Systems, methods and computer program products for string analysis with security labels for vulnerability detection

Assignee

• International Business Machines Corporation · US

Inventors

• Kouichi Ono · Amagasaki, JP
• Mika Saito · Kashiwazaki, JP
• Naoshi Tabuchi · Machida, JP
• Takaaki Tateishi · Yamato, JP

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/577
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Systems, methods and computer program products for string analysis with security labels for vulnerability detection. Exemplary embodiments include a method in a computer system configured to analyze security-labeled strings and to detect vulnerability, the method including receiving a program with security labels, translating the program into a static single assignment form, constructing a control flow graph having basic blocks as nodes, extracting instructions relating to string functions and object variables, calculating pre-conditions of variables for the basic blocks, extracting constraints among the variables subject to a rule set for translating pre-conditions, solving the constraints and obtaining a set of strings that he object variables form as a context-free grammar to obtain a set of security-labeled strings, checking if the set of security-labeled strings satisfies a rule of the rule set for translating pre-conditions and identifying locations in the program where a vulnerability is detected.