专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20190095619A1 IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS 审中-公开
公开(公告)号：US20190095619A1
公开(公告)日：2019-03-28
申请号：US16199250
申请日：2018-11-26
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/56 , G06F21/51
CPC分类号： G06F21/56 , G06F21/51 , G06F21/561 , G06F21/562 , G06F21/566
摘要： A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

2. 发明申请

US20180247060A1 DETECTING SECURITY VULNERABILITIES ON COMPUTING DEVICES 审中-公开
公开(公告)号：US20180247060A1
公开(公告)日：2018-08-30
申请号：US15966411
申请日：2018-04-30
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/57 , G06F21/55 , G06F21/60 , G06F21/56 , G06F21/62 , G06F21/52
CPC分类号： G06F21/577 , G06F21/52 , G06F21/554 , G06F21/566 , G06F21/606 , G06F21/62
摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

3. 发明授权

US09959411B2 Detecting security vulnerabilities on computing devices 有权
公开(公告)号：US09959411B2
公开(公告)日：2018-05-01
申请号：US14026347
申请日：2013-09-13
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/00 , G06F21/57 , G06F21/62 , G06F21/56 , G06F21/52 , G06F21/60 , G06F21/55
CPC分类号： G06F21/577 , G06F21/52 , G06F21/554 , G06F21/566 , G06F21/606 , G06F21/62
摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

4. 发明授权

US09037916B2 Dynamic concolic execution of an application 有权
标题翻译：应用程序的动态Concolic执行
公开(公告)号：US09037916B2
公开(公告)日：2015-05-19
申请号：US14025031
申请日：2013-09-12
申请人： International Business Machines Corporation
发明人： Daniel Kalman , Adi Sharabani , Omer Tripp
IPC分类号： G06F11/00 , G06F11/36
CPC分类号： G06F11/3612 , G06F11/3668
摘要： Dynamic concolic execution of an application. A first hypotheses pertaining to a nature of test payloads that satisfy a specified property, and that are expected to satisfy a condition tested by the application's program code, can be generated. A plurality of first test payloads to test first hypothesis can be synthesized and submitted to the application during respective executions of the application. Whether each of the first test payloads actually satisfy the condition tested by the application's program code can be determined. When at least one of the first test payloads does not actually satisfy the condition tested by the application's program code, a second hypotheses that is expected to satisfy the condition tested by the application's program code can be generated. A plurality of second test payloads to test the second hypothesis can be synthesized and submitted to the application during respective executions of the application.
摘要翻译：应用程序的动态Concolic执行。可以生成关于满足指定属性并且期望满足由应用程序代码测试的条件的测试有效载荷的性质的第一假设。用于测试第一假设的多个第一测试有效载荷可以在应用的相应执行期间被合成并提交给应用。可以确定每个第一测试有效载荷是否实际满足应用程序代码测试的条件。当第一测试有效载荷中的至少一个实际上不满足应用程序代码测试的条件时，可以生成预期满足由应用程序代码测试的条件的第二假设。用于测试第二假设的多个第二测试有效载荷可以在应用的各自执行期间被合成并提交给应用。

5. 发明申请

US20140096248A1 IDENTIFYING WHETHER AN APPLICATION IS MALICIOUS 有权
公开(公告)号：US20140096248A1
公开(公告)日：2014-04-03
申请号：US13971270
申请日：2013-08-20
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/56
CPC分类号： G06F21/56 , G06F21/51 , G06F21/561 , G06F21/562 , G06F21/566
摘要： Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious.

6. 发明授权

US10599843B2 Identifying whether an application is malicious 有权
公开(公告)号：US10599843B2
公开(公告)日：2020-03-24
申请号：US16199250
申请日：2018-11-26
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F11/00 , G06F21/56 , G06F21/51
摘要： A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

7. 发明授权

US10528744B2 Detecting security vulnerabilities on computing devices 有权
公开(公告)号：US10528744B2
公开(公告)日：2020-01-07
申请号：US15966411
申请日：2018-04-30
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/00 , G06F21/57 , G06F21/62 , G06F21/56 , G06F21/52 , G06F21/60 , G06F21/55
摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

8. 发明授权

US09977903B2 Detecting security vulnerabilities on computing devices 有权
公开(公告)号：US09977903B2
公开(公告)日：2018-05-22
申请号：US13705705
申请日：2012-12-05
申请人： International Business Machines Corporation
发明人： Roee Hay , Daniel Kalman , Roi Saltzman , Omer Tripp
IPC分类号： G06F21/00 , G06F21/57 , G06F21/62 , G06F21/56 , G06F21/52 , G06F21/60 , G06F21/55
CPC分类号： G06F21/577 , G06F21/52 , G06F21/554 , G06F21/566 , G06F21/606 , G06F21/62
摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

9. 发明授权

US08909992B2 Dynamic concolic execution of an application 有权
标题翻译：应用程序的动态Concolic执行
公开(公告)号：US08909992B2
公开(公告)日：2014-12-09
申请号：US13686129
申请日：2012-11-27
申请人： International Business Machines Corporation
发明人： Daniel Kalman , Adi Sharabani , Omer Tripp
IPC分类号： G06F11/00 , G06F11/36
CPC分类号： G06F11/3612 , G06F11/3668
摘要： Dynamic concolic execution of an application. A first hypotheses pertaining to a nature of test payloads that satisfy a specified property, and that are expected to satisfy a condition tested by the application's program code, can be generated. A plurality of first test payloads to test first hypothesis can be synthesized and submitted to the application during respective executions of the application. Whether each of the first test payloads actually satisfy the condition tested by the application's program code can be determined. When at least one of the first test payloads does not actually satisfy the condition tested by the application's program code, a second hypotheses that is expected to satisfy the condition tested by the application's program code can be generated. A plurality of second test payloads to test the second hypothesis can be synthesized and submitted to the application during respective executions of the application.
摘要翻译：应用程序的动态Concolic执行。可以生成关于满足指定属性并且期望满足由应用程序代码测试的条件的测试有效载荷的性质的第一假设。用于测试第一假设的多个第一测试有效载荷可以在应用的相应执行期间被合成并提交给应用。可以确定每个第一测试有效载荷是否实际满足应用程序代码测试的条件。当第一测试有效载荷中的至少一个实际上不满足应用程序代码测试的条件时，可以生成预期满足由应用程序代码测试的条件的第二假设。用于测试第二假设的多个第二测试有效载荷可以在应用的各自执行期间被合成并提交给应用。

10. 发明申请

US20140298474A1 AUTOMATIC SYNTHESIS OF UNIT TESTS FOR SECURITY TESTING 有权
标题翻译：用于安全测试的自动综合测试
公开(公告)号：US20140298474A1
公开(公告)日：2014-10-02
申请号：US14305280
申请日：2014-06-16
申请人： International Business Machines Corporation
发明人： Daniel Kalman , Ory Segal , Omer Tripp , Omri Weisman
IPC分类号： G06F21/57
CPC分类号： G06F21/577 , G06F21/10 , G06F2221/034 , H04L63/1433
摘要： Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output.
摘要翻译：对被测电脑程式（CPUT）执行安全性分析。可以分析CPUT以识别与CPUT的潜在安全漏洞相关的数据。至少可以自动合成在CPUT内测试程序代码的特定单位的第一单元测试。可以将第一单元测试配置为初始化由CPUT内的程序代码的特定单元使用的至少一个参数，并且可以提供至少一个被配置为利用CPUT的至少一个潜在安全漏洞的第一测试负载。可以动态地处理第一单元测试，以将第一测试有效负载传送到CPUT内的程序代码的特定单元。是否可以确定第一个测试有效负载是否利用CPUT的实际安全漏洞，并可以输出安全分析报告。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式