Progressive static security analysis

US 9,135,441 B2
Filed: 09/12/2013
Issued: 09/15/2015
Est. Priority Date: 05/17/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

one or more memories comprising computer-readable code;

one or more processors,wherein the one or more processors are configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following;

determining modifications have been made to a program;

deriving data flow seeds that are affected by the modifications;

selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;

performing a security analysis on the program, wherein the security analysis comprises tracking flows emanating from the selected data flow seeds to sinks terminating the flows; and

outputting results of the security analysis, wherein the results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds,wherein at least the deriving, selecting, and performing are performed using a static analysis of the program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A disclosed method includes determining modifications have been made to a program and deriving data flow seeds that are affected by the modifications. The method includes selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and performing a security analysis on the program. The security analysis includes tracking flows emanating from the selected data flow seeds to sinks terminating the flows. The method includes outputting results of the security analysis. The results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds. At least the deriving, selecting, and performing are performed using a static analysis of the program. Apparatus and program products are also disclosed.

12 Citations

20 Claims

1. An apparatus, comprising:
- one or more memories comprising computer-readable code;
  
  one or more processors,wherein the one or more processors are configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following;
  
  determining modifications have been made to a program;
  
  deriving data flow seeds that are affected by the modifications;
  
  selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
  
  performing a security analysis on the program, wherein the security analysis comprises tracking flows emanating from the selected data flow seeds to sinks terminating the flows; and
  
  outputting results of the security analysis, wherein the results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds,wherein at least the deriving, selecting, and performing are performed using a static analysis of the program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein:
    - selecting comprises selecting the data flow seeds that are affected by the modifications;
      
      performing comprises performing the security analysis on the program to track flows emanating from the data flow seeds that are affected by the modifications to sinks terminating the flows; and
      
      outputting further comprises outputting results comprising one or more indications of security status for one or more of the flows emanating from the data flow seeds that are affected by the modifications.
  - 3. The apparatus of claim 2, wherein the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform, after outputting results of the security analysis, the following:
    - selecting the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
      
      performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications; and
      
      outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 4. The apparatus of claim 3, wherein the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform, after outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications, the following:
    - selecting the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications;
      
      performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications; and
      
      outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications.
  - 5. The apparatus of claim 1, wherein:
    - selecting comprises selecting the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
      
      performing comprises performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications to sinks terminating the flows; and
      
      outputting further comprises outputting results comprising one or more indications of security status for one or more of the flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 6. The apparatus of claim 5, wherein the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following:
    - prior to determining modifications have been made to the program, performing an initial analysis to the program to determine the data flow seeds that are not affected by the modifications.
  - 7. The apparatus of claim 1, wherein the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following by using a static analysis of the program:
    - selecting another one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
      
      performing a security analysis on the program, wherein the security analysis comprises tracking flows emanating from the selected other data flow seeds to sinks terminating the flows; and
      
      outputting results of the subsequent security analysis, wherein the results comprise one or more indications of security status for one or more of the flows emanating from the selected other data flow seeds.
  - 8. The apparatus of claim 1, wherein:
    - the one or more processors are further configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following;
      
      allowing a user to select one or more sub-programs of the program, wherein the one or more subprograms comprise modifications to the program; and
      
      selecting further comprises selecting one of the data flow seeds that are affected by the modifications and that are affected by the selected sub-programs or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and that are not affected by the selected sub-programs.
  - 9. The apparatus of claim 1, wherein selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications further comprises prompting a user to select whether an analysis should be biased in favor of seeds affected by modifications or in favor of seeds not affected by modifications but that are part of flows that are affected by the modifications and, responsive to a user selection, selecting the one of the data flow seeds that are affected by the modifications or the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 10. The apparatus of claim 1, wherein each data flow seed corresponds to a statement in the program reading untrusted user input.

11. A computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by a computing system causing the computing system to perform:
- determining modifications have been made to a program;
  
  deriving data flow seeds that are affected by the modifications;
  
  selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
  
  performing a security analysis on the program, wherein the security analysis comprises tracking flows emanating from the selected data flow seeds to sinks terminating the flows; and
  
  outputting results of the security analysis, wherein the results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds,wherein at least the deriving, selecting, and performing are performed using a static analysis of the program.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer program product of claim 11, wherein;
    - selecting comprises selecting the data flow seeds that are affected by the modifications;
      
      performing comprises performing the security analysis on the program to track flows emanating from the data flow seeds that are affected by the modifications to sinks terminating the flows; and
      
      outputting further comprises outputting results comprising one or more indications of security status for one or more of the flows emanating from the data flow seeds that are affected by the modifications.
  - 13. The computer program product of claim 12, wherein the program code executable by a computing system further causing the computing system to perform, after outputting results of the security analysis:
    - selecting the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
      
      performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications; and
      
      outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 14. The computer program product of claim 13, wherein the program code executable by a computing system further causing the computing system to perform, after outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications:
    - selecting the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications;
      
      performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications; and
      
      outputting results comprising one or more indications of security status for one or more flows corresponding to the data flow seeds that are not affected by the modifications and that are not part of flows that are affected by the modifications.
  - 15. The computer program product of claim 11, wherein:
    - selecting comprises selecting the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications;
      
      performing comprises performing the security analysis on the program to track flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications to sinks terminating the flows; and
      
      outputting further comprises outputting results comprising one or more indications of security status for one or more of the flows emanating from the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 16. The computer program product of claim 15, wherein the program code executable by a computing system further causing the computing system to perform, prior to determining modifications have been made to the program, performing an initial analysis to the program to determine the data flow seeds that are not affected by the modifications.
  - 17. The computer program product of claim 11, wherein the program code executable by a computing system further causing the computing system to perform by a static analysis of the program:
    - selecting another one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are past of flows that are affected by the modifications;
      
      performing a security analysis on the program, wherein the security analysis comprises tracking flows emanating from the selected other data flow seeds to sinks terminating the flows; and
      
      outputting results of the subsequent security analysis, wherein the results comprise one or more indications of security status for one or more of the flows emanating from the selected other data flow seeds.
  - 18. The computer program product of claim 11, wherein:
    - the program code executable by a computing system further causing the computing system to perform;
      
      allowing a user to select one or more sub-programs of the program, wherein the one or more subprograms comprise modifications to the program; and
      
      selecting further comprises selecting one of the data flow seeds that are affected by the modifications and that are affected by the selected sub-programs or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and that are not affected by the selected sub-programs.
  - 19. The computer program product of claim 11, wherein selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications further comprises prompting a user to select whether an analysis should be biased in favor of seeds affected by modifications or in favor of seeds not affected by modifications but that are part of flows that are affected by the modifications and, responsive to a user selection, selecting the one of the data flow seeds that are affected by the modifications or the data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications.
  - 20. The computer program product of claim 11, wherein each data flow seed corresponds to a statement in the program reading trusted user input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Tripp, Omer, Pistoia, Marco, Guarnieri, Salvatore A.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Golriz, Arya

Application Number

US14/025,088
Publication Number

US 20140344939A1
Time in Patent Office

733 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/562   Static detection

G06F 21/563   by source code analysis

G06F 21/577   Assessing vulnerabilities a...

Progressive static security analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Progressive static security analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links