Continuous Flow Analysis to Detect Security Problems
This addresses security issues for software developers by enabling real-time vulnerability detection during development, though it appears incremental as it builds on existing analysis techniques.
The paper tackles the problem of detecting security vulnerabilities during code editing by introducing a tool that uses continuous flow analysis with abstract interpretation, achieving detection within seconds and providing immediate feedback to programmers.
We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type annotations and system states from their sources to security problems. The flow analysis achieves a balance between performance and accuracy in order to detect security vulnerabilities within seconds, and uses incremental update to provide immediate feedback to the programmer. Resource files are used to specify the specific security constraints of an application and to tune the analysis. The system can also provide detailed information to the programmer as to why it flagged a particular problem. The tool is integrated into the Code Bubbles development environment.