DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on January 19, 2022.
Claims 1-20 are allowed.

Allowable Subject Matter
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the amendment presented on January 19, 2022.
Specifically, the independent Claim 1 now recites limitations as follows:
“A method, comprising: 
identifying a function defined in a binary software component, the function including one or more instructions; 
performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on whether the one or more instructions include one or more stack cookie handling instructions, wherein the stack cookie protection comprises a placement of a cookie value on a stack at a boundary between a function's local data and information used to maintain an organization of the stack, and wherein performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection comprises: 
examining a function prologue of the function to detect whether the function includes one or more stack cookie handling instructions; and 
in response to determining that the function utilizes stack cookie protection, updating a security report for the binary software component to indicate that the function utilizes stack cookie protection”.
The cited reference by Borde et al. (US PGPUB. # US 2007/0089088) discloses, a computing system 200 includes an application 240, which can be any computing applications known to one skilled in the art. Examples of well known applications include word processing, data storage, and the like. Application 240 may include a series of subroutines or functions that are utilized by application 240 to perform an operation. (¶33). Application 240 may push a function or subroutine 251 onto the stack 250 for use during an operation. The function 251 may be any function or subroutine of application 240. In some embodiments, function 251 may need to call an additional function or subroutine in order to continue the execution of the operation. In such case, application 240 may also push application 252 onto the stack 250. Function 252 may also be any function or subroutine of application 240 (or possibly some other application). In order to allow function 252 to return control of the operation to function 251 (or any other function as the case may be) when function 252 has completed execution, protected data 255 is also pushed onto the stack by application 240. (Fig. 2(251, 252, 253), ¶36). Thus a function is identified. For example, function (¶30-¶31). Thus a cookie is placed between function’s local data and an information used to maintain an organization of the stack. 
The reference by Skowyra et al. (US PGPUB. # US 2019/0173923) discloses, the reasoning engine 118 uses the queryable representation to compute metrics in response to receiving as an input a query that includes an indicia of a defense technique to a computer security threat. The indicia of a defense technique may be a name of the defense technique (e.g., readactor, stack cookies, etc.) or the indicia may be a description of a constraint on a computer attack capability. Queries may include one or more defense techniques and, optionally, one or more computer attack capabilities. The reasoning engine 118 translates the queries associated with the defense techniques and, optionally, the computer attack capabilities into propositional logic constraints on the queryable representation, as described herein. For example, the reasoning engine 118 may receive a query that includes a set of defense techniques. (¶43). FIG. 4A illustrates a formula 400 for determining a defense coverage metric, according to an exemplary embodiment. Once in SDDNNF, the metrics computation engine 114 may compute quantitative defense coverage metrics to compare defense techniques against one another based on a degree to which 114 counts how many distinct security threats are possible in the presence of a deployed defense technique, and computes a measurement of that defense technique's defense coverage over the space of the security threats. Specifically, for each defense technique in the model, the metrics computation engine 114 can compute the defense coverage metric using the formula 400, where D is the set of literals corresponding to the defense techniques included in the model, G is a solution counting function which takes a set of constraints and returns the number of formula solutions under those constraints, S.sub.d={d}U{¬d′∈D|d′≠d} is a constraint set in which the defense technique d is enabled and all other defense techniques are disabled, and S.sub.of f={¬d′∈} is a constraint set in which all defense techniques are disabled. (Fig. 4A, ¶77). The constraints imposed on the computer attack capabilities for each defense technique are shown in FIG. 4B, as are their defensive coverages. Readactor is a memory corruption defense technique that relies on fine-grained randomization and non-executable memory. With respect to the computer attack capabilities, Readactor constrains security threats such that: (1) the text segment of a process is unreadable to an attacker, (2) the victim's memory image must be known (i.e., an attacker's local copy cannot be used to identify gadget locations, where the gadget is a series of machine instructions terminating in a ret or ret-(Fig. 4B, ¶79-¶80). FIG. 5A is a computer-implemented method 500 for assessing a defense technique, according to an exemplary embodiment. At step 502, the method includes executing a reasoning engine (e.g., reasoning engine 118) that receives as an input to the reasoning engine a query that includes an indicia of a defense technique to a computer security threat. At step 504, the reasoning engine translates the defense technique into a propositional logic constraint on a queryable representation of a Boolean formula representing a model complied from a set of computer security threats and a set of defense techniques. At step 506, the reasoning engine performs an 508, the reasoning engine displays, on a graphical user interface, a result of the assessment to indicate a level of security provided by the defense technique to the member. (Fig. 5A, ¶84).  The reasoning engine 118 uses the queryable representation to compute metrics in response to receiving as an input a query that includes an indicia of a defense technique to a computer security threat. The indicia of a defense technique may be a name of the defense technique (e.g., readactor, stack cookies, etc.) or the indicia may be a description of a constraint on a computer attack capability. Queries may include one or more defense techniques and, optionally, one or more computer attack capabilities. The reasoning engine 118 translates the queries associated with the defense techniques and, optionally, the computer attack capabilities into propositional logic constraints on the queryable representation, as described herein. For example, the reasoning engine 118 may receive a query that includes a set of defense techniques. (¶43).
The reference by Maeda et al. (US PGPUB. # US 2012/0297485) discloses, more specifically, the checked-application management unit 1500 has the attack check result list 1530 shown in FIG. 7. The checked-application management unit 1500 manages the check result by updating the attack check result list 1530. (Fig. 7, ¶115). FIG. 7 shows the attack check result list 1530 by way of example. The attack check result list 1530 includes the application identifier, the content identifier, the caller address, the stack point value, and the (¶117). The stack point value is a stack pointer value of an application when the application makes a system call request. For example, the stack point value is a stack pointer value of the display application when the display application makes an image data read request. (¶121). In the attack check result list 1530, any of the following three values are stored as a check result by an attack check unit 1512: check results "SAFE" and "ATTACKED" indicating whether the application is under attack, and a check result "REQUIRED" indicating that there is need to check if the application is under attack. Here, the check result "SAFE" indicates that a program (application) having a corresponding application identifier is not under attack. Moreover, the check result "ATTACKED" indicates that the program is under attack. Moreover, the check result "REQUIRED" indicates that there is need to check to determine if the program is under attack. It should be noted that the expressions "SAFE", "ATTACKED", and "REQUIRED" are merely illustrative and any other characters and symbols may be stored in the attack check result list 1530. For example, "OK", "NG", and "UNKNOWN" may be used instead of "SAFE", "ATTACKED", and "REQUIRED", respectively. (¶123).
Muttik et al. (US PGPUB. # US 2017/0090929) discloses, a processor operable to execute a plurality of instructions forming a program; and a verification engine, operable to: receive an execution control data (ECD) for the program; and monitor execution of only some instructions of the program to ensure that they are consistent with the ECD. In some embodiments, the monitoring engine may include a correctness monitoring unit (CMU) in processor (Abstract).
Gupta et al. (US PGPUB. # US 2016/0212159) discloses, a model of a computer application during load time and stores the model of the computer application in a database. This example method and corresponding apparatus also inserts instructions into the computer application to collect data at runtime. This example method and corresponding apparatus then analyzes the data collected at runtime against the stored model of the computer application to detect one or more security events and tracks the one or more security events using a state machine. (Abstract).
Enbody et al. (US PGPUB. # US 2008/0140884) discloses, a computer processor protects a protected word in computer readable memory by employing a canary word in the same buffer as the protected word that is protected by a secure bit and/or by employing a canary bit that directly protects the protected word. A bit setting module marks the protected word as tainted by setting the secure bit or canary bit in response to overwrite of the canary word and/or protected word, including overwrite resulting from overflow of the buffer. A validation module validates non-control data stored in the protected word every time the non-control data is used by a computer process by checking the secure bit of the canary word and/or by checking the canary bit of the protected word. (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “……..wherein performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection comprises: examining a function prologue of the function to detect whether the function includes one or more stack cookie handling instructions; and in response to determining that the function utilizes stack cookie protection, updating a security report for the binary software component to indicate that the function utilizes stack cookie protection….”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 8 is a device claim of above method claim 1 and Claim 15 is a non-transitory computer readable media claim of above method claim 1, and therefore, they are also allowed.
Claims 2-7 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 9-14 depend on the allowed claim 8, and therefore, they are also allowed.
Claims 16-20 depend on the allowed claim 15, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498