John J Danahy

US Patent:

7240332, Jul 3, 2007

Filed:

Apr 15, 2004

Appl. No.:

10/825007

Inventors:

Ryan James Berg - Sudbury MA, US
Larry Rose - Chelmsford MA, US
John Peyton - Arlington MA, US
John J. Danahy - Canton MA, US
Robert Gottlieb - Westford MA, US
Chris Rehbein - Watertown MA, US

Assignee:

Ounce Labs, Inc. - Waltham MA

International Classification:

G06F 9/44
G06F 12/14
G06F 21/00

US Classification:

717126, 717125, 726 25

Abstract:

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e. g. , in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

US Patent:

7398516, Jul 8, 2008

Filed:

Apr 15, 2004

Appl. No.:

10/824685

Inventors:

Ryan James Berg - Sudbury MA, US
Larry Rose - Chelmsford MA, US
John Peyton - Arlington MA, US
John J. Danahy - Canton MA, US
Robert Gottlieb - Westford MA, US
Chris Rehbein - Watertown MA, US

Assignee:

Ounce Labs, Inc. - Waltham MA

International Classification:

G06F 9/44
G06F 12/14
G06F 21/00

US Classification:

717126, 717125, 726 25

Abstract:

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routines posses one or more of pre-selected vulnerabilities.

US Patent:

7398517, Jul 8, 2008

Filed:

Jun 13, 2007

Appl. No.:

11/762475

Inventors:

Ryan J. Berg - Sudbury MA, US
Larry Rose - Chelmsford MA, US
John Peyton - Arlington MA, US
John J. Danahy - Canton MA, US
Robert Gottlieb - Westford MA, US
Chris Rehbein - Watertown MA, US

Assignee:

Ounce Labs, Inc. - Waltham MA

International Classification:

G06F 9/44
G06F 12/14
G06F 21/00

US Classification:

717126, 717125, 726 25

Abstract:

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e. g. , in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

US Patent:

7418734, Aug 26, 2008

Filed:

Apr 15, 2004

Appl. No.:

10/824684

Inventors:

Ryan James Berg - Sudbury MA, US
Larry Rose - Chelmsford MA, US
John Peyton - Arlington MA, US
John J. Danahy - Canton MA, US
Robert Gottlieb - Westford MA, US
Chris Rehbein - Watertown MA, US

Assignee:

Ounce Labs, Inc. - Waltham MA

International Classification:

G08B 23/00

US Classification:

726 25, 726 22, 726 23, 726 24, 717106, 717122

Abstract:

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models are derived for the code and the models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

US Patent:

8156483, Apr 10, 2012

Filed:

Jun 27, 2008

Appl. No.:

12/163398

Inventors:

Ryan J. Berg - Sudbury MA, US
Larry Rose - Chelmsford MA, US
John Peyton - Arlington MA, US
John J. Danahy - Canton MA, US
Robert Gottlieb - Westford MA, US
Chris Rehbein - Watertown MA, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 9/45

US Classification:

717152, 717143, 717153, 717154, 717155

Abstract:

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e. g. , in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

US Patent:

20010044904, Nov 22, 2001

Filed:

Feb 15, 2001

Appl. No.:

09/784960

Inventors:

Ryan Berg - Marlborough MA, US
John Danahy - Canton MA, US
Lawrence Rose - Chelmsford MA, US

International Classification:

H04L009/32
H04L009/00

US Classification:

713/201000, 713/164000

Abstract:

A remote communication mechanism is provided for creating a secured channel for direct interaction with kernel-level components, such as device drivers, of designated systems. By connecting directly to managed kernel-level devices, as opposed to connecting to user space software which then connects to these devices, management of those resources is simplified, better secured, and partitioned from general system administration utilities and configuration.