiment samples, effectively combining various experiments, distributing samples, processing and analyzing experiment test data, combining macroscopic background and microscopic rock core, and combining static state analysis and dynamic production reality, thereby realizing quantitative characterization of ultra-low penetration double-medium sandstone oil reservoir microscopic aperture structure from qualitative analysis and semi-quantitative evaluation. The invention has the advantages that more comprehensive influence factors and micro crack, aperture throat parameter and nuclear magnetic resonance movable fluid parameter are considered, so the characterization result can better reflect change characteristics of ultra-low penetration double-medium sandstone oil reservoir microscopic aperture structure, which are consistent to the production exploitation real cases of the oil field, thereby effectively avoiding one-sidedness and limitation of single aspect evaluation result.

A continuous vulnerability management system for identifying, analyzing, protecting, and reporting on digital assets is disclosed. The continuous vulnerability management system comprises a sandbox engine configured to scan digital assets for vulnerabilities, including a static analysis unit for static code scanning, a dynamic analysis unit for analyzing compiled code, and a statistical analysis unit for processing a risk score and generating an audit report. A knowledge base is also disclosed, including a knowledge base engine configured to acquire information related to new vulnerabilities to digital assets. A risk scoring engine is configured to analyze sandbox engine outcomes and assign a risk score to each vulnerable asset. A security control system is configured to act on an identified vulnerable asset based on the risk score assigned to the identified vulnerable asset.

A topology optimization method. Characteristics of a structure to be designed are differentiated to calculate equivalent static loads. A relative fraction of material is adopted as a design variable. It is determined whether or not an element exists based on an objective function and constraints. Design topology is derived through a linear static analysis that processes the equivalent static loads as multiple loading conditions. Topology of the structure to be designed is compared with the design topology, and thereby the progress of optimization is determined. The topology optimization processes are terminated when a difference of the compared result is less than a setup value, and are returned to an initial step when the difference is greater than the setup value, and the equivalent static loads are calculated using the design topology as a new structure to be designed.

A system and method for identifying errors in a computer software include: identifying a potential problem in the computer software; triggering a portion of the computer software by the identified potential problem; determining a control flow graph and a data flow graph for the triggered portion of the computer software originating at the identified potential problem; and analyzing the control flow graph and the data flow graph to verify that the identified potential problem is an actual error. The potential problem may be identified using test tools such as a static analysis tool or a unit test tool.

Embodiments of the present invention combine static analysis, source code instrumentation and feedback-guided fuzz testing to automatically detect resource exhaustion denial of service attacks in software and generate inputs of coma for vulnerable code segments. The static analysis of the code highlights portions that are potentially vulnerable, such as loops and recursions whose exit conditions are dependent on user input. The code segments are dynamically instrumented to provide a feedback value at the end of each execution. Evolutionary techniques are then employed to search among the possible inputs to find inputs that maximize the feedback score.