Dachuan Yu

US Patent:

8091128, Jan 3, 2012

Filed:

Aug 16, 2007

Appl. No.:

11/840158

Inventors:

Dachuan Yu - Santa Clara CA, US

Assignee:

NTT Docomo, Inc. - Tokyo

International Classification:

G06F 11/00

US Classification:

726 22, 726 1

Abstract:

A method and apparatus is disclosed for performing information flow enforcement for assembly code. In one embodiment, the method comprises receiving assembly code having timing annotations with type information that enforce information flow with respect to one or more of timing-related covert and concurrent channels when statically checked as to whether the code is in violation of a security policy and performing verification with respect to information flow for the assembly code based on a security policy.

US Patent:

8302080, Oct 30, 2012

Filed:

Oct 10, 2008

Appl. No.:

12/249646

Inventors:

Gary Wassermann - Davis CA, US
Dachuan Yu - Foster City CA, US
Ajay Chander - San Francisco CA, US
Dinakar Dhurjati - Sunnyvale CA, US
Hiroshi Inamura - Cupertino CA, US

Assignee:

NTT DoCoMo, Inc. - Tokyo

International Classification:

G06F 9/44

US Classification:

717131, 717142, 717154

Abstract:

A method and apparatus is disclosed herein for automated test input generation for web applications. In one embodiment, the method comprises performing a source-to-source transformation of the program; performing interpretation on the program based on a set of test input values; symbolically executing the program; recording a symbolic constraint for each of one or more conditional expressions encountered during execution of the program, including analyzing a string operation in the program to identify one or more possible execution paths, and generating symbolic inputs representing values of variables in each of the conditional expressions as a numeric expression and a string constraint including generating constraints on string values by modeling string operations using finite state transducers (FSTs) and supplying values from the program's execution in place of intractable sub-expressions; and generating new inputs to drive the program during a subsequent iteration based on results of solving the recorded string constraints.

US Patent:

20060143689, Jun 29, 2006

Filed:

Dec 19, 2005

Appl. No.:

11/316621

Inventors:

Dachuan Yu - Santa Clara CA, US
Nayeem Islam - Palo Alto CA, US

International Classification:

H04L 9/00

US Classification:

726001000

Abstract:

A method, article of manufacture and apparatus for performing information flow enforcement are disclosed. In one embodiment, the method comprises receiving securely typed native code and performing verification with respect to information flow for the securely typed native code based on a security policy.

US Patent:

20070107057, May 10, 2007

Filed:

Nov 7, 2006

Appl. No.:

11/594524

Inventors:

Ajay Chander - San Francisco CA, US
Dachuan Yu - Santa Clara CA, US

International Classification:

G06F 12/14

US Classification:

726022000

Abstract:

A method and apparatus is disclosed herein for detecting and preventing unsafe behavior of script programs. In one embodiment, a method comprises performing static analysis of a script program based on a first safety policy to detect unsafe behavior of the scrip program and preventing execution of the script program if a violation of the safety policy would occur when the script program is executed.

US Patent:

20080083012, Apr 3, 2008

Filed:

Jun 20, 2007

Appl. No.:

11/765918

Inventors:

Dachuan Yu - Santa Clara CA, US
Ajay Chander - San Francisco CA, US
Nayeem Islam - Palo Alto CA, US

International Classification:

G06F 17/30
G06F 9/44

US Classification:

726001000, 717115000

Abstract:

A method and apparatus is disclosed herein for constraining the behavior of embedded script in documents using program instrumentation. In one embodiment, the method comprises downloading a document with a script program embedded therein, inspecting the script program, and rewriting the script program to cause behavior resulting from execution of the script to conform to one or more policies defining safety and security. The script program comprises self-modifying code (e.g., dynamically generated script).

US Patent:

20090019525, Jan 15, 2009

Filed:

Jun 27, 2008

Appl. No.:

12/163848

Inventors:

Dachuan Yu - Foster City CA, US
Ajay Chander - San Francisco CA, US
Hiroshi Inamura - Cupertino CA, US
Igor Serikov - Fremont CA, US

International Classification:

G06F 21/00
G06F 9/45
H04L 9/32

US Classification:

726 3, 717104, 726 26

Abstract:

A method and apparatus is disclosed herein for secure server-side programming. In one embodiment, the method comprises creating a server-side program with one or more abstractions and compiling the server-side program by translating the server-side program, including the one or more abstractions, into target code that is guaranteed to execute in a secure manner with respect to a security criteria.

US Patent:

20090193497, Jul 30, 2009

Filed:

Nov 25, 2008

Appl. No.:

12/323359

Inventors:

Haruka Kikuchi - Kanagawa, JP
Dachuan Yu - Foster City CA, US
Ajay Chander - San Francisco CA, US

International Classification:

G06F 21/00

US Classification:

726 1

Abstract:

A method and apparatus is disclosed herein for constructing security policies for content instrumentation against attacks. In one embodiment, the method comprises constructing one or more security policies for web content using at least one rewriting template, at least one edit automata policy, or at least one policy template; and rewriting a script program in a document to cause behavior resulting from execution of the script to conform to the one or more policies.

US Patent:

20100088678, Apr 8, 2010

Filed:

Sep 29, 2009

Appl. No.:

12/569747

Inventors:

Musab AlTurki - Champaign IL, US
Dinakar Dhurjati - Sunnyvale CA, US
Dachuan Yu - Santa Clara CA, US
Ajay Chander - San Francisco CA, US
Hiroshi Inamura - Kanagawa, JP

International Classification:

G06F 9/44

US Classification:

717124

Abstract:

A method and apparatus is disclosed herein for formal specification and analysis of timing properties. In one embodiment, the method comprises receiving a software design that includes timing behaviors expressed in a specification language; analyzing the timing behaviors; and using abstract interpretation based static analysis to detect misuses of one or more timing constructs.