Generating sound and minimal security reports based on static analysis of a program

Assignee

• International Business Machines Corporation · US

Inventors

• Stephen Fink · Yorktown Heights, US
• Yinnon A. Haviv · Kalanswa, IL
• Marco Pistoia · Amawalk, US
• Omer Tripp · Herzliya, IL
• Omri Weisman · Nes Ziona, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F8/77
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method is disclosed that includes, using a static analysis, analyzing a software program to determine a number of paths from sources accepting information to sinks using that information or a modified version of that information and to determine multiple paths from the number of paths. The determined multiple paths have a same transition from an application portion of the software program to a library portion of the software program and require a same downgrading action to address a vulnerability associated with source-sink pairs in the multiple paths. The analyzing includes determining the multiple paths using a path-sensitive analysis. The method includes, for the determined multiple paths, grouping the determined multiple paths into a single representative indication of the determined multiple paths. The method includes outputting the single representative indication. Computer program products and apparatus are also disclosed.