Solution-Centric Reporting of Security Warnings

US 20160315960A1
Filed: 04/21/2015
Published: 10/27/2016
Est. Priority Date: 04/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method of automated analysis on source files of a software system, comprising:

receiving sets of trace data each representing a potential security flaw in the software system, the trace data comprising a set of trace nodes;

analyzing the sets of trace data to identify overlapping trace nodes;

processing the overlapping trace nodes to identify a reduced set of common nodes representing one or more potential fix points for a security flaw; and

outputting a report identifying the one or more potential fix points for the security flaw, together with a recommendation for addressing the security flaw.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.

15 Citations

24 Claims

1. A method of automated analysis on source files of a software system, comprising:
- receiving sets of trace data each representing a potential security flaw in the software system, the trace data comprising a set of trace nodes;
  
  analyzing the sets of trace data to identify overlapping trace nodes;
  
  processing the overlapping trace nodes to identify a reduced set of common nodes representing one or more potential fix points for a security flaw; and
  
  outputting a report identifying the one or more potential fix points for the security flaw, together with a recommendation for addressing the security flaw.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as described in claim 1 further including parsing the sets of trace data by vulnerability type prior to analyzing.
  - 3. The method as described in claim 1 wherein the overlapping trace nodes are processed to identify one or more common nodes by iterating each set of trace data and counting occurrences of a trace node.
  - 4. The method as described in claim 3 wherein the overlapping trace nodes are further processed by determining a most common node shared among a group of trace data sets that is closest to a source without being the source.
  - 5. The method as described in claim 3 wherein the overlapping trace nodes are further processed by determining a most common node shared among a group of trace data sets that is closest to the sink without being the sink.
  - 6. The method as described in claim 3 wherein the overlapping trace nodes are further processed by determining a most common source shared among a group of trace data sets.
  - 7. The method as described in claim 3 wherein the overlapping trace nodes are further processed by determining a most common sink shared among a group of trace data sets.
  - 8. The method as described in claim 1 wherein the reduced set of common nodes representing one or more potential fix points for the security flaw are nodes with user-accessible source files.

9. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions executed by the processor to perform automated analysis on source files of a software system, the computer program instructions operative to;
  
  receive sets of trace data each representing a potential security flaw in the software system, the trace data comprising a set of trace nodes;
  
  analyze the sets of trace data to identify overlapping trace nodes;
  
  process the overlapping trace nodes to identify a reduced set of common nodes representing one or more potential fix points for a security flaw; and
  
  output a report identifying the one or more potential fix points for the security flaw, together with a recommendation for addressing the security flaw.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus as described in claim 9 wherein the computer program instructions are further operative to parse the sets of trace data by vulnerability type prior to analyzing.
  - 11. The apparatus as described in claim 9 wherein the computer program instructions are further operative to process the trace nodes to identify one or more common nodes by iterating each set of trace data and counting occurrences of a trace node.
  - 12. The apparatus as described in claim 11 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common node shared among a group of trace data sets that is closest to a source without being the source.
  - 13. The apparatus as described in claim 11 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common node shared among a group of trace data sets that is closest to the sink without being the sink.
  - 14. The apparatus as described in claim 11 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common source shared among a group of trace data sets.
  - 15. The apparatus as described in claim 11 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common sink shared among a group of trace data sets.
  - 16. The apparatus as described in claim 9 wherein the reduced set of common nodes representing one or more potential fix points for the security flaw are nodes with user-accessible source files.

17. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to perform automated analysis on source files of a software system, the computer program instructions operative to:
- receive sets of trace data each representing a potential security flaw in the software system, the pathway data comprising a set of trace nodes;
  
  analyze the sets of trace data to identify overlapping trace nodes;
  
  process the overlapping trace nodes to identify a reduced set of common nodes representing one or more potential fix points for a security flaw; and
  
  output a report identifying the one or more potential fix points for the security flaw, together with a recommendation for addressing the security flaw.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product as described in claim 17 wherein the computer program instructions are further operative to parse the sets of trace data by vulnerability type prior to analyzing.
  - 19. The computer program product as described in claim 17 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify one or more common nodes by iterating each set of trace data and counting occurrences of a trace node.
  - 20. The computer program product as described in claim 19 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common node shared among a group of trace data sets that is closest to a source without being the source.
  - 21. The computer program product as described in claim 19 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common node shared among a group of trace data sets that is closest to the sink without being the sink.
  - 22. The computer program product as described in claim 19 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common source shared among a group of trace data sets.
  - 23. The computer program product as described in claim 19 wherein the computer program instructions are further operative to process the overlapping trace nodes to identify a most common sink shared among a group of trace data sets.
  - 24. The computer program product as described in claim 17 wherein the reduced set of common nodes representing one or more potential fix points for the security flaw are nodes with user-accessible source files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Duer, Kristofer Alyn, Teilhet, Stephen Darwin, Peyton, John Thomas Jr., Tripp, Omer

Granted Patent

US 9,729,569 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

Solution-Centric Reporting of Security Warnings

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Solution-Centric Reporting of Security Warnings

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links