×

HYBRID ANALYSIS OF VULNERABLE INFORMATION FLOWS

  • US 20140189875A1
  • Filed: 09/13/2013
  • Published: 07/03/2014
  • Est. Priority Date: 12/31/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method of analyzing vulnerable information flows in an application, the method comprising:

  • performing a black-box scan of the application, using a processor, to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan;

    performing, for each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink; and

    generating a security report identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×