Continuous Flow Analysis to Detect Security Problems
Steven P. Reiss
TL;DR
This paper presents a tool that performs continuous flow analysis during code editing to efficiently detect security vulnerabilities using abstract interpretation, providing immediate feedback and detailed explanations within an IDE.
Contribution
It introduces a novel incremental flow analysis method that balances performance and accuracy for real-time security problem detection during software development.
Findings
Detects security vulnerabilities within seconds
Provides detailed explanations for flagged issues
Integrates seamlessly into the Code Bubbles environment
Abstract
We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type annotations and system states from their sources to security problems. The flow analysis achieves a balance between performance and accuracy in order to detect security vulnerabilities within seconds, and uses incremental update to provide immediate feedback to the programmer. Resource files are used to specify the specific security constraints of an application and to tune the analysis. The system can also provide detailed information to the programmer as to why it flagged a particular problem. The tool is integrated into the Code Bubbles development environment.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Security and Verification in Computing · Web Application Security Vulnerabilities