The present invention, in some embodiments thereof, relates to dynamically analyzing a data flow of a dynamic language program to determine access rights to data items, and, more specifically, but not exclusively, to dynamically analyzing a data flow of a dynamic language program to determine access rights to data items to address data security aspects.
Data and/or information may be a fundamental aspect for many systems, platforms and/or organizations and preventing misuse and/or distribution of data is crucial. Therefore handling data and more specifically protecting data from leaking to undesired parties is a major concern especially as information systems are rapidly evolving, in particular distributed data systems, for example, cloud services.
Growing numbers of organizations are transitioning to become cloud oriented increasing the complexity and susceptibility of the data/information as multiple processes and/or services may request access to the various data/information sources within the organization. The processes and/or services may transfer and/or distribute the data/information outside the boundaries of the organization and/or to unauthorized parties and may thus compromise the data/information. Moreover, organizational and/or governmental regulations may impose further constraints on use and/or distribution of the data/information, for example, inside the organization versus outside the organizations and/or with respect to physical boundaries to contain the data/information.
Data flow analysis is one way to tackle the information security risk as it may allow monitoring the flow of information throughout program execution and gather data related insights which can be useful in a variety of scenarios, specifically with respect to data misuse and/or distribution. Current data flow analyses are mostly based on statics analysis, for example, point-to analysis and reaching definition.
The high spread of dynamic, scripting and/or reflective languages present further challenges in computer science in general and in information security in particular. The dynamic languages, for example, JavaScript, Ruby and/or Perl may employ dynamic execution which is very different from previous programming languages. Program objects such as, for example, variables, arrays and/or functions may be dynamically constructed, converted, re-assigned and/or destroyed. The dynamic nature of the dynamic languages makes the data analysis and/or data tracking a challenging task.