Security cloud service framework for hardening in the field code of mobile software applications

US 10,181,029 B1
Filed: 11/17/2017
Issued: 01/15/2019
Est. Priority Date: 02/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a cloud service framework, an application via a user interface over a network;

translating, by the cloud service framework, the application from a first level of code to a second level of code different than the first level of code;

generating, by the cloud service framework, a representation of the code of the application, the representation defines specific states of the application and stimuli needed to cause a transition from one application state to another application state;

determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors; and

instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for hardening in the field code of mobile software applications is described that includes receiving, by a cloud service framework, an application via a user interface over a network. The method also includes generating, by the cloud service framework, a representation of the code of the application and determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors. The method also includes instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.

451 Citations

30 Claims

1. A method, comprising:
- receiving, by a cloud service framework, an application via a user interface over a network;
  
  translating, by the cloud service framework, the application from a first level of code to a second level of code different than the first level of code;
  
  generating, by the cloud service framework, a representation of the code of the application, the representation defines specific states of the application and stimuli needed to cause a transition from one application state to another application state;
  
  determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors; and
  
  instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the translating of the application includes translating executable or object code into a Java-based code.
  - 3. The method of claim 1, wherein the translating of the application from the first level of code to the second level of code is performed prior to the generating of the representation.
  - 4. The method of claim 1, wherein the first level of code is executable code.
  - 5. The method of claim 1, wherein the instrumenting of the application is performed at the second level of code.
  - 6. The method of claim 1, wherein the application is Java®
    - byte code prior to generating the representation of the code of the application.
  - 7. The method of claim 1, wherein the instrumenting prevents the instrumented application from accessing sensitive information.
  - 8. The method of claim 1, further comprising:
    - instantiating, by the cloud service framework, the application in a virtual machine of a run time environment, wherein the determining of the changes to the code is further based at least in part on one or more observations made during processing of the application in the virtual machine.
  - 9. The method of claim 1, wherein the representation describes states and state transitions of the application.
  - 10. The method of claim 1, wherein the instrumenting prevents the application from sending sensitive information externally from a mobile device on which the instrumented application is executed.
  - 11. The method of claim 1, wherein the instrumenting prevents the instrumented application from engaging in a particular type of communication session.

12. A security cloud service system for hardening an application, the system comprising:
- one or more hardware processors associated with cloud storage; and
  
  a cloud storage medium communicatively coupled to the one or more hardware processors, and having stored thereon;
  
  a central intelligence unit configured to (i) receive the application via a user interface over a network, (ii) translate the application from a first level of code to a second level of code different than the first level of code, (iii) identify one or more unwanted behaviors of the application based at least in part on an analysis of a representation of the application, and (iv) determine changes to code of the application, wherein the changes to the code preclude the application from performing the one or more unwanted behaviors, anda static instrumentation engine in communication with the central intelligence unit, the static instrumentation engine being configured to (i) generate the representation of the application that defines specific states of the application and stimuli needed to cause a transition from one application state to another application state, and (ii) based on the representation, instrument the application with the changes to the code so that the application is precluded from performing the one or more unwanted behaviors.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the central intelligence unit is further configured to translate the application from the first level of code being an executable or object code to the second level of code being a version of Java®
    - byte code.
  - 14. The system of claim 12, wherein translating of the application from the first level of code to the second level of code is performed prior to generating of the representation.
  - 15. The system of claim 12, wherein the first level of code is executable code.
  - 16. The system of claim 12, wherein instrumenting the application is performed at the second level of code.
  - 17. The system of claim 12, wherein the application is received as Java®
    - byte code prior to generating the representation of the code of the application.
  - 18. The system of claim 12, wherein instrumenting the application (i) prevents the instrumented application from accessing sensitive information, (ii) prevents the application from sending sensitive information externally from a mobile device on which the instrumented application is executed, or (iii) prevents the instrumented application from engaging in a particular type of communication session.
  - 19. The system of claim 12, further comprising:
    - a run time environment in communication with the central intelligence unit and the static instrumentation engine and including a virtual machine, the run time environment being configured to instantiate the application in the virtual machine, wherein determining of the changes to the code is further based at least in part on one or more observations made during processing of the application in the virtual machine.
  - 20. The system of claim 12, wherein the representation describes states and state transitions of the application.
  - 21. The system of claim 12, wherein the security cloud service system is communicatively coupled to a network device via the network, and wherein the user interface is configured to be displayed on the network device.

22. A non-transitory computer-readable medium having stored thereon logic, the logic being executable by one or more processors to perform operations including:
- receiving, by a cloud service framework, an application via a user interface over a network;
  
  translating, by the cloud service framework, the application from a first level of code to a second level of code different than the first level of code;
  
  generating, by the cloud service framework, a representation of the code of the application, the representation defines specific states of the application and stimuli needed to cause a transition from one application state to another application state;
  
  determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors; and
  
  instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The computer-readable medium of claim 22, wherein the translating of the application from the first level of code to the second level of code includes translating executable or object code into a Java-based code.
  - 24. The computer-readable medium of claim 22, wherein the translating of the application from the first level of code to the second level of code is performed prior to the generating of the representation.
  - 25. The computer-readable medium of claim 22, wherein the first level of code is executable code.
  - 26. The computer-readable medium of claim 22, wherein the instrumenting of the application is performed at the second level of code.
  - 27. The computer-readable medium of claim 22, wherein the application is Java®
    - byte code prior to generating the representation of the code of the application.
  - 28. The computer-readable medium of claim 22, wherein the instrumenting (i) prevents the instrumented application from accessing sensitive information, (ii) prevents the application from sending sensitive information externally from a mobile device on which the instrumented application is executed, or (iii) prevents the instrumented application from engaging in a particular type of communication session.
  - 29. The computer-readable medium of claim 22, further comprising:
    - instantiating, by the cloud service framework, the application in a virtual machine of a run time environment, wherein the determining of the changes to the code is further based at least in part on one or more observations made during processing of the application in the virtual machine.
  - 30. The computer-readable medium of claim 22, wherein the representation describes states and state transitions of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fireeye Security Holdings US LLC
Original Assignee
FireEye, Inc.
Inventors
Ismael, Osman Abdoul, Song, Dawn, Aziz, Ashar, Johnson, Noah, Mettler, Adrian Matthew
Primary Examiner(s)
Reza, Mohammad W

Application Number

US15/816,996
Time in Patent Office

424 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G06F 21/54 by adding security routines...

Security cloud service framework for hardening in the field code of mobile software applications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

451 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Security cloud service framework for hardening in the field code of mobile software applications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

451 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links