Inferring security-sensitive entities in libraries

Assignee

• Oracle International Corporation · US

Inventors

• Yi Lu · Taoyuan, TW
• Padmanabhan Krishnan · Brisbane, AU
• Raghavendra Kagalavadi Ramesh · Nathan Heights, AU
• Sora Bae · Wellers Hill, AU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/57
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method for analyzing a software library may include obtaining the software library, identifying a candidate security-sensitive entity in the software library, and generating a control flow graph that includes execution paths. Each execution path may include a public entry node corresponding to a public entry and a candidate security-sensitive entity node corresponding to the candidate security-sensitive entity. The public entry is a point where an application program external to the software library may access the software library. The method may further include determining whether each execution path in the control flow graph includes a permission check node between the respective public entry node and the candidate security-sensitive entity node in the respective execution path. Each permission check node may correspond to a permission check in the software library. The method may further include classifying, based on the determination, the candidate security-sensitive entity as a security-sensitive entity.