首页> 外国专利> Eliminating false reports of security vulnerabilities when testing computer software

Eliminating false reports of security vulnerabilities when testing computer software

机译：测试计算机软件时消除安全漏洞的虚假报告

页面导航

摘要
著录项
相似文献

摘要

A system for eliminating false reports of security vulnerabilities when testing computer software, including a taint analysis engine configured to identify a tainted variable v in a computer application, a data mapping identification engine configured to identify a variable x within the application that holds data derived from v, where x is in a different format than v, an AddData identification engine configured to identify an AddData operation within the application that is performed on x, a signature identification engine configured to identify a Sign operation within the application that is performed on the results of the AddData operation on x, a signature comparison identification engine configured to identify an operation within the application that compares the results of the Sign operation with another value.

机译：一种用于在测试计算机软件时消除安全漏洞的虚假报告的系统，包括配置为在计算机应用程序中标识污染变量v的污点分析引擎，配置为在应用程序中标识变量x的数据映射标识引擎，该变量x包含从v，其中x的格式与v的格式不同，是配置为标识在x上执行的应用程序中的AddData操作的AddData标识引擎，配置为标识在结果上执行的应用程序内的Sign操作的签名标识引擎在x上的AddData操作中，签名比较标识引擎被配置为在应用程序中标识将Sign操作的结果与另一个值进行比较的操作。

著录项

公开/公告号US8584246B2

专利类型
公开/公告日2013-11-12

原文格式PDF
申请/专利权人 YINNON AVRAHAM HAVIV;ROEE HAY;MARCO PISTOIA;ADI SHARABANI;TAKAAKI TATEISHI;OMER TRIPP;OMRI WEISMAN;
展开▼

申请/专利号US20090578013
发明设计人 YINNON AVRAHAM HAVIV;TAKAAKI TATEISHI;OMRI WEISMAN;OMER TRIPP;ADI SHARABANI;MARCO PISTOIA;ROEE HAY;
展开▼

申请日2009-10-13
分类号G06F12/14;
国家 US
入库时间 2022-08-21 16:01:21

相似文献

专利
外文文献
中文文献