Static program analysis of a partial software program
First Claim
1. A method, comprising:
- receiving, by a hardware processor, a first software program, wherein the first software program is designed to execute using a second software program, wherein the first software program comprises a first symbolic value indicating a characteristic of the second software program, the first symbolic value indicating a parameter that the first software program requests from the second software program;
Analyzing, by the hardware processor, the first software program using a static program analysis, wherein the analyzing the first software program using the static program analysis comprises;
Determining whether a concrete value exists for the parameter that the first software program requests from the second software program; and
in response to determining that no concrete value exists for the parameter that the first software program requests from the second software program, generating a second symbolic value based on the first symbolic value, the second symbolic value indicating a characteristic of the first software program, wherein the first software program is analyzed independent of an availability of the second software program;
wherein the static program analysis generates a plurality of threads, each of the plurality of thread corresponding to a conditional branch of the first software program, wherein the plurality of threads are executed separately by the static program analysis;
determining, by the hardware processor, that the second symbolic value is associated with a predetermined characteristic indicating private data associated with a security policy and determining that an action associated with the second symbolic value resulting from executing the first software program using the second software program would be a violation of the security policy, wherein the action is exporting the second symbolic value from the first software program to an unauthorized entity;
In response to the determining, generating, by the hardware processor, a warning signal; and
sending the warning signal to a user interface.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for analyzing a partial software program includes receiving a first software program. The first software program is designed to execute using a second software program. A first symbolic value indicates a characteristic of the second software program. The first software program is analyzed using a static program analysis, where the static program analysis generates a second symbolic value based on the first symbolic value. The second symbolic value indicates a characteristic of the first software program. The first software program is analyzed independent of an availability of the second software program. In response to determining that the second symbolic value is associated with a predetermined characteristic and that the first software program would perform an action associated with the second symbolic value if the first software program was executed using the second software program, a warning signal is generated.
19 Citations
18 Claims
-
1. A method, comprising:
- receiving, by a hardware processor, a first software program, wherein the first software program is designed to execute using a second software program, wherein the first software program comprises a first symbolic value indicating a characteristic of the second software program, the first symbolic value indicating a parameter that the first software program requests from the second software program;
Analyzing, by the hardware processor, the first software program using a static program analysis, wherein the analyzing the first software program using the static program analysis comprises; Determining whether a concrete value exists for the parameter that the first software program requests from the second software program; and in response to determining that no concrete value exists for the parameter that the first software program requests from the second software program, generating a second symbolic value based on the first symbolic value, the second symbolic value indicating a characteristic of the first software program, wherein the first software program is analyzed independent of an availability of the second software program; wherein the static program analysis generates a plurality of threads, each of the plurality of thread corresponding to a conditional branch of the first software program, wherein the plurality of threads are executed separately by the static program analysis; determining, by the hardware processor, that the second symbolic value is associated with a predetermined characteristic indicating private data associated with a security policy and determining that an action associated with the second symbolic value resulting from executing the first software program using the second software program would be a violation of the security policy, wherein the action is exporting the second symbolic value from the first software program to an unauthorized entity; In response to the determining, generating, by the hardware processor, a warning signal; and
sending the warning signal to a user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- receiving, by a hardware processor, a first software program, wherein the first software program is designed to execute using a second software program, wherein the first software program comprises a first symbolic value indicating a characteristic of the second software program, the first symbolic value indicating a parameter that the first software program requests from the second software program;
-
9. A device, comprising:
-
A memory; and At least one hardware processor communicatively coupled with the memory and configured to; receive a first software program, wherein the first software program is designed to execute using a second software program, wherein the first software program comprises a first symbolic value indicating a characteristic of the second software program, the first symbolic value indicating a parameter that the first software program requests from the second software program; Analyze the first software program using a static program analysis, wherein the analyzing the first software program using the static program analysis comprises; Determining whether a concrete value exists for the parameter that the first software program requests from the second software program; and in response to determining that no concrete value exists for the parameter that the first software program requests from the second software program, generating a second symbolic value based on the first symbolic value, the second symbolic value indicating a characteristic of the first software program, wherein the first software program is analyzed independent of an availability of the second software program; wherein the static program analysis generates a plurality of threads, each of the plurality of thread corresponding to a conditional branch of the first software program, wherein the plurality of threads are executed separately by the static program analysis; determine that the second symbolic value is associated with a predetermined characteristic indicating private data associated with a security policy and determining that an action associated with the second symbolic value resulting from executing the first software program using the second software program would be a violation of the security policy, wherein the action is exporting the second symbolic value from the first software program to an unauthorized entity;
in response to the determining, generate a warning signal;
send the warning signal to a user interface. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
-
receiving a first software program, wherein the first software program is designed to execute using a second software program, wherein the first software program comprises a first symbolic value indicating a characteristic of the second software program, the first symbolic value indicating a parameter that the first software program requests from the second software program; Analyzing the first software program using a static program analysis, wherein the analyzing the first software program using the static program analysis comprises;
determining whether a concrete value exists for the parameter that the first software program requests from the second software program; andin response to determining that no concrete value exists for the parameter that the first software program requests from the second software program, generating a second symbolic value based on the first symbolic value, the second symbolic value indicating a characteristic of the first software program, wherein the first software program is analyzed independent of an availability of the second software program; wherein the static program analysis generates a plurality of threads, each of the plurality of thread corresponding to a conditional branch of the first software program, wherein the plurality of threads are executed separately by the static program analysis; determining that the second symbolic value is associated with a predetermined characteristic indicating private data associated with a security policy and determining that an action associated with the second symbolic value resulting from executing the first software program using the second software program would be a violation of the security policy, wherein the action is exporting the second symbolic value from the first software program to an unauthorized entity;
in response to the determining, generating a warning signal; and
sending the warning signal to a user interface. - View Dependent Claims (17, 18)
-
Specification