首页> 外国专利> Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software

Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software

机译：在测试计算机软件时检测与加密敏感信息载体有关的安全漏洞

页面导航

摘要
著录项
相似文献

摘要

A system for detecting security vulnerabilities in computer software, including a cryptographic API identifier configured to identify a cryptographic API among the instructions of a computer software application, a path-to-source tracer configured to trace an information flow path among the instructions between the cryptographic API and a source that directly or indirectly provides data that are input to the cryptographic API, where a cryptographically-sensitive information carrier lies along the information flow path, a path-to-sink tracer configured to trace an information flow path among the instructions from the cryptographically-sensitive information carrier to a sink, and a security vulnerability identifier configured to provide a notification that the information flow path between the cryptographically-sensitive information carrier and the sink represents security vulnerability if the information flow path between the cryptographically-sensitive information carrier and the sink does not pass through a cryptographic API.

机译：一种用于检测计算机软件中的安全漏洞的系统，包括：加密API标识符，配置为在计算机软件应用程序的指令中标识加密API;路径到源跟踪器，配置为在加密之间的指令之间跟踪信息流路径API和直接或间接提供输入到密码API的数据的源，其中密码敏感的信息载体沿信息流路径放置，该路径到接收器跟踪器配置为在来自以下位置的指令中跟踪信息流路径加密敏感信息载体到接收器，以及安全漏洞标识符，配置为在加密敏感信息载体之间的信息流路径提供通知的情况下，通知该加密敏感信息载体与接收器之间的信息流路径表示安全漏洞和水槽不通过加密API。

著录项

公开/公告号US2011072517A1

专利类型
公开/公告日2011-03-24

原文格式PDF
申请/专利权人 OMER TRIPP;
展开▼

申请/专利号US20090564288
发明设计人 OMER TRIPP;
展开▼

申请日2009-09-22
分类号G06F11/36;
国家 US
入库时间 2022-08-21 18:11:51

相似文献

专利
外文文献
中文文献