Static analysis of vulnerabilities in application packages
First Claim
1. A method performed by one or more processors for statically analyzing an application package for vulnerabilities, the method comprising:
- disassembling at least a portion of executable code for an application;
searching the disassembled code for a definition of a potentially-vulnerable function;
determining that the potentially-vulnerable function is defined and analyzing a portion of the disassembled code associated with the potentially-vulnerable function, wherein the analyzing comprises;
searching the disassembled code associated with the potentially-vulnerable function for executable instructions associated with a non-vulnerable implementation of the potentially-vulnerable function, anddetermining, based on an absence of the executable instructions that at least one vulnerability associated with the potentially-vulnerable function is present; and
based on the analysis, disabling the potentially-vulnerable function in the application and reporting a potential vulnerability in the potentially-vulnerable function.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are disclosed herein for analyzing computer programs for potential security vulnerabilities. In one computer-implemented embodiment of the disclosed technology, a method includes analyzing a package for an application (e.g., a mobile device application package) by disassembling at least a portion of executable code associated with the application, searching for a pattern associated with a potentially vulnerably function or method, and, if the function or method is defined, then analyzing disassembled code for the function to determine whether a vulnerability is present. In some examples, a number of packages are stored in an application store database and scanned periodically to statically analyze the package for vulnerabilities.
13 Citations
17 Claims
-
1. A method performed by one or more processors for statically analyzing an application package for vulnerabilities, the method comprising:
-
disassembling at least a portion of executable code for an application; searching the disassembled code for a definition of a potentially-vulnerable function; determining that the potentially-vulnerable function is defined and analyzing a portion of the disassembled code associated with the potentially-vulnerable function, wherein the analyzing comprises; searching the disassembled code associated with the potentially-vulnerable function for executable instructions associated with a non-vulnerable implementation of the potentially-vulnerable function, and determining, based on an absence of the executable instructions that at least one vulnerability associated with the potentially-vulnerable function is present; and based on the analysis, disabling the potentially-vulnerable function in the application and reporting a potential vulnerability in the potentially-vulnerable function. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory computer-readable storage media storing computer-readable instructions that, when executed by a computer, cause the computer to perform a method, comprising:
-
disassembling at least a portion of executable code for an application; searching the disassembled code for a definition of a potentially-vulnerable function; determining that the potentially-vulnerable function is defined in the disassembled portion of the executable code and analyzing the disassembled portion of the executable code, wherein the analyzing comprises; searching the disassembled portion of the executable code for executable instructions associated with a non-vulnerable implementation of the potentially-vulnerable function, and determining, based on an absence of the executable instructions that at least one vulnerability associated with the potentially-vulnerable function is present; and based on the analysis, disabling the potentially-vulnerable function of the application and reporting a potential vulnerability in the potentially-vulnerable function.
-
-
9. A system, comprising:
-
memory; one or more processors couple to the memory; one or more non-transitory computer-readable media storing computer-readable instructions that, when executed by the processors, cause the processors to perform a method of statically analyzing an application package for vulnerabilities, the instructions comprising; instructions for a disassembler, the disassembler being configure to disassemble executable code; instructions for searching disassembled code for a definition of a potentially-vulnerable function instructions for, determining that the potentially-vulnerable function is defined and analyzing a portion of the disassembled code associated with the potentially-vulnerable function, wherein the analyzing comprises; searching the disassembled code associated with the potentially-vulnerable function for executable instructions associated with a non-vulnerable implementation of the potentially-vulnerable function, and determining, based on an absence of the executable instructions that at least one vulnerability associated with the potentially-vulnerable function is present; and instructions for disabling the potentially vulnerable function in the application based on the analysis and reporting a potential vulnerability in the potentially-vulnerable function. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification