Abstract: A disclosed method includes determining modifications have been made to a program and deriving data flow seeds that are affected by the modifications. The method includes selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and performing a security analysis on the program. The security analysis includes tracking flows emanating from the selected data flow seeds to sinks terminating the flows. The method includes outputting results of the security analysis. The results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds. At least the deriving, selecting, and performing are performed using a static analysis of the program. Apparatus and program products are also disclosed.

Abstract: An exemplary apparatus and computer program product are disclosed which employ a method that includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis.

Abstract: An exemplary method includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis. Apparatus and program products are also disclosed.

Abstract: A method of static source code analysis is provided. A forward search of source code is performed from each of a plurality of source nodes. A backward search of source code is performed from each of a plurality of sink nodes, wherein the forward search and the backward search are performed in parallel simultaneously. The progress of the forward search and the backward search are monitored to determine if the searches intersect at a common node. A vulnerability alert is generated when the monitoring determines that a forward search and a backward search reach a common node.

Abstract: A disclosed method includes accessing one or more seeding specifications and a program including computer-readable code and applying the one or more seeding specifications to the program to identify for analysis seeds including strings for corresponding identified string variables. The method includes tracking flows emanating from the identified seeds. The tracking includes computing an integral offset into a tracked string variable for any statements causing such a computation. The tracking also includes providing a string representation based on the computed integral offset, wherein the provided string representation comprises a value of the integral offset and an indication of the corresponding tracked string variable. The tracking further includes modeling string manipulations of the tracked string variables using the string representations. Apparatus and program products are also disclosed.

Abstract: Systems for automatic correction of security downgraders include a security analysis module configured to perform a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; and an enhancer module configured to locate candidate downgraders on the flows, to determine whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow, and to transform candidate downgraders that do not protect against all of the associated vulnerabilities such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: Methods and systems for automatic correction of security downgraders includes performing a security analysis that disregards existing user-provided downgraders to detect flows that are vulnerable; locating candidate downgraders on the flows; determining whether each of the candidate downgraders protects against all vulnerabilities associated with each downgrader's respective flow; and transforming candidate downgraders that do not protect against all of the associated vulnerabilities, such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: A method includes performing on a computing system a source-to-sink reachability analysis of code of an application. The reachability analysis is performed using a static analysis of the code and determines flows from sources of information to sinks that use the information. The method includes determining scopes for corresponding security sensitive operations using the determined flows, each of the security sensitive operations corresponding to statements in the code and one or more flows. A scope for a security sensitive operation includes a block of statements in the code that correspond to a set of one or more flows ending at a sink. The method includes, for each of one or more selected scopes, moving statements in a corresponding block of statements that are independent of a security sensitive operation in the block to code before or after the block. Apparatus and program products are also disclosed.

Abstract: A method includes performing on a computing system a source-to-sink reachability analysis of code of an application. The reachability analysis is performed using a static analysis of the code and determines flows from sources of information to sinks that use the information. The method includes determining scopes for corresponding security sensitive operations using the determined flows, each of the security sensitive operations corresponding to statements in the code and one or more flows. A scope for a security sensitive operation includes a block of statements in the code that correspond to a set of one or more flows ending at a sink. The method includes, for each of one or more selected scopes, moving statements in a corresponding block of statements that are independent of a security sensitive operation in the block to code before or after the block. Apparatus and program products are also disclosed.

Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.

Abstract: A method includes determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The method further includes outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions. Apparatus, computer programs, and program products are also disclosed.

Abstract: Methods and systems for security analysis of an application are disclosed. In accordance with one method, a flow-insensitive analysis is conducted on the application to obtain a set of potential vulnerabilities in the application. For each of the potential vulnerabilities, a relevant set of control flows that include the respective vulnerability is determined. Further, for each relevant set of control flows, a flow-sensitive analysis of at least one of the control flows in the corresponding relevant set is performed by a hardware processor to assess the validity of the respective vulnerability.

Abstract: An apparatus is disclosed including one or more memories including computer-readable program code and one or more processors. The one or more processors, in response to execution of the computer-readable program code, cause the apparatus to track, using a data flow model of a program suitable for taint analysis of the program, information from sources of taint to entities in a heap using a model of the heap based on the program. The tracking is performed so that the information is relevant for taint propagation and is performed in a manner that is field-sensitive for the entities in the heap. The one or more processors in response to execution of the computer-readable program code cause the apparatus to perform, based on output of the tracking, the operation of performing data-flow analysis to determine taint flow from the sources of the taint through data flow paths to sinks using the taint.

Abstract: A method is disclosed that includes, using a data flow model of a program suitable for taint analysis of the program, tracking information from sources of taint to entities in a heap using a model of the heap based on the program. The tracking is performed so that the information is relevant for taint propagation and is performed in a manner that is field-sensitive for the entities in the heap. The method includes, based on output of the tracking, performing data-flow analysis to determine taint flow from the sources of the taint through data flow paths to sinks using the taint.

Abstract: A method of static source code analysis is provided. A forward search of source code is performed from each of a plurality of source nodes. A backward search of source code is performed from each of a plurality of sink nodes, wherein the forward search and the backward search are performed in parallel simultaneously. The progress of the forward search and the backward search are monitored to determine if the searches intersect at a common node. A vulnerability alert is generated when the monitoring determines that a forward search and a backward search reach a common node.

Abstract: A method of static source code analysis is provided. A forward search of source code is performed from each of a plurality of source nodes. A backward search of source code is performed from each of a plurality of sink nodes, wherein the forward search and the backward search are performed in parallel simultaneously. The progress of the forward search and the backward search are monitored to determine if the searches intersect at a common node. A vulnerability alert is generated when the monitoring determines that a forward search and a backward search reach a common node.

Abstract: Systems for server security verification include a report validation module configured to acquire a public key associated with a received report, where the received report was generated at a server, to decrypt the received report using the public key, and to determine a level of server-side security based on the decrypted report; and a processor configured to reconfigure a browser responsive to the determined level of server-side security.

Abstract: Systems for constructing hybrid string representations include a string parser configured to parse received string information to produce one or more string components, a database configured to store a set of known concretizations, and a processor configured to compare the one or more string components to the set of known concretizations to determine string components that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

Abstract: Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

Abstract: An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified.