Systems and methods for combining static and dynamic code analysis

Assignee

• Symantec Corporation · US

Inventors

• Bruce McCorkendale · Manhattan Beach, US
• Sheng Gong · Beijing, CN
• Wei Guo Eric Hu · Beijing, CN
• Ge Huang · Shanghai, CN
• Jun Mao · Torrance, US
• Qingchun Meng · Beijing, CN
• Xue Tian · Beijing, CN
• Xiaole Zhu · Beijing, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/60
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.