Continuous Flow Analysis to Detect Security Problems

09/30/2019
by   Steven P. Reiss, et al.
0

We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type annotations and system states from their sources to security problems. The flow analysis achieves a balance between performance and accuracy in order to detect security vulnerabilities within seconds, and uses incremental update to provide immediate feedback to the programmer. Resource files are used to specify the specific security constraints of an application and to tune the analysis. The system can also provide detailed information to the programmer as to why it flagged a particular problem. The tool is integrated into the Code Bubbles development environment.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 9

03/23/2021

PSIMiner: A Tool for Mining Rich Abstract Syntax Trees from Code

The application of machine learning algorithms to source code has grown ...
03/17/2021

Code Completion by Modeling Flattened Abstract Syntax Trees as Graphs

Code completion has become an essential component of integrated developm...
06/24/2021

An implementation of flow calculus for complexity analysis (tool paper)

Abstract. We present a tool to automatically perform the data-size analy...
04/16/2021

SecDocker: Hardening the Continuous Integration Workflow

Current Continuous Integration processes face significant intrinsic cybe...
08/26/2017

Fast and Precise Type Checking for JavaScript

In this paper we present the design and implementation of Flow, a fast a...
08/01/2019

A compression based framework for the detection of anomalies in heterogeneous data sources

Nowadays, information and communications technology systems are fundamen...
12/23/2019

Deeply Integrating C11 Code Support into Isabelle/PIDE

We present a framework for C code in C11 syntax deeply integrated into t...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.