Software analysis framework

US 7,752,609 B2
Filed: 05/01/2006
Issued: 07/06/2010
Est. Priority Date: 12/06/2002
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method for analyzing executable software code using a computer comprising a processor and a memory, the method comprising:

processing the executable software code to generate an optimized, exhaustive data flow model including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model;

processing the executable software code to generate an optimized, exhaustive control flow model; and

storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

56 Citations

View as Search Results

18 Claims

1. A method for analyzing executable software code using a computer comprising a processor and a memory, the method comprising:
- processing the executable software code to generate an optimized, exhaustive data flow model including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model;
  
  processing the executable software code to generate an optimized, exhaustive control flow model; and
  
  storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1 wherein the identification of the one or more data flows is performed recursively, thereby spanning all data flows within the executable software code.
  - 3. The computer-implemented method of claim 1 further comprising identifying one or more control flows for inclusion into the exhaustive control flow model based on the parsed executable software code.
  - 4. The computer-implemented method of claim 3 wherein the identification of the one or more control flows is performed recursively, thereby spanning all control flows within the executable software code.
  - 5. The computer-implemented method of claim 1 further comprising translating the intermediate representation into a high-level language.
  - 6. The computer-implemented method of claim 1 wherein the intermediate representation of the executable software provides a complete nanocode model of the executable software code.
  - 7. The computer-implemented method of claim 6 further comprising:
    - comparing the nanocode model to a reference nanocode model; and
      
      identifying discrepancies between the nanocode model and the reference nanocode model.
  - 8. The computer-implemented method of claim 7 further comprising annotating the nanocode model with text describing the identified discrepancies.
  - 9. The computer-implemented method of claim 6 further comprising executing one or more scripts against the nanocode model to a reference nanocode model to identify flaws in the executable software code.
  - 10. The computer-implemented method of claim 9 wherein the scripts comprise one or more of search instructions, control instructions and data flow instructions.
  - 11. The computer-implemented method of claim 1 wherein processing the executable code to generate an exhaustive data flow model of the executable software code comprises:
    - generating data flow signatures for the executable software code; and
      
      comparing the generated data flow signatures to one or more predefined data flow signatures, each representing a known data flow model.
  - 12. The computer-implemented method of claim 1 wherein processing the executable software code to generate an exhaustive control flow model of the executable software code comprises:
    - generating control flow signatures for the executable software code; and
      
      comparing the generated control flow signatures to one or more predefined control flow signatures, each representing a known control flow model.
  - 13. The computer-implemented method of claim 1 further comprising:
    - analyzing the intermediate representation; and
      
      based on the analysis, identifying identify one or more flaws in the executable software code.

14. A system for analyzing executable software code, the system comprising a processor, a memory, and a computer-implemented modeler executable by the processor for:
- causing the processor to process the executable software code to generate an optimized, exhaustive data flow model of the executable software code including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model;
  
  causing the processor to process the executable software code to generate an optimized, exhaustive control flow model based on the executable software code; and
  
  storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14 further comprising a display device and graphical user interface for presenting the data flow model and control flow model on the display device.
  - 16. The system of claim 14 further comprising a loader module for loading the executable software code into the modeler.
  - 17. The system of claim 14 further comprising:
    - a library module, executable by the processor, for generating one or more signature fileswhereby the processor compares the intermediate representation to the one or more signature files.
  - 18. The system of claim 14 further comprising a source code renderer, executable by the processor, for creating source code files based on the intermediate representation from which the executable software code can be rendered.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Veracode Incorporated (Broadcom, Inc.)
Original Assignee
Veracode Incorporated (Broadcom, Inc.)
Inventors
Rioux, Christien R.
Primary Examiner(s)
Khatri; Anil

Application Number

US11/415,442
Publication Number

US 20060253841A1
Time in Patent Office

1,527 Days
Field of Search

717140-151, 717155-156
US Class Current

717/141
CPC Class Codes

G06F 8/427 Parsing

G06F 8/53 Decompilation; Disassembly

Software analysis framework

First Claim

4 Assignments

Litigations

0 Petitions

Accused Products

Abstract

56 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Software analysis framework

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links