Software analysis framework
DCFirst Claim
1. A method for analyzing executable software code using a computer comprising a processor and a memory, the method comprising:
- processing the executable software code to generate an optimized, exhaustive data flow model including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model;
processing the executable software code to generate an optimized, exhaustive control flow model; and
storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.
56 Citations
18 Claims
-
1. A method for analyzing executable software code using a computer comprising a processor and a memory, the method comprising:
-
processing the executable software code to generate an optimized, exhaustive data flow model including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model; processing the executable software code to generate an optimized, exhaustive control flow model; and storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for analyzing executable software code, the system comprising a processor, a memory, and a computer-implemented modeler executable by the processor for:
-
causing the processor to process the executable software code to generate an optimized, exhaustive data flow model of the executable software code including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model; causing the processor to process the executable software code to generate an optimized, exhaustive control flow model based on the executable software code; and storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models. - View Dependent Claims (15, 16, 17, 18)
-
Specification