Invention Grant
- Patent Title: Hybrid analysis of vulnerable information flows
- Patent Title (中): 脆弱信息流的混合分析
-
Application No.: US13731170Application Date: 2012-12-31
-
Publication No.: US08869287B2Publication Date: 2014-10-21
- Inventor: Evgeny Beskrovny , Adi Sharabani , Omer Tripp
- Applicant: International Buisness Machines Corporation
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Cuenot, Forsythe & Kim, LLC
- Main IPC: G06F21/57
- IPC: G06F21/57
Abstract:
Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.
Public/Granted literature
- US20140189874A1 HYBRID ANALYSIS OF VULNERABLE INFORMATION FLOWS Public/Granted day:2014-07-03
Information query
