发明名称 |
Determining the vulnerability of computer software applications to privilege-escalation attacks |
摘要 |
Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source. |
申请公布号 |
US8910293(B2) |
申请公布日期 |
2014.12.09 |
申请号 |
US201213542214 |
申请日期 |
2012.07.05 |
申请人 |
International Business Machines Corporation |
发明人 |
Pistoia Marco;Segal Ori;Tripp Omer |
分类号 |
G06F11/00;G06F21/56;H04L29/06;G06F21/57 |
主分类号 |
G06F11/00 |
代理机构 |
North Shore Patents, P.C. |
代理人 |
North Shore Patents, P.C. ;Baillie Michele Liu |
主权项 |
1. A method for determining vulnerability of computer software applications to privilege-escalation attacks implemented by a computing processor, the method comprising:
identifying, by the computing processor, a candidate access-restricted area of instructions of a computer software application; statically analyzing, by the computing processor, the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area; in response to determining that the conditional instruction exists, performing, by the computing processor, static analysis to determine if the conditional instruction is dependent on a user input; and in response to determining that the conditional instruction is not dependent on the user input, designating, by the computing processor, the candidate access-restricted area as vulnerable to privilege-escalation attacks. |
地址 |
Armonk NY US |