Patent
Software analysis framework
Christien R. Rioux
- 04 Jun 2014
117
TL;DR: The nanocode decompiler as mentioned in this paper is a decompilation method for parsing executable code, identifying and recursively modeling data flows and control flow, and iteratively refining these models to provide a complete model at the nano-code level.
read more
Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Securing software by enforcing data-flow integrity
Miguel Castro,Manuel Costa,Tim Harris +2 more
- 06 Nov 2006
TL;DR: An efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead is described and can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.
Patent
Apparatus and method for analyzing and supplementing a program to provide security
Brian Chess,Arthur Do,Roger Thornton +2 more
- 25 Aug 2006
TL;DR: In this paper, the authors propose to insert protective instructions into program instructions to detect and respond to attacks during execution of the program instructions, such as injection vulnerabilities, potential repetitive attacks, sensitive information, and HTTP attributes.
310
Patent
Dynamically Computing Reputation Scores for Objects
Rajesh K. Dadhia,Scott A. Field +1 more
- 29 Jun 2007
TL;DR: In this article, the authors describe tools and techniques for dynamically computing reputation scores for objects in a virtual environment, based on how the object behaves when executing in the virtual environment and how the reputation score is computed.
197
Patent
System, method, and computer program product for determining whether code is unwanted based on the decompilation thereof
Anthony Vaughan Bartram,Adrian M.M.T. Dunbar,Steve O. Hearnden +2 more
- 29 Aug 2007
TL;DR: In this paper, a system, method, and computer program product are provided for determining whether code is unwanted based on the decompilation of the code and whether the code is available in the program.
170
Patent
Off-device anti-malware protection for mobile devices
Anthony John Bettini,Kevin Watkins,Domingo J. Guerra,Michael Price +3 more
- 11 Jan 2013
TL;DR: In this article, techniques for off-device anti-malware protection for mobile devices are described. And in some cases, the off-user anti-Malware protection on mobile devices is provided as a cloud service.
147
References
Patent
Systems and Methods for Secure Transaction Management and Electronic Rights Protection
Karl L Ginter,Victor H Shear,Francis J Spahn,David M. Van Wie +3 more
- 30 Sep 2010
TL;DR: In this article, the authors proposed a secure content distribution method for a configurable general-purpose electronic commercial transaction/distribution control system, which includes a process for encapsulating digital information in one or more digital containers, a process of encrypting at least a portion of digital information, a protocol for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container, and a process that delivering one or multiple digital containers to a digital information user.
7.6K
Efficiently computing static single assignment form and the control dependence graph
TL;DR: In this article, the authors present new algorithms that efficiently compute static single assignment forms and control dependence graphs for arbitrary control flow graphs using the concept of {\em dominance frontiers} and give analytical and experimental evidence that these data structures are usually linear in the size of the original program.
Patent
Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security
Theodora H. Titonis,Nelson R. Manohar-Alers,Chris Wysopal +2 more
- 14 Sep 2012
TL;DR: In this paper, the authors present a system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.
625
Patent
Software self-defense systems and methods
James J. Horning,W. Olin Sibert,Robert E. Tarjan,Umesh Maheshwari,William G. Horne,Andrew K. Wright,Lesley R. Matheson,Susan S. Owicki +7 more
- 07 Apr 2005
TL;DR: In this paper, the authors describe obfuscation, tamper-resistance, and watermarking techniques for protecting a computer program from unauthorized analysis and modification. But they do not discuss how to detect tampering.
617
Patent
System and method for server-coupled malware prevention
Kevin Patrick Mahaffey,James David Burgess,David Golombek,Timothy Micheal Wyatt,Anthony McKay Lineberry,Kyle Barton,Daniel Lee Evans,David Luke Richardson,Ariel Salomon +8 more
- 25 Aug 2011
TL;DR: In this article, a system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices (e.g., smartphones, netbooks, and tablets) is presented.
533
Related Papers (5)
Maty Siman
- 15 Oct 2007
Brian Chess,Arthur Do,Sean Fay,Roger Thornton +3 more
- 10 Dec 2004
Andrew D. Gordon,Don Syme,Jonathan A. Forbes,Vance P. Morrison +3 more
- 19 Feb 2003