Fusion is an innovative next generation technology from iAppSecure which radically changes the way applications are assessed. Fusion is the primary research technology at iAppSecure.
Based on a subset of technologies from Fusion is Fusion Lite, which, with its deep instrumentation technology, gives an amazing insight into the internals of an application enabling smarter and deeper application analysis.
Higher Level Design of Fusion Technology
Fusion Technology Overview
Fusion is an innovative next generation technology from iAppSecure which radically changes the way applications are assessed.
At the core of Fusion is its intelligent multi-way coordination and orchestration across advanced static, dynamic and instrumentation technologies. The Fusion Analyzer uses observations and analysis from each of these technologies to continuously learn and refine the understanding of application and its behavior as well as to intelligently coordinate and steer the further functioning of these technologies.
This novel approach, along with many other innovative technologies, allows it to take the power of static, dynamic and instrumentation technologies far beyond a simple sum of benefits that these technologies can offer in isolation or even with current hybrid or combination approaches. The intelligent multi-way coordination and orchestration also allows Fusion, as a complete system, to overcome many of the weaknesses inherent with each of these technologies.
Fusion begins by building an accurate model of the application and performs an initial analysis on it. However, this model and preliminary analysis only serve as an initial representation of the application. Fusion then intelligently instruments the application based on the analysis. These steps lay the foundation for multi-way coordination and orchestration across all the technologies.
During multi-way coordination and orchestration, events such as execution of a use case trigger an iterative process within the system controlled by Fusion Analyzer. The information and events received from the technologies are used to both refine a multi-dimensional model representing the knowledge and behavior of the application as well as to drive the technologies further by sending information and events to them and again the information and events received as a result are used to further trigger the entire process until no further refinement of the model is observed. This process can be highly iterative.
The ability to continuously observe, analyze and coordinate these technologies enables continuous refinement of the model representing the knowledge and behavior of the application. This enables a smarter, deeper and accurate detection of vulnerabilities and weaknesses in the application.
The capability of Fusion Analyzer to transparently fuse these technologies in a unified context gives a tremendous advantage over current hybrid or combination approaches. This is possible because all the technologies are “live” at the same time and are able to continuously contribute during analysis. This in-context analysis along with advanced visualizations also strengthens the ability of an application security professional in detection of vulnerabilities possible only with human expertise.
All the technologies and components (such as static, dynamic and instrumentation) in Fusion are specially designed from the ground up to participate in this larger orchestration process. Thus, their design is quite different from those of standalone technologies giving them a distinct advantage. They all operate seamlessly in a coordinated environment by sending as well as receiving information and events to and from Fusion Analyzer. Also, a powerful and expressive rule language is used to combine the best of both worlds – static and dynamic (symbolic and concrete).
The intelligent multi-way coordination and orchestration from Fusion opens up a world of possibilities resulting in much smarter analysis not only improving individual analyzers but the entire system. The static analyzer becomes far more accurate with innovative Guided Static Analysis (GSA) technologies such as Execution Field Analysis (EFA) and Lateral Relation Analysis (LRA). The capabilities of instrumentation are vastly expanded with technologies such as Remote Object Analysis (ROA), Differential Snapshot Analysis (DSA) and Value Hopping Analysis (VHA). The coordinated analysis as well as negative or positive findings makes the dynamic analyzer smarter and efficient by eliminating guesswork, trial and error or symptom based detection in most cases.
Fusion Lite uses a subset of technologies from Fusion, the primary research technology at iAppSecure. It is the beginning of an exciting new approach with lots of possibilities.