Traditional code analysis tools may implement either static or dynamic analysis to evaluate code for compliance with data loss prevention policies. Each type of analysis has various advantages and disadvantages. For example, dynamic code analysis may be able to detect leakage of sensitive data through network traffic and application programming interface call traces, but dynamic analysis may be resource intensive and cannot always determine the original source of the sensitive data. Static analysis may be more efficient than dynamic analysis and may be able to identify execution paths that can directly result in information leakage, but static analysis may not be able to determine the fate of sensitive data that is written to local files, placed on the clipboard, or is otherwise made available via inter-process communication mechanisms.
Both static and dynamic analysis may be ineffective in detecting data leaking in certain situations. For example, both static and dynamic analysis may fail to detect data leakage that occurs as a result of complex interactions between multiple applications or within a single application. What is needed, therefore, is a more efficient and effective mechanism for analyzing code to determine whether the code is capable of leaking sensitive data.