Abstract: A security analysis of an application is performed by encoding predicates during a first operation by asserting a set of data flow facts comprising a mapping from a variable to a security-relevant substring of a string of the application. A respective truth value is associated with each data flow fact of the set of data flow facts. The set of data flow facts and each truth value are stored in a tangible computer-readable memory device. The truth value of at least one data flow fact of the set of data flow facts is updated in at least one subsequent operation using a set of abstract transformers to eliminate or reduce a security vulnerability in the application.

Abstract: An improved static program analysis procedure is provided by formulating a set of seeding configurations, and selecting a subset of queries posed by the static program analysis procedure. In response to one or more queries of the subset of queries being answered positively under at least one configuration of the set of seeding configurations, the one or more queries are determined to be valid queries. Each query of the valid queries is evaluated under each configuration of the set of seeding configurations to determine an accuracy score for each seeding configuration. A seeding configuration having a highest accuracy score is selected as a tool configuration to be used with the static program analysis procedure.

Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.

Abstract: A security analysis of an application is performed by encoding predicates during a first operation by asserting a set of data flow facts comprising a mapping from a variable to a security-relevant substring of a string of the application. A respective truth value is associated with each data flow fact of the set of data flow facts. The set of data flow facts and each truth value are stored in a tangible computer-readable memory device. The truth value of at least one data flow fact of the set of data flow facts is updated in at least one subsequent operation using a set of abstract transformers to eliminate or reduce a security vulnerability in the application.

Abstract: An improved static program analysis procedure is provided by formulating a set of seeding configurations, and selecting a subset of queries posed by the static program analysis procedure. In response to one or more queries of the subset of queries being answered positively under at least one configuration of the set of seeding configurations, the one or more queries are determined to be valid queries. Each query of the valid queries is evaluated under each configuration of the set of seeding configurations to determine an accuracy score for each seeding configuration. A seeding configuration having a highest accuracy score is selected as a tool configuration to be used with the static program analysis procedure.

Abstract: Methods for creating a hybrid string representation include determining string components from input string information that may be represented concretely by comparing the one or more components to a set of known concretizations using a processor. The set of known concretizations includes string configurations that cannot be interfered with by an attacker. All string components that could not be represented concretely are abstracted. A hybrid string representation is created that includes at least one concrete string component and at least one abstracted string component.

Abstract: A hybrid string constructor includes a database configured to store a set of known concretizations. A processor is configured to compare the one or more string components to the set of known concretizations to determine string components from input string information that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component. The set of known concretizations includes string configurations that cannot be interfered with by an attacker.

Abstract: A hybrid string constructor includes a database configured to store a set of known concretizations. A processor is configured to compare the one or more string components to the set of known concretizations to determine string components from input string information that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component. The set of known concretizations includes string configurations that cannot be interfered with by an attacker.

Abstract: Methods for creating a hybrid string representation include determining string components from input string information that may be represented concretely by comparing the one or more components to a set of known concretizations using a processor. The set of known concretizations includes string configurations that cannot be interfered with by an attacker. All string components that could not be represented concretely are abstracted. A hybrid string representation is created that includes at least one concrete string component and at least one abstracted string component.

Abstract: A computer program to be subjected to static analysis includes at least one framework, in turn including high-level code and at least one configuration file. A specification which describes run-time behavior of the program, including run-time behavior of the at least one framework including the high-level code and the at least one configuration file, is created from the computer program. Based on the specification, synthetic high-level code which accurately simulates the run-time behavior of the at least one framework including the high-level code and the at least one configuration file, without framework usage, is created. Static analysis of the computer program is carried out based on the synthetic high-level code.

Abstract: Systems for constructing hybrid string representations include a string parser configured to parse received string information to produce one or more string components, a database configured to store a set of known concretizations, and a processor configured to compare the one or more string components to the set of known concretizations to determine string components that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

Abstract: Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

Abstract: Methods and systems for automatic correction of security downgraders. For one or more flows having one or more candidate downgraders, it is determined whether each candidate downgrader protects against all vulnerabilities associated with the candidate downgrader's respective flow. Candidate downgraders that do not protect against all of the associated vulnerabilities are transformed, such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.

Abstract: Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.

Abstract: A method includes mapping, based on a first mapping from possible security findings to possible configuration-related sources of imprecision, actual security findings from a static analysis of a program to corresponding configuration-related sources of imprecision, the mapping of the actual security findings creating a second mapping. A user is requested to configure selected ones of the configuration-related sources of imprecision from the second mapping. Responsive to a user updating configuration corresponding to the selected ones of the configuration-related sources of imprecision, security analysis results are updated for the static analysis of the program at least by determining whether one or more security findings from the security analysis results are no longer considered to be vulnerable based on the updated configuration by the user. The updated security analysis results are output. Apparatus and program products are also disclosed.

Abstract: An exemplary apparatus and computer program product are disclosed which employ a method that includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis.

Abstract: Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: An exemplary method includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis. Apparatus and program products are also disclosed.