Intercepting and injecting calls into operations and objects

US 10,216,488 B1
Filed: 03/14/2016
Issued: 02/26/2019
Est. Priority Date: 03/14/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying, within a set of source code instructions requested by a client computer, one or more first instructions that cause assignment of a literal to a variable when executed;

generating one or more additional instructions including a function that returns the literal when the one or more additional instructions are executed;

generating one or more second instructions by combining the one or more first instructions and the one or more additional instructions such that the variable is assigned the literal only when the one or more additional instructions execute and return the literal on the client computer;

generating a transformed set of source code instructions by replacing the one or more first instructions with the one or more second instructions in the set of source code instructions; and

transmitting the transformed set of source code instructions to the client computer;

wherein execution of the transformed set of source code on the client computer without executing the one or more second instructions results in unpredictable source code due to the variable being undefined;

wherein the method is performed by one or more computing devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a remote client computer, and comprising, using an intermediary computer that is topologically interposed between the server computer and the remote client computer is provided. The intermediary computer is configured to intercept a first set of source code instructions from the server computer. The intermediary computer identifies first party operations that include operations on objects and the objects themselves. The intermediary computer identifies a first set of operations within the first party operations that are configured to define values for one or more objects based on one or more constants. The intermediary computer then generates a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer. The intermediary computer transforms the first party operations into transformed first party operations by substituting the first set of operations with the second set of operations. The intermediary computer generates a second set of source code instructions that are based on the first set of source code instructions and the transformed first party operations. The intermediary computer then sends the second set of source code instructions to the client computer.

97 Citations

View as Search Results

22 Claims

1. A computer-implemented method comprising:
- identifying, within a set of source code instructions requested by a client computer, one or more first instructions that cause assignment of a literal to a variable when executed;
  
  generating one or more additional instructions including a function that returns the literal when the one or more additional instructions are executed;
  
  generating one or more second instructions by combining the one or more first instructions and the one or more additional instructions such that the variable is assigned the literal only when the one or more additional instructions execute and return the literal on the client computer;
  
  generating a transformed set of source code instructions by replacing the one or more first instructions with the one or more second instructions in the set of source code instructions; and
  
  transmitting the transformed set of source code instructions to the client computer;
  
  wherein execution of the transformed set of source code on the client computer without executing the one or more second instructions results in unpredictable source code due to the variable being undefined;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein generating the one or more second instructions comprises applying one or more obfuscation transformations to the one or more first instructions before combining the one or more first instructions within the one or more additional instructions.
  - 3. The computer-implemented method of claim 2,wherein the one or more second instructions include a first modification expression configured to set the variable to a second value and a second modification expression configured to modify the second value of the variable to the literal.
  - 4. The computer-implemented method of claim 3,wherein the first modification expression is configured to apply encryption to the literal;
    - andwherein the second modification expression is configured to apply decryption to the second value of the variable.
  - 5. The computer-implemented method of claim 1, wherein the one or more second instructions comprise an Immediately Invoked Function Expression (IIFE) that executes the one or more additional instructions that invoke one or more additional operations.
  - 6. The computer-implemented method of claim 1, wherein the one or more additional instructions define one or more supervisor operations designed to track invocation of one or more base operations, wherein the one or more supervisor operations are defined in the browser when the transformed set of source code instructions is executed on the client computer.
  - 7. The computer-implemented method of claim 1,wherein the one or more additional instructions define one or more supervisor operations designed to track one or more calls to a specific function that is defined by a runtime environment;
    - andwherein the one or more second instructions, when executed in the runtime environment on the client computer, cause;
      
      sending a set of telemetry data indicating that the specific function call was made.
  - 8. The computer-implemented method of claim 7, further comprising:
    - receiving, from the client computer, the set of telemetry data;
      
      storing the set of telemetry data which indicates that one or more calls were made to the specific function.
  - 9. The computer-implemented method of claim 8, further comprising analyzing the frequency and origin of the one or more calls to the specific function.
  - 10. The computer-implemented method of claim 1,wherein the one or more second instructions comprise a statement defining a closure having a body that is configured to return the literal when after invocation of the closure when the one or more second instructions are executed by the client computer.
  - 11. The computer-implemented method of claim 10, wherein the statement comprises a JavaScript IIFE.

12. A computer system comprising:
- one or more hardware processors;
  
  a memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to;
  
  identify, within a set of source code instructions requested by a client computer, one or more first instructions that cause assignment of a literal to a variable when executed;
  
  generating one or more additional instructions including a function that return the literal when the one or more additional instructions are executed;
  
  generate one or more second instructions by combining the one or more first instructions and the one or more additional instructions such that the variable is assigned the literal only when the one or more additional instructions execute and return the literal on the client computer;
  
  generate a transformed set of source code instructions by replacing the one or more first instructions with the one or more second instructions in the set of source code instructions; and
  
  transmit the transformed set of source code instructions to the client computer;
  
  wherein execution of the transformed set of source code on the client computer without executing the one or more second instructions results in unpredictable source code due to the variable being undefined.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer system of claim 12, wherein generating the one or more second instructions comprises applying one or more obfuscation transformations to the one or more first instructions before combining the one or more first instructions within the one or more additional instructions.
  - 14. The computer system of claim 13,wherein the one or more second instructions include a first modification expression configured to set the variable to a second value and a second modification expression configured to modify the second value of the variable to the literal.
  - 15. The computer system of claim 14,wherein the first modification expression is configured to apply encryption to the literal;
    - andwherein the second modification expression is configured to apply decryption to the second of the variable.
  - 16. The computer system of claim 12, wherein the one or more second instructions comprise an Immediately Invoked Function Expression (IIFE) that executes the one or more additional instructions that invoke one or more additional operations.
  - 17. The computer system of claim 12, wherein the one or more additional instructions define one or more supervisor operations designed to track invocation of one or more base operations, wherein the one or more supervisor operations are defined in the browser when the transformed set of source code instructions is executed on the client computer.
  - 18. The computer system of claim 12,wherein the one or more additional instructions define one or more supervisor operations designed to track one or more calls to a specific function that is defined by a runtime environment;
    - andwherein the one or more second instructions, when executed in the runtime environment on the client computer, cause;
      
      sending a set of telemetry data indicating that the specific function call was made.
  - 19. The computer system of claim 18, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to:
    - receive, from the client computer, the set of telemetry data;
      
      store the set of telemetry data which indicates that one or more calls were made to the specific function.
  - 20. The computer system of claim 19, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to:
    - analyze the frequency and origin of the one or more calls to the specific function.
  - 21. The computer system of claim 12,wherein the one or more second instructions comprise a statement defining a closure having a body that is configured to return the literal when after invocation of the closure when the one or more second instructions are executed by the client computer.
  - 22. The computer system of claim 21, wherein the statement comprises a JavaScript IIFE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Overson, Jarrod, Yang, Siying
Primary Examiner(s)
Nguyen, Duy Khuong T

Application Number

US15/069,667
Time in Patent Office

1,079 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1066   Hiding content

G06F 21/14   against software analysis o...

G06F 8/51   Source to source

G06F 9/45516   Runtime code conversion or ...

G06F 9/45529   Embedded in an application,...

H04L 63/0281   Proxies

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

Intercepting and injecting calls into operations and objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Intercepting and injecting calls into operations and objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links