首页>
外国专利>
Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software
Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software
展开▼
机译:在测试计算机软件时检测与加密敏感信息载体有关的安全漏洞
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system for detecting security vulnerabilities in computer software, including a cryptographic API identifier configured to identify a cryptographic API among the instructions of a computer software application, a path-to-source tracer configured to trace an information flow path among the instructions between the cryptographic API and a source that directly or indirectly provides data that are input to the cryptographic API, where a cryptographically-sensitive information carrier lies along the information flow path, a path-to-sink tracer configured to trace an information flow path among the instructions from the cryptographically-sensitive information carrier to a sink, and a security vulnerability identifier configured to provide a notification that the information flow path between the cryptographically-sensitive information carrier and the sink represents security vulnerability if the information flow path between the cryptographically-sensitive information carrier and the sink does not pass through a cryptographic API.
展开▼