International Business Machines Corporation
Identifying computer program security access control violations using static analysis

Abstract:

Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.