Systems and methods for combining static and dynamic code analysis
First Claim
1. A computer-implemented method for combining static and dynamic code analysis, at least a portion of the method being performed by a computing system comprising at least one computer processor, the method comprising:
- identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data;
performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data by;
identifying one or more application programming interfaces capable of accessing sensitive data, andidentifying one or more code paths capable of leaking sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code;
using a result of the static analysis to tune a dynamic analysis by instrumenting the executable code to track access to the one or more objects identified during the static analysis, wherein instrumenting the executable code comprises hooking the one or more application programming interfaces;
performing the dynamic analysis by, while the executable code is being executed, activating analysis within the one or more application programming interface hooks to analyze the one or more code paths capable of leaking sensitive data to determine whether the executable code leaks sensitive data via the one or more objects.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.
259 Citations
20 Claims
-
1. A computer-implemented method for combining static and dynamic code analysis, at least a portion of the method being performed by a computing system comprising at least one computer processor, the method comprising:
-
identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data; performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data by; identifying one or more application programming interfaces capable of accessing sensitive data, and identifying one or more code paths capable of leaking sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code; using a result of the static analysis to tune a dynamic analysis by instrumenting the executable code to track access to the one or more objects identified during the static analysis, wherein instrumenting the executable code comprises hooking the one or more application programming interfaces; performing the dynamic analysis by, while the executable code is being executed, activating analysis within the one or more application programming interface hooks to analyze the one or more code paths capable of leaking sensitive data to determine whether the executable code leaks sensitive data via the one or more objects. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for combining static and dynamic code analysis, the system comprising:
-
an identification module programmed to identify executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data; a static analyzer programmed to perform a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data by; identifying one or more application programming interfaces capable of accessing sensitive data, and identifying one or more code paths capable of leaking sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code; a tuning module programmed to use a result of the static analysis to tune a dynamic analysis by instrumenting the executable code to track access to the one or more objects identified during the static analysis, wherein instrumenting the executable code comprises hooking the one or more application programming interfaces; a dynamic analyzer programmed to perform the dynamic analysis by, while the executable code is being executed, activating analysis within the one or more application programming interface hooks to analyze the one or more code paths capable of leaking sensitive data to determine whether the executable code leaks sensitive data via the one or more objects; at least one computer processor configured to execute the identification module, the static analyzer, the tuning module, and the dynamic analyzer. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data; perform a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data by; identifying one or more application programming interfaces capable of accessing sensitive data, and identifying one or more code paths capable of leaking sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code; use a result of the static analysis to tune a dynamic analysis by instrumenting the executable code to track access to the one or more objects identified during the static analysis, wherein instrumenting the executable code comprises hooking the one or more application programming interfaces; perform the dynamic analysis by, while the executable code is being executed, activating analysis within the one or more application programming interface hooks to analyze the one or more code paths capable of leaking sensitive data to determine whether the executable code leaks sensitive data via the one or more objects. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification