Hybrid analysis of vulnerable information flows

US 8,869,287 B2
Filed: 12/31/2012
Issued: 10/21/2014
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a hardware processor programmed to initiate executable operations comprising;

performing a black-box scan of an application;

based on the black-box scan, recording a call-tree representation of a plurality of call stacks arising in the application due to test inputs provided during the black-box scans the call tree representation indicating paths between the plurality of call stacks;

performing, for each of the paths in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis, and by the static analysis determining at least one parameter value that, when abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink; and

generating a security report identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.

Citations

16 Claims

1. A system comprising:
- a hardware processor programmed to initiate executable operations comprising;
  
  performing a black-box scan of an application;
  
  based on the black-box scan, recording a call-tree representation of a plurality of call stacks arising in the application due to test inputs provided during the black-box scans the call tree representation indicating paths between the plurality of call stacks;
  
  performing, for each of the paths in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis, and by the static analysis determining at least one parameter value that, when abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink; and
  
  generating a security report identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, the processor further programmed to initiate executable operations comprising:
    - determining whether abstracting a single parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink;
      
      responsive to determining that abstracting the single parameter value does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink, abstracting at least two parameter values, and determining whether abstracting at least two parameter values drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink.
  - 3. The system of claim 2, the processor further programmed to initiate executable operations comprising:
    - responsive to determining that abstracting the two parameter values does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink, abstracting at least three parameter values, and determining whether abstracting at least three parameter values drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink.
  - 4. The system of claim 1, the processor further programmed to initiate executable operations comprising:
    - determining, for each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a security confidence level of the path according to a number of parameter values that need to be abstracted to drive execution of the application, via the path, to flow to the at least one security sink.
  - 5. The system of claim 1, the processor further programmed to initiate executable operations comprising:
    - determining whether abstracting a first parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink;
      
      responsive to determining that abstracting the first parameter value does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink, abstracting at least a second parameter value, and determining whether abstracting the second parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.
  - 6. The system of claim 1, wherein performing the static analysis to determine at least one parameter value that, when abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to at least one security sink comprises:
    - abstracting a parameter value for each respective parameter the application is configured to receive from a user.
  - 7. The system of claim 1, wherein the security report further indicates the at least one parameter that, when its parameter value is abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.
  - 8. The system of claim 7, wherein the security report further indicates a parameter value, or range of parameter values, for the parameter that drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.

9. A computer program product for analyzing vulnerable information flows in an application, the computer program product comprising a computer readable storage device, wherein the computer readable storage device is not a transitory, propagating signal per se, having program code or stored thereon, the program code executable by a processor to perform a method comprising:
- performing, by the processor, a black-box scan of the application;
  
  based on the black-box scan, recording, by the processor, a call-tree representation of a plurality of call stacks arising in the application due to test inputs provided during the black-box scan, the call tree representation indicating paths between the plurality of call stacks;
  
  performing, by the processor, for each of the paths in the call-tree that does not constitute a vulnerable information flow during the black-box scan, a static analysis, and by the static analysis determining at least one parameter value that, when abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink; and
  
  generating, by the processor, a security report identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, the method further comprising:
    - determining, by the processor, whether abstracting a single parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink;
      
      responsive to determining that abstracting the single parameter value does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink, abstracting, by the processor, at least two parameter values, and determining whether abstracting at least two parameter values drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink.
  - 11. The computer program product of claim 10, the method further comprising:
    - responsive to determining that abstracting the two parameter values does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink, abstracting, by the processor, at least three parameter values, and determining whether abstracting at least three parameter values drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the security sink.
  - 12. The computer program product of claim 9, the method further comprising:
    - determining, by the processor, for each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a security confidence level of the path according to a number of parameter values that need to be abstracted to drive execution of the application, via the path, to flow to the at least one security sink.
  - 13. The computer program product of claim 9, the method further comprising:
    - determining, by the processor, whether abstracting a first parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink;
      
      responsive to determining that abstracting the first parameter value does not drive execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink, abstracting, by the processor, at least a second parameter value, and determining whether abstracting the second parameter value drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.
  - 14. The computer program product of claim 9, wherein performing the static analysis to determine at least one parameter value that, when abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to at least one security sink comprises:
    - abstracting, by the processor, a parameter value for each respective parameter the application is configured to receive from a user.
  - 15. The computer program product of claim 9, wherein the security report further indicates the at least one parameter that, when its parameter value is abstracted, drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.
  - 16. The computer program product of claim 15, wherein the security report further indicates a parameter value, or range of parameter values, for the parameter that drives execution of the application, via the path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, to flow to the at least one security sink.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Beskrovny, Evgeny, Sharabani, Adi, Tripp, Omer
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Nipa, Wasika

Application Number

US13/731,170
Publication Number

US 20140189874A1
Time in Patent Office

659 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Hybrid analysis of vulnerable information flows

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid analysis of vulnerable information flows

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links