Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.	This office action is based on Applicants’ amendment filed on 10/22/2020 and an interview conducted on 1/5/2021 with Applicants’ representative Attorney Wiktor J. Pyter (Reg. No. 71,236).

EXAMINER’S AMENDMENT
2.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

3.	Authorization for this examiner’s amendment was given in an interview with Attorney Wiktor J. Pyter (Reg. No. 71,236).

4.	Claims 1, 3-4, 8, 12-15, 19 and 20 are allowed.
5.	Claims 2, 5-7, 9, 16-18 and 21-22 are canceled.



IN THE CLAIMS:

1.  (Currently Amended)  A system, comprising a processor to:
receive an application to be instrumented;
instrument the application based on a baseline taint tracking scheme to generate an instrumented application comprising taint tags;
execute the instrumented application to generate a profile of runtime behavior of the application, wherein, to generate the profile of runtime behavior of the application, the processor is to detect a first data structure is not tainted and a second data structure is tainted after a predetermined amount of time or a predetermined number of executions of the application, and wherein the processor is to generate the profile using a probability distribution, where the first data structure has a probability below a threshold probability not be tagged with a taint tag, and the second data structure has a probability higher than the threshold probability of a taint tag insert during instrumentation; [[and]]
modify the baseline taint tracking scheme to add or remove taint tags based on the profile to generate an updated taint tracking scheme, wherein, to modify the baseline taint tracking scheme, the processor is to associate a single taint tag with [[a]] the first data structure of the application in response to detecting that components of the first data structure tagged according to a fine-grained scheme are not tainted, or associate per-entry tags with the entries in [[a]] the second data structure of the application in response to detecting that the second data structure tagged with a single taint tag according to a coarse-grained tracking scheme is tainted; 
instrument the application using the updated taint tracking scheme to generate an updated instrumented application, wherein the updated taint tracking scheme comprises an intermediate granularity of taint tags ranging over entries sharing a common hash value; and
execute the updated instrument application.

2.  (Canceled)

3.  (Previously Presented)  The system of claim 1, wherein the baseline taint tracking scheme comprises a preconfigured default taint tag granularity.

4.  (Original)  The system of claim 1, wherein the instrumented application comprises a plurality of taint tags to track taint propagation.

5-7. (Canceled)

8.  (Currently Amended)  A computer-implemented method, comprising:
receiving, via a processor, an application to be instrumented;
instrumenting, via the processor, the application based on a baseline taint tracking scheme to generate an instrumented application comprising taint tags;
executing, via the processor, the instrumented application to generate a profile of runtime behavior of the application, wherein generating the profile of runtime behavior of the application comprises detecting that a first data structure is not tainted and a second data structure is tainted after a predetermined amount of time or a predetermined number of executions of the application, and generating the profile using a probability distribution, where the first data structure has a probability below a threshold probability not be tagged with a taint tag, and the second data structure has a probability higher than the threshold probability of a taint tag insert during instrumentation; 
modifying, via the processor, the baseline taint tracking scheme to add or remove taint tags based on the profile to generate an updated taint tracking scheme, wherein modifying the baseline taint tracking scheme comprises associating a single taint tag with [[a]] the first data structure of the application in response to detecting that components of the first data structure tagged according to a fine-grained scheme are not tainted, or associating per-entry tags with the entries in [[a]] the second data structure of the application in response to detecting that the second data structure tagged with a single taint tag according to a coarse-grained tracking scheme is tainted, wherein the updated taint tracking scheme comprises an intermediate granularity of taint tags ranging over entries sharing a common hash value;
instrumenting, via the processor, the application based on the updated taint tracking scheme to generate an updated instrumented application; and 
executing the updated instrumented application.

9. (Canceled)

12.  (Previously Presented)  The computer-implemented method of claim 8, wherein modifying the baseline taint tracking scheme comprises assigning taint tags 

13.  (Currently Amended)  The computer-implemented method of claim 8, wherein modifying the baseline taint tracking scheme comprises assigning a taint tag to each entry of a plurality of entries in a data structure that share [[a]] the common hash value.

14.  (Canceled).

15.  (Currently Amended)  A computer program product for updating taint tags based on runtime behavior profiles, the computer program product comprising a computer-readable storage medium having program code embodied therewith, wherein the computer-readable storage medium is not a transitory signal per se, the program code executable by a processor to cause the processor to:
receive an application to be instrumented;
instrument the application based on a baseline taint tracking scheme to generate an instrumented application comprising taint tags;
execute the instrumented application to generate a profile of runtime behavior of the application, wherein, to generate the profile of runtime behavior of the application, the processor is to detect a first data structure is not tainted and a second data structure is tainted after a predetermined amount of time or a predetermined number of executions of the application, and wherein the processor is to generate the profile using a probability distribution, where the first data structure has a probability below a threshold probability not be tagged with a taint tag, and the second data structure has a probability higher than the threshold probability of a taint tag insert during instrumentation;
modify the baseline taint tracking scheme to add or remove taint tags based on the profile to generate an updated taint tracking scheme, wherein, to modify the baseline taint tracking scheme, the processor is to associate a single taint tag with [[a]] the first data structure of the application in response to detecting that components of the first data structure tagged according to a fine-grained scheme are not tainted, or associate per-entry tags with the entries in the second data structure of the application in response to detecting that the second data structure tagged with a single taint tag according to a coarse-grained tracking scheme is tainted;
instrument the application using the updated taint tracking scheme to generate an updated instrumented application, wherein the updated taint tracking scheme comprises an intermediate granularity of taint tags ranging over entries sharing a common hash value; and
execute the updated instrument application.

16-18. (Cancel)

19.  (Original)  The computer program product of claim 15, comprising program code executable by the processor to assign a taint tag in response to detecting that a threshold probability of data structures being reached by taint is exceeded.

20.  (Currently Amended)  The computer program product of claim 15, comprising program code executable by the processor to assign taint tags to entries in a data structure that share [[a]] the common hash value.

21.  (Cancel).
22.  (Cancel).

Reasons for Allowance
6.    Claims 1, 3-8, 12-15 and 19-20 are allowed over the prior arts of record.
7.    The following is an examiner’s statement of reasons for allowance: 
Regarding claims 1, 8 and 15, the prior art of record when viewed individually or in combination does not disclose or render obvious the features of the independent claims 1, 8 and 15.
The claimed invention pertains to instrument the application based on a baseline taint tracking scheme to generate an instrumented application comprising taint tags; executing the instrumented application to generate a profile of runtime behavior of the application…wherein generate the profile using a probability distribution, wherein the first data structure has a probability below a threshold probability not be tagged with a taint tag, and the second data structure has a probability higher than the threshold probability of a taint tags insert during instrumentation; modify the based taint tracking scheme to be add or remove taint tags based on profile…associate a single taint tag with the first data structure of the application in response to detecting that components  wherein the updated taint tracking scheme comprises an intermediate granularity of taint tags ranging over entries sharing a common hash value…such features in combination, are allowed over the prior art of record.
Claims 3-4, 12-14 and 19-20 are dependent upon claims 1, 8 and 15. Since the independent claims 1, 8 and 15 are allowable, claims 3-4, 12-14 and 19-20, being definite, further limiting, and fully enabled by the specification are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Iwamura et al. (US Pub. No. 2016/0127396 A1) discloses dynamic taint analysis is one type of such dynamic analysis of malware.  In dynamic taint analysis, a virtual central processing unit (CPU) tracks, in a virtual machine, for example, flow of data read 
Glew et al. (US Pub. No. 2019/0108332 A1) discloses the input interface can be operable to receive a plurality of taint indicators corresponding to at least one of a plurality of taints indicative of potential security risk which are injected from at least one of a plurality of resources.  The hardware component can be operable to track the plurality of taints. 
Tejas Saoji (Implementing Dynamic Coarse & Fine Grained Taint Analysis for Rehino Java Script, 2017) discloses Dynamic taint analysis offers an alternate solution — it marks the incoming data from the untrusted source as ‘tainted.’’ The flow of tainted data is tracked during the program execution. Whenever tainted data is used in a security-sensitive context, a proper action is taken. The execution may also be suspended depending upon the severity of the operation – See page 1.
Willam Enck (TaintDroid: An information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, 2014) discloses applications can share information. Limiting the monitoring system to a single application does not account for flows via files and IPC between applications, including core system applications designed to disseminate privacy-sensitive information – See page 3).
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONGBAO NGUYEN whose telephone number is (571)270-7180.  The examiner can normally be reached on Monday-Friday 8am-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MONGBAO NGUYEN/           Examiner, Art Unit 2192