DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 07/28/2021.
Claims 1, 8 and 15 have been amended and all other claims are previously presented.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/28/2021 has been entered.

Examiner’s Note
Claims 15-20 recites, “computer-readable media”. A review of specification indicates in paragraph 47 that the computer-readable medium is a non-transitory, which is compliant for 35 U.S.C. 101. 
Examiner had contacted the applicant’s representative and suggested a proposal to move forward the prosecution, however the proposal was declined. 

Priority
This application filed on December 04, 2018 claims priority of provisional application 62/612,972 filed on January 02, 2018.

Response to Arguments
Applicant’s amendment, filed on July 28, 2021 has claims 1, 8 and 15 amended and all other claims previously presented.
Applicant’s remark, filed on July 28, 2021 on bottom of page 7 regarding, “However, none of these references, alone or in combination, have been shown to teach performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on whether the one or more instructions includes one or more stack cookie handling instructions, as recited in claim 1” has been considered and found persuasive. However, applicant amendment necessitates a new ground of rejection accordingly a newly cited art by Skowyra et al. (US PGPUB. # US 2019/0173923) discloses, how computer systems are secured against threats. In order to determine the security of the computer, a query is received from the user and the query stack cookies, etc.) or the indicia may be a description of a constraint on a computer attack capability. Queries may include one or more defense techniques and, optionally, one or more computer attack capabilities. The reasoning engine 118 translates the queries associated with the defense techniques and, optionally, the computer attack capabilities into propositional logic constraints on the queryable representation, as described herein. For example, the reasoning engine 118 may receive a query that includes a set of defense techniques”. (¶43). Skowyra further teaches “FIG. 4A illustrates a formula 400 for determining a defense coverage metric, according to an exemplary embodiment. Once in SDDNNF, the metrics computation engine 114 may compute quantitative defense coverage metrics to compare defense techniques against one another based on a degree to which each defense technique constrains computer attack capabilities. As defense techniques are represented as logical constraints over computer attack capabilities, these constraints limit what computer attack capabilities can be simultaneously selected as part of a security threat. The metrics computation engine 114 counts how many distinct security threats are possible in the presence of a deployed defense technique, and computes a measurement of that defense technique's defense coverage over the space of the security threats. Specifically, for each defense technique in the model, the metrics computation engine 114 can compute the defense coverage metric using the 400, where D is the set of literals corresponding to the defense techniques included in the model, G is a solution counting function which takes a set of constraints and returns the number of formula solutions under those constraints, Sd={d}U{¬d′∈D|d′≠d} is a constraint set in which the defense technique d is enabled and all other defense techniques are disabled, and Sf={¬d′∈} is a constraint set in which all defense techniques are disabled.” (¶77). The defense coverage metrics for two memory corruption defense techniques, Readactor and Stack Cookies, are shown in a table 405 in FIG. 4B. The constraints imposed on the computer attack capabilities for each defense technique are shown in FIG. 4B, as are their defensive coverages.  Stack canaries protect against buffer overflows on a stack, assuming no memory disclosures are present. This is captured in the defense constraint. If the memory layout of the victim is unknown, and memory corruption happens via an overflow on the stack, then the attacker's corruption of process control data cannot include a corruption of return addresses. This is a weaker constraint than Readactor, as shown when comparing their respective defense coverage metrics in FIG. 4B”. (Fig. 4B, ¶79-¶80). “FIG. 5A is a computer-implemented method 500 for assessing a defense technique, according to an exemplary embodiment. At step 502, the method includes executing a reasoning engine (e.g., reasoning engine 118) that receives as an input to the reasoning engine a query that includes an indicia of a defense technique to a computer security threat. At step 504, the reasoning engine translates the defense technique into a propositional logic constraint on a queryable representation of a Boolean formula representing a model complied from a set of computer security threats and a set of defense techniques. At step 506, the reasoning engine performs an assessment of the defense technique based on the propositional logic 508, the reasoning engine displays, on a graphical user interface, a result of the assessment to indicate a level of security provided by the defense technique to the member”. (Fig. 5A, ¶84). Thus Skowyra teaches, whether stack canaries (cookies) for security protection are utilized in a program is determined by performing a query and analysis. 
Applicant’s remark, filed on July 28, 2021 on top of page 9 regarding, “However, the Office Action fails to cite any passages in Hasse that teach or suggest the stack cookie protection that includes a placement of a cookie value on a stack at a boundary between a function's local data and information used to maintain an organization of the stack, much less determining whether a function uses such a technique based on whether the function includes one or more stack cookie handling instructions” has been considered and found not persuasive as cited reference by Borde et al. (US PGPUB. # US 2007/0089088) discloses, “allocating memory may be recursively applied for any number of functions or subroutines. For example, function 120 may need to call a function or subroutine 130 (referred to as F3 in the figure) in order to continue the execution of the operation. Function 130 is pushed onto the stack by application 150, which also includes protected data 131 that is pushed onto the stack with function 130. Similar to protected data 121 for function F2, protected data 131 may be a return address that allows function 130 to know where to return control to when it has finished executing. Again, the function 130 will typically return control to the function that called it, which in this case is function 120. Assigning the return addresses when a function is pushed onto the stack helps ensure that when a function has completed its execution of the operation, it returns control to a cookies are typically placed between the buffer 125 and the next returning address 121. Accordingly, the function 120 before executing the protected data 121 will check the cookie value 122 against a global cookie 140 within memory 142 to ensure that a buffer overrun has not caused a corruption of the protected data 121. As previously described, however, there may be instances where the protected data can be corrupted even with implementing the cookie authentication processes just described. For example, when a function invokes a stack-walk (e.g., when calling an exception, garbage collection, security check, etc.), an evaluation of the stack may be performed prior to reaching the protected data 121; and thus prior to checking the authentication of the cookie 122. In addition, there may be race conditions that can overwrite the protected data 121 during the validation of the cookie 122, thus allowing the function F2 (120) to both validate the cookie 122 and call corrupted protected data 121”. (Fig. 1, ¶30-¶31).  As pointed out in above paragraph 12 Skowyra et al. teaches the limitation, determining whether a function uses such a technique based on whether the function includes one or more stack cookie handling instructions Thus contrary to applicant’s belief combination of  Borde et al. and Skowyra et al. teaches the amended claim limitations. The motivation/suggestion for doing so would be to dynamically accessing information about the expected location of cookies on a stack to protect a code.
Applicant’s remark, filed on July 28, 2021 on top of page 10 regarding, “the Office Action fails to cite any passages in Borde that teach or suggest performing a binary static 
Applicant’s remark, filed on July 28, 2021 on the middle of page 10 regarding, “the Office Action has not demonstrated any teaching, suggestion, or motivation to combine the cited references in a way to teach or suggest the above-recited feature” has been considered, however argument doesn’t apply to the new combination of references by Borde in view of Skowyra and Maeda.
 
Applicant further recites similar remarks as listed above for dependent claims, 3-7, 10-14 and 17-20. Please see response for remarks in above paragraph 10 that clearly shows how the cited prior arts Borde, Skowyra, Maeda and Shupak clearly teaches the claimed limitations.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 8-9 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Borde et al. (US PGPUB. # US 2007/0089088, hereinafter “Borde”), and further in view of  and further in view of Skowyra et al. (US PGPUB. # US 2019/0173923, here in after “Skowyra”), Maeda et al. (US PGPUB. # US 2012/0297485, hereinafter “Maeda”).

Referring to Claims 1, 8 and 15:
Regarding Claim 1, Borde teaches,
A method, comprising: 
identifying a function defined in a binary software component, the function including one or more instructions; (Fig. 2 (251, 252, 253), ¶33, “Application 240 may include a series of subroutines or functions that are utilized by application 240 to perform an operation”, ¶36, “The function 251 may be any function or subroutine of application 240”, i.e. a function is identified),  
[performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on whether the one or more instructions include one or more stack cookie handling instructions], wherein the stack cookie protection comprises a placement of a cookie value on a stack at a boundary between a function's local data and information used to maintain an organization of the stack (Fig. 1, ¶30-¶31, “cookies are typically placed between the buffer 125 and the next returning address 121. Accordingly, the function 120 before executing the protected data 121 will check the cookie value 122 against a global cookie 140 within memory 142 to ensure that a buffer overrun has not caused a corruption of the protected data 121”, i.e. a cookie is placed between function’s local data and an information used to maintain an organization of the stack); and
Borde does not teach explicitly,
performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on whether the one or more instructions include one or more stack cookie handling instructions, [wherein the stack cookie protection comprises a placement of a cookie value on a stack at a boundary between a function's local data and information used to maintain an organization of the stack]
in response to determining that the function utilizes stack cookie protection, updating a security report for the binary software component to indicate that the function utilizes stack cookie protection.
However, Skowyra teaches,
performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on whether the one or more instructions include one or more stack cookie handling instructions, (¶43, “The reasoning engine 118 uses the queryable representation to compute metrics in response to receiving as an input a query that includes an indicia of a defense technique to a computer security threat. The indicia of a defense technique may be a name of the defense technique (e.g., readactor, stack cookies, etc.)”, Fig. 4A, ¶77, “the metrics computation engine 114 may compute quantitative defense coverage metrics to compare defense techniques against one another based on a degree to which each defense technique constrains computer attack capabilities. As defense techniques are represented as logical constraints over computer attack capabilities, these constraints limit what computer attack capabilities can be simultaneously selected as part of a security threat. The metrics computation engine 114 counts how many distinct security threats are possible in the presence of a deployed defense technique, and computes a measurement of that defense technique's defense coverage over the space of the security threats”, Fig. 4B, ¶79-¶80, “ stack canaries protect against buffer overflows on a stack, assuming no memory disclosures are present. This is captured in the defense constraint”, Fig. 5A, ¶84, i.e. based on a query it is determined that a function utilizes stack cookie protection) [wherein the stack cookie protection comprises a placement of a cookie value on a stack at a boundary between a function's local data and information used to maintain an organization of the stack]
in response to determining that the function utilizes stack cookie protection, (¶43, “The reasoning engine 118 uses the queryable representation to compute metrics in response to receiving as an input a query that includes an indicia of a defense technique to a computer security threat. The indicia of a defense technique may be a name of the defense technique (e.g., readactor, stack cookies, etc.)”, Fig. 4B, ¶80, Fig. 5A (506), ¶84, “At step 506, the reasoning engine performs an assessment of the defense technique based on the propositional logic constraint on the queryable representation, to quantify the defense technique relative to a member of the set of computer security threats”, i.e. determines that the function utilizes stack canaries (cookies) protection) [updating a security report for the binary software component to indicate that the function utilizes stack cookie protection]. 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Skowyra with the invention of Borde.
Borde teaches, placing a stack cookie in a function for a protection. Skowyra teaches, analyzing a function to determine whether a function utilizes a stack cookie. Therefore, it would have been obvious to have analyzing a function to determine whether a function utilizes a stack cookie of Skowyra with placing a stack cookie in a function for a protection of Borde to dynamically accessing information about the expected location of cookies on a stack to protect a code.. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Borde and Skowyra does not teach explicitly,
[in response to determining that the function utilizes stack cookie protection], updating a security report for the binary software component to indicate that the function utilizes stack cookie protection.
However, Maeda teaches,
[in response to determining that the function utilizes stack cookie protection], updating a security report for the binary software component to indicate that the function utilizes stack cookie protection. (Fig. 7, ¶115, “The checked-application management unit 1500 manages the check result by updating the attack check result list 1530”, ¶117, ¶121, ¶123, “In the attack check result list 1530, any of the following three values are stored as a check result by an attack check unit 1512: check results "SAFE" and "ATTACKED" indicating whether the application is under attack, and a check result "REQUIRED" indicating that there is need to check if the application is under attack. Here, the check result "SAFE" indicates that a program (application) having a corresponding application identifier is not under attack”, i.e. a security report is updated).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Maeda with the invention of Borde in view of Skowyra.
Borde in view of Skowyra teaches, placing a stack cookie in a function for a protection and analyzing a function to determine whether a function utilizes a stack cookie. Maeda teaches, performing a security analysis and updating a security report. Therefore, it would have been obvious to have performing a security analysis and updating a security report of Maeda into the teachings of Borde in view of Skowyra to provide a security report regarding an application program. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 8, it is a device claim of above method claim 1 and therefore Claim 8 is rejected with the same rationale as applied against Claim 1 above. In addition, Skowyra teaches,
determining that a binary software component was compiled with stack cookie functionality enabled based on metadata included with the binary software component (¶58-¶59, “The defense models represent twenty well-known memory protection defense techniques, including control-flow integrity, code pointer integrity, readactor, timely address space randomization (TASR), binary stirring, instruction layout randomization (ILR), as well as widely deployed defenses such as data execution prevention (DEP), stack canaries, and address space layout randomization (ASLR)”, ¶60, ¶79-¶80, Claim - 8).

Regarding Claim 15, it is a computer-readable media claim of above method claim 1 and therefore Claim 15 is rejected with the same rationale as applied against Claim 1 above. 

Referring to Claims 2, 9 and 16:
Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Combination of Borde and Skowyra does not teach explicitly,
The method of claim 1, further comprising: 
in response to determining that the function does not utilize stack cookie protection, updating a security report for the binary software component to indicate that the function does not utilize stack cookie protection.
However, Maeda teaches,
The method of claim 1, further comprising: 
in response to determining that the function does not utilize stack cookie protection, updating a security report for the binary software component to indicate that the function does not utilize stack cookie protection (¶107, “it is assumed that the buffer overflow vulnerability is present in the get data body function 1562 on the path 2. In this case”, ¶109, “a caller address and a stack point value at which the application has made the system call request are also stored in association with a check result in an attack check result list 1530 which is used by an attack check determination unit 1510 for the determination”, ¶115, Fig. 7, ¶123, “the check result "REQUIRED" indicates that there is need to check to determine if the program is under attack”, i.e. examiner submits that it is determined that stack cookie is not utilized and hence there a possibility of buffer overflow attack and as a result the report status is updated to “REQUIRED”).

Regarding Claim 9, rejection of Claim 8 is included and Claim 9 is rejected with the same rationale as applied against Claim 2 above.

 Regarding Claim 16, rejection of Claim 15 is included and Claim 16 is rejected with the same rationale as applied against Claim 2 above.

Claims 3-7, 10-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Borde et al. (US PGPUB. # US 2007/0089088, hereinafter “Borde”), and further in view of  and further in view of Skowyra et al. (US PGPUB. # US 2019/0173923, here in after “Skowyra”), Maeda et al. (US PGPUB. # US 2012/0297485, hereinafter “Maeda”), and further in view of Shupak et al. (US PGPUB. # US 2005/0144471, hereinafter “Shupak”).

Referring to Claims 3, 10 and 17:
Regarding Claim 3, rejection of Claim 1 is included and combination of  Borde, Skowyra and Maeda does not teach explicitly,
The method of claim 1, wherein the one or more stack cookie handling instructions are configured, when executed by a processor, to insert a particular data sequence into an execution stack maintained by the processor when the function is called to mark a boundary of stack data associated with the function.
However, Shupak teaches,
The method of claim 1, wherein the one or more stack cookie handling instructions are configured, when executed by a processor, to insert a particular data sequence into an execution stack maintained by the processor when the function is called to mark a boundary of stack data associated with the function (Fig. 2, ¶35, “For every call to setjmp, the compiler 200 emits an entry to a special section such as a table or other storage area or device 202 (e.g., a .setjmp table, as described further below). The compiler 200 records the (setjmp) return address in the .setjmp table 202”, ¶39, “a module built by a compiler will have a .setjmp table comprising a list of the known target or return addresses for the module. Therefore, the compiler knows at compile time which functions are truly target or return addresses”, i.e. examiner submits that .setjmp table is considered as particular data sequence and return address is considered as boundary of stack data associated with a function).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Shupak with the invention of Borde in view of Skowyra and Maeda.
Borde in view of Skowyra and Maeda teaches, placing a stack cookie in a function for a protection and analyzing a function to determine whether a function utilizes a stack cookie and performing a security analysis and updating a security report. Shupak teaches, inserting .setjmp (data sequence) instruction along with a return address (boundary). Therefore, it would have been obvious to have inserting .setjmp (data sequence) instruction along with a return address (boundary) of Shupak into the teachings of Borde in view of Skowyra and Maeda to detect and avoid a malicious attack. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, rejection of Claim 8 is included and Claim 10 is rejected with the same rationale as applied against Claim 3 above.

 Regarding Claim 17, rejection of Claim 15 is included and Claim 17 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 4, 11 and 18:
Regarding Claim 4, rejection of Claim 3 is included and for the same motivation combination of  Borde, Skowyra and Maeda does not teach explicitly,
The method of claim 3, wherein the particular data sequence is generated at compile time.
However, Shupak teaches,
The method of claim 3, wherein the particular data sequence is generated at compile time (Fig. 2, ¶35, “For every call to setjmp, the compiler 200 emits an entry to a special section such as a table or other storage area or device 202 (e.g., a .setjmp table, as described further below). The compiler 200 records the (setjmp) return address in the .setjmp table 202”, ¶39, “a module built by a compiler will have a .setjmp table comprising a list of the known target or return addresses for the module. Therefore, the compiler knows at compile time which functions are truly target or return addresses”, ¶49, “To generate the security cookie, for example, the values in the jmp_buf structure could all be XORed with one another and with the known value, such as a secret or earlier determined cookie value”, i.e. .setjmp table (data sequence) is generated during compile time) .

Regarding Claim 11, rejection of Claim 10 is included and Claim 11 is rejected with the same rationale as applied against Claim 4 above.

 Regarding Claim 18, rejection of Claim 17 is included and Claim 18 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5, 12 and 19:
Regarding Claim 5, rejection of Claim 3 is included and for the same motivation combination of  Borde, Skowyra and Maeda does not teach explicitly,
The method of claim 3, wherein the one or more stack cookie handling instructions include an instruction to generate the particular data sequence when the function is called.
However, Shupak teaches,
The method of claim 3, wherein the one or more stack cookie handling instructions include an instruction to generate the particular data sequence when the function is called (¶49, “To generate the security cookie, for example, the values in the jmp_buf structure could all be XORed with one another and with the known value, such as a secret or earlier determined cookie value”, ¶50, “The jmp_buf structure is validated by determining if any portion of it was changed. Setjmp captures all the values and calculates a security cookie. Before dispatching”, i.e. particular data sequence is generated when the function is called).

Regarding Claim 12, rejection of Claim 10 is included and Claim 12 is rejected with the same rationale as applied against Claim 5 above.

 Regarding Claim 19, rejection of Claim 17 is included and Claim 19 is rejected with the same rationale as applied against Claim 5 above.

Referring to Claims 6, 13 and 20:
Regarding Claim 6, rejection of Claim 3 is included and for the same motivation combination of  Borde, Skowyra and Maeda does not teach explicitly,
The method of claim 3, wherein the one or more stack cookie handling instructions are configured, when executed by the processor, to determine whether the particular data sequence remains in the execution stack when the function returns after the function is called.
However, Shupak teaches,
The method of claim 3, wherein the one or more stack cookie handling instructions are configured, when executed by the processor, to determine whether the particular data sequence remains in the execution stack when the function returns after the function is called (¶50, “The jmp_buf structure is validated by determining if any portion of it was changed. Setjmp captures all the values and calculates a security cookie”, ¶51, “when the implementation of longjmp is ready to pass control to the target address in the jmp_buf, it checks to see if the module has a .setjmp section which contains a set of valid return addresses. If a .setjmp section exists, the dispatcher goes to the .setjmp section and determines if the setjmp return address is listed therein, using a binary search, for example. If the setjmp return address is listed, longjmp executes”, i.e. by determining set of valid return addresses in .setjmp indicates that sequence remains in the execution stack).

Regarding Claim 13, rejection of Claim 10 is included and Claim 13 is rejected with the same rationale as applied against Claim 6 above.

 Regarding Claim 20, rejection of Claim 17 is included and Claim 20 is rejected with the same rationale as applied against Claim 6 above.

Referring to Claims 7 and 14:
Regarding Claim 7, rejection of Claim 6 is included and for the same motivation combination of  Borde, Skowyra and Maeda does not teach explicitly,
The method of claim 6, wherein the one or more stack cookie handling instructions are configured, when executed by the processor, to cause execution of the binary software component to halt in response to determining that the particular data sequence does not remain in the execution stack when the function returns.
However, Shupak teaches,
The method of claim 6, wherein the one or more stack cookie handling instructions are configured, when executed by the processor, to cause execution of the binary software component to halt in response to determining that the particular data sequence does not remain in the execution stack when the function returns (Fig. 3(399), ¶41, “The return address dispatcher then determines from the .setjmp table, at step 340, whether the return address is valid or not. If not, the return address dispatcher assumes the application is under attack and terminates the process' execution, at step 399”, Fig. 4(450), ¶45, “the retrieved cookie is not on the list of valid cookies, it is determined to have been corrupted, in which case the program is aborted, at step 450”, Fig. 5(550), ¶48, “If, however, the retrieved cookie is not on the list of valid cookies, it is determined to have been corrupted, in which case the program is aborted, at step 550”, i.e. execution of program is terminated (halted)).

Regarding Claim 14, rejection of Claim 13 is included and Claim 14 is rejected with the same rationale as applied against Claim 7 above.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Muttik et al. (US PGPUB. # US 2017/0090929) discloses, a processor operable to execute a plurality of instructions forming a program; and a verification engine, operable to: receive an execution control data (ECD) for the program; and monitor execution of only some instructions of the program to ensure that they are consistent with the ECD. In some embodiments, the monitoring engine may include a correctness monitoring unit (CMU) in processor hardware. There is also disclosed one or more computer-readable storage mediums having stored thereon executable instructions for 
Gupta et al. (US PGPUB. # US 2016/0212159) discloses, a model of a computer application during load time and stores the model of the computer application in a database. This example method and corresponding apparatus also inserts instructions into the computer application to collect data at runtime. This example method and corresponding apparatus then analyzes the data collected at runtime against the stored model of the computer application to detect one or more security events and tracks the one or more security events using a state machine.
Enbody et al. (US PGPUB. # US 2008/0140884) discloses, a computer processor protects a protected word in computer readable memory by employing a canary word in the same buffer as the protected word that is protected by a secure bit and/or by employing a canary bit that directly protects the protected word. A bit setting module marks the protected word as tainted by setting the secure bit or canary bit in response to overwrite of the canary word and/or protected word, including overwrite resulting from overflow of the buffer. A validation module validates non-control data stored in the protected word every time the non-control data is used by a computer process by checking the secure bit of the canary word and/or by checking the canary bit of the protected word. 
Gupta (US PGPUB. # US 2017/0132419) discloses, a system analyzes a set of computer routines. The system may perform an analysis including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set. Based upon the analysis, the system may identify one or more computer 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/DARSHAN I DHRUV/           Examiner, Art Unit 2498