< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Methods And Systems For Performing Security Audit For An Executable Code

Abstract: This disclosure relates to methods and systems for performing software security audit for an executable code, the method comprising: receiving, by a hardware processor, the executable code along with a plurality of life-cycle artifacts associated with the executable code; performing a security assessment on the executable code and the plurality of life-cycle artifacts associated with the executable code to identify one or more potential security issues associated with the executable code; determining a first set of questions based on the identified one or more security issues associated with the executable code; determining a second set of questions based on a requirements specification associated with the executable code; and performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions. Fig, 1

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
21 August 2014
Publication Number
37/2014
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
ipr@akshipassociates.com
Parent Application
Patent Number
Legal Status
Grant Date
2022-11-28
Renewal Date

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. SOURAV SAM BHATTACHARYA
13418 N Cliff Top Drive, Fountain Hills, Arizona 85268, United States of America

Specification

CLIAMS:We claim:

1. A method for performing security audit for an executable code, the method comprising:
receiving, by a hardware processor, the executable code along with a plurality of life-cycle artifacts associated with the executable code;
performing a security assessment on the executable code and the plurality of life-cycle artifacts associated with the executable code to identify one or more potential security issues associated with the executable code;
determining a first set of questions based on the identified one or more security issues associated with the executable code;
determining a second set of questions based on a requirements specification associated with the executable code; and
performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions.

2. The method of claim 1, wherein performing the security assessment on the executable code and the plurality of life-cycle artifacts comprises performing one or more of a security requirements analysis, threat modeling, security unit testing, penetration testing, and/or user acceptance testing on the executable code and the plurality of life-cycle artifacts associated with the executable code.

3. The method of claim 1, wherein determining the first set of questions based on the identified one or more security issues associated with the software executable file comprises:
correlating each of the one or more identified potential security issues with one or more questions from a plurality of stored questions; and
aggregating, for each of the one or more identified potential security issues, the correlated one or more questions to form the first set of questions.

4. The method of claim 1, wherein performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions further comprises:
selecting randomly, one or more sets of questions from the first set of questions and one or more sets of questions from the second set of questions;
providing a randomly selected set of questions from the first set of questions and a randomly selected set of questions from the second set of questions to each of the one or more audit participants; and
receiving an answer associated with each of the provided questions from each of the one or more audit participants.

5. The method of claim 4, further comprising generating a security compliance report, wherein generating the security compliance report comprises:
determining, for each of the identified one or more potential security issues, a number of correct answers associated with the one or more questions correlated to the potential security issue;
comparing, for each of the one or more identified potential security issues, the number of correct answers with a predetermined threshold;
determining, for each of the one or more identified potential security issues, an extent of security violation based on the comparison and
indicating, for each of the one or more identified potential security issues, the determined extent of security violation.

6. The method of claim 5, further comprising categorizing the one or more potential security issues into high priority potential security issues and low priority security issues based on the security report.

7. A security audit apparatus for performing security audit for an executable code, the apparatus comprising:
at least one hardware processor; and
a memory comprising instructions executable by the at least one hardware processor, the instructions when executed, cause the at least one hardware processor to:
receive the executable code along with a plurality of life-cycle artifacts associated with the executable code;
perform a security assessment on the executable code and the plurality of life-cycle artifacts associated with the executable code to identify one or more potential security issues associated with the executable code;
determine a first set of questions based on the identified one or more security issues associated with the executable code;
determine a second set of questions based on a requirements specification associated with the executable code; and
performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions.

8. The apparatus of claim 7, wherein the instructions further cause the at least one hardware processor to perform one or more of a security requirements analysis, threat modeling, security unit testing, penetration testing, and/or user acceptance testing on the executable code and the plurality of life-cycle artifacts associated with the executable code.

9. The apparatus of claim 7, the wherein the instructions further cause the at least one hardware processor to:
correlate each of the one or more identified potential security issues with one or more questions from a plurality of stored questions; and
aggregate, for each of the one or more identified potential security issues, the correlated one or more questions to form the first set of questions.

10. The apparatus of claim 7, wherein the instructions further cause the at least one hardware processor to:
select randomly, one or more sets of questions from the first set of questions and one or more sets of questions from the second set of questions;
provide a randomly selected set of questions from the first set of questions and a randomly selected set of questions from the second set of questions to each of the one or more audit participants; and
receive an answer associated with each of the provided questions from each of the one or more audit participants.

11. The apparatus of claim 10, wherein the instructions further cause the at least one hardware processor to:
determine, for each of the one or more identified potential security issues, a number of correct answers associated with the one or more questions correlated to the potential security issue;
compare, for each of the one or more identified potential security issues, the number of correct answers with a predetermined threshold;
determine, for each of the one or more identified potential security issues, an extent of security violation based on the comparison and
indicate, for each of the one or more identified potential security issues, the determined extent of security violation.

Dated this 21st day of August, 2014
Swetha S.N
Of K&S Partners
Agent for the Applicant
,TagSPECI:TECHNICAL FIELD
This disclosure relates generally to software security analysis, and more particularly to methods and systems for performing security audit for an executable code.

Documents

Application Documents

# Name Date
1 4079-CHE-2014 FORM-9 21-08-2014.pdf 2014-08-21
1 4079-CHE-2014-IntimationOfGrant28-11-2022.pdf 2022-11-28
2 4079-CHE-2014 FORM-18 21-08-2014.pdf 2014-08-21
2 4079-CHE-2014-PatentCertificate28-11-2022.pdf 2022-11-28
3 IP28224-spec.pdf 2014-08-25
3 4079-CHE-2014-PETITION UNDER RULE 137 [27-09-2022(online)].pdf 2022-09-27
4 IP28224-fig.pdf 2014-08-25
4 4079-CHE-2014-Written submissions and relevant documents [27-09-2022(online)].pdf 2022-09-27
5 FORM 5.pdf 2014-08-25
5 4079-CHE-2014-AMENDED DOCUMENTS [29-08-2022(online)].pdf 2022-08-29
6 FORM 3.pdf 2014-08-25
6 4079-CHE-2014-Correspondence to notify the Controller [29-08-2022(online)].pdf 2022-08-29
7 abstract4079-CHE-2014.jpg 2014-09-04
7 4079-CHE-2014-FORM 13 [29-08-2022(online)].pdf 2022-08-29
8 4079-CHE-2014-POA [29-08-2022(online)].pdf 2022-08-29
8 4079-CHE-2014 CORRESPONDENCE OTHERS 16-09-2014.pdf 2014-09-16
9 4079-CHE-2014 POWER OF ATTORNEY 19-02-2015.pdf 2015-02-19
9 4079-CHE-2014-US(14)-HearingNotice-(HearingDate-12-09-2022).pdf 2022-08-23
10 4079-CHE-2014 FORM-1 19-02-2015.pdf 2015-02-19
10 4079-CHE-2014-FER_SER_REPLY [28-04-2020(online)].pdf 2020-04-28
11 4079-CHE-2014 CORRESPONDENCE OTHERS 19-02-2015.pdf 2015-02-19
11 4079-CHE-2014-FORM 3 [28-04-2020(online)].pdf 2020-04-28
12 4079-CHE-2014-FER.pdf 2019-10-29
12 4079-CHE-2014-Information under section 8(2) [28-04-2020(online)].pdf 2020-04-28
13 4079-CHE-2014-FER.pdf 2019-10-29
13 4079-CHE-2014-Information under section 8(2) [28-04-2020(online)].pdf 2020-04-28
14 4079-CHE-2014 CORRESPONDENCE OTHERS 19-02-2015.pdf 2015-02-19
14 4079-CHE-2014-FORM 3 [28-04-2020(online)].pdf 2020-04-28
15 4079-CHE-2014 FORM-1 19-02-2015.pdf 2015-02-19
15 4079-CHE-2014-FER_SER_REPLY [28-04-2020(online)].pdf 2020-04-28
16 4079-CHE-2014 POWER OF ATTORNEY 19-02-2015.pdf 2015-02-19
16 4079-CHE-2014-US(14)-HearingNotice-(HearingDate-12-09-2022).pdf 2022-08-23
17 4079-CHE-2014-POA [29-08-2022(online)].pdf 2022-08-29
17 4079-CHE-2014 CORRESPONDENCE OTHERS 16-09-2014.pdf 2014-09-16
18 abstract4079-CHE-2014.jpg 2014-09-04
18 4079-CHE-2014-FORM 13 [29-08-2022(online)].pdf 2022-08-29
19 FORM 3.pdf 2014-08-25
19 4079-CHE-2014-Correspondence to notify the Controller [29-08-2022(online)].pdf 2022-08-29
20 FORM 5.pdf 2014-08-25
20 4079-CHE-2014-AMENDED DOCUMENTS [29-08-2022(online)].pdf 2022-08-29
21 IP28224-fig.pdf 2014-08-25
21 4079-CHE-2014-Written submissions and relevant documents [27-09-2022(online)].pdf 2022-09-27
22 IP28224-spec.pdf 2014-08-25
22 4079-CHE-2014-PETITION UNDER RULE 137 [27-09-2022(online)].pdf 2022-09-27
23 4079-CHE-2014-PatentCertificate28-11-2022.pdf 2022-11-28
23 4079-CHE-2014 FORM-18 21-08-2014.pdf 2014-08-21
24 4079-CHE-2014-IntimationOfGrant28-11-2022.pdf 2022-11-28
24 4079-CHE-2014 FORM-9 21-08-2014.pdf 2014-08-21

Search Strategy

1 SearchStrategyAE_25-01-2021.pdf
1 SearchStrategyMatrix13_28-10-2019.pdf
2 SearchStrategyAE_25-01-2021.pdf
2 SearchStrategyMatrix13_28-10-2019.pdf

ERegister / Renewals

3rd: 10 Feb 2023

From 21/08/2016 - To 21/08/2017

4th: 10 Feb 2023

From 21/08/2017 - To 21/08/2018

5th: 10 Feb 2023

From 21/08/2018 - To 21/08/2019

6th: 10 Feb 2023

From 21/08/2019 - To 21/08/2020

7th: 10 Feb 2023

From 21/08/2020 - To 21/08/2021

8th: 10 Feb 2023

From 21/08/2021 - To 21/08/2022

9th: 10 Feb 2023

From 21/08/2022 - To 21/08/2023

10th: 12 Aug 2023

From 21/08/2023 - To 21/08/2024

11th: 16 Aug 2024

From 21/08/2024 - To 21/08/2025

12th: 20 Aug 2025

From 21/08/2025 - To 21/08/2026