Oracle International Corporation

Yi Lu

Padmanabhan Krishnan

Raghavendra Kagalavadi Ramesh

Nicholas John Allen

Bernhard Friedrich Scholz

Rebecca Jane O'Donoghue

Behnaz Hassanshahi

Sora Bae

Stepan Sindelar

Daniel Wainwright

Michael Reif

Ramesh Raghavendra Kagalavadi

A method may include determining that a source variable receives a source value from a source function, determining that a source statement writes, using the source variable, the source value to a column in a table, and obtaining, for a first sink statement, a first set of influenced variables influenced by the source variable. The method may further include obtaining, for a second sink statement, a second set of influenced variables influenced by the first set of influenced variables, and adding nodes to a trace graph. The method may further include determining that the first sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the first sink statement, and a defect trace using the trace graph.

Detecting second-order security vulnerabilities via modelling information flow through persistent storage

A method may include generating, by performing a full analysis of code and for each component of the code, summaries including: (i) a forward summary including a forward flow and (ii) a backward summary including a backward flow, obtaining a modification to a modified component, determining that one of the summaries for the modified component is invalid, and in response to determining that a summary for the modified component is invalid: obtaining the forward flow from the forward summary of the modified component, obtaining the backward flow from the backward summary of the modified component, generating a local flow by performing an incremental analysis of the modified component using the forward flow of the modified component and the backward flow of the modified component, and detecting a defect in the code using the forward flow of the modified component, the local flow, and the backward flow of the modified component.

Scalable incremental analysis using caller and callee summaries

A method may include determining that a source variable in code receives a source value from a source function specified by a target analysis, determining that a source statement in the code writes, using the source variable, the source value to a column in a table, obtaining, for a sink statement in the code, a set of influenced variables influenced by the source variable, determining that the sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the sink statement.

A method for detecting a defect may include extracting, from application code, a registration of a framework object and a request for the framework object, deriving a synthetic request using the registration and the request, transforming the application code by replacing, by a computer processor, the request with the synthetic request, and detecting the defect by performing a static analysis on the transformed application code.

Deframeworking for static program analysis

A method may include generating, by performing a full analysis of code and for each component of the code, summaries including: a forward summary including a forward flow, and a backward summary including a backward flow, obtaining a modification to a modified component, determining that one of the summaries for the modified component is invalid, and in response to determining that a summary for the modified component is invalid: obtaining the forward flow from the forward summary of the modified component, obtaining the backward flow from the backward summary of the modified component, generating a local flow by performing an incremental analysis of the modified component using the forward flow of the modified component and the backward flow of the modified component, and detecting a defect in the code using the forward flow of the modified component, the local flow, and the backward flow of the modified component.

Embodiments construct a precise and scalable call graph that models potentially incomplete object-oriented program code, including libraries. The call graph encodes the probabilities of call relationships in the graph, where the probabilities are based on context information from the program, and are adjusted based on client configurations. Embodiments derive topics to associate with unknown elements, as well as probabilities for those topics, from declared types of the unknown elements. Configuration information encodes sets of feature conditions that direct the weighting of the unknown element types. As embodiments propagate type tuples through the graph, the probabilities of the types for each node are recalculated based on the type/probability information for the predecessors of the node. Type/probability information joins are necessary for nodes with multiple dependencies, where the manner of the join is configurable by the client.

Probabilistic call-graph construction

A method for points-to program analysis includes extracting a kernel from a program, performing a fixed object sensitive points to analysis of the kernel to obtain fixed analysis results, and assigning, for a first candidate object in the kernel, a first context depth to the first candidate object. The candidate objects are identified using the fixed analysis results. The method further includes assigning, for a second candidate object, a second context depth to the second candidate object. The second context depth is different than the first context depth. The method further includes performing, to obtain selective analysis results, a selective object sensitive points to analysis using the first context depth for the first candidate object and the second context depth for the second candidate object, and performing an action based on the selective analysis results.

Selective object sensitive points-to analysis

A method for using static program analysis for detecting security bugs in application source code including receiving and determining a plurality of variables based on the application source code. The method further includes determining a plurality of information flow relations comprising a source variable and a target variable, determining a confidentiality requirement and a capability for each of the source variables, and determining an integrity requirement and a capability for each of the target variables. The method further includes generating an error report log entry when the capability of the target variable is not greater than and not equal to the confidentiality requirement of the source variable or the capability of the source variable is not greater than and not equal to the integrity requirement of the target variable. The method further includes generating an error report log.

Static program analysis method for detecting security bugs in programs that rely on code access control

A method for analyzing a program may include obtaining the program and obtaining a points-to analysis that may include points-to tuples. The method may further include obtaining a result of a query based on the program. The method may further include extracting a data-flow trace specification that includes flow tuples. Each flow tuple may include a source variable defined in a first method and a sink variable defined in a second method. The method may further include adding, in a recursive manner until a termination condition is triggered, a trace edge to a data-flow trace graph for each points-to tuple of a list of points-to tuples. The respective points-to tuple and a first flow tuple may be used to form a first points-to tuple that is added to the list of points-to tuples. The list of points-to tuples may be initialized to the result of the query.

Scalable provenance generation from points-to information

A method for analyzing a software library may include obtaining the software library, identifying a candidate security-sensitive entity in the software library, and generating a control flow graph that includes execution paths. Each execution path may include a public entry node corresponding to a public entry and a candidate security-sensitive entity node corresponding to the candidate security-sensitive entity. The public entry is a point where an application program external to the software library may access the software library. The method may further include determining whether each execution path in the control flow graph includes a permission check node between the respective public entry node and the candidate security-sensitive entity node in the respective execution path. Each permission check node may correspond to a permission check in the software library. The method may further include classifying, based on the determination, the candidate security-sensitive entity as a security-sensitive entity.

Growing community of inventors

Brisbane, Australia

Yi Lu