Mitigating security risks via code movement

Abstract

A method includes performing on a computing system a source-to-sink reachability analysis of code of an application. The reachability analysis is performed using a static analysis of the code and determines flows from sources of information to sinks that use the information. The method includes determining scopes for corresponding security sensitive operations using the determined flows, each of the security sensitive operations corresponding to statements in the code and one or more flows. A scope for a security sensitive operation includes a block of statements in the code that correspond to a set of one or more flows ending at a sink. The method includes, for each of one or more selected scopes, moving statements in a corresponding block of statements that are independent of a security sensitive operation in the block to code before or after the block. Apparatus and program products are also disclosed.

Description

BACKGROUND[0001]This invention relates generally to analysis of application code and, more specifically, relates to mitigating security risks via code movement.[0002]This section is intended to provide a background or context to the invention disclosed below. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented or described. Therefore, unless otherwise explicitly indicated herein, what is described in this section is not prior art to the description in this application and is not admitted to be prior art by inclusion in this section. Acronyms that appear in the text or drawings are defined below, prior to the claims.[0003]Web applications, as well as web services, are continuously exposed to security threats. These include (i) injection attacks, where a malicious user injects malicious code into the application through web parameters, database hijacking, and the like, (ii) information leakage...

AI Technical Summary

Problems solved by technology

Web applications, as well as web services, are continuously exposed to security threats.

These include (i) injection attacks, where a malicious user injects malicious code into the application through web parameters, database hijacking, and the like, (ii) information leakage, where the application leaks confidential data, and (iii) denial-of-service and other attacks.

However, a wide range of security threats typically lie outside the scope of static security analysis, being too complex to reason about statically.

In rare situations, usually due to application errors, session data intended for one client might be seen by another client.

As another example, IIS (a web server application and set of feature extension modules) was also found to be vulnerable to a sophisticated remote-code-execution attack that is hard to uncover using static analysis.

The growing need to protect web applications against threats like the above, which lie outside the scope of existing static security-scanning solutions—where the focus is on unchecked data flows from “sources” (statements reading (untrusted) user-provided input) to “sinks” (security-sensitive operations)—has not yet been addressed by commercial security tools.

Images