Framework for efficient security coverage of mobile software applications
First Claim
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
- one or more hardware processors; and
a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of the application instance by identifying a portion of code of the application instance that, when executed by the one or more hardware processors, triggers one or more processes of the application instance and causes the one or more processes to appear to be invoked by a user, (b) determines specific stimuli that causes transitions within the application instance to reach the region of interest, and (c) applies the stimuli to the application instance and performs subsequent monitoring of one or more behaviors resulting from execution of the portion of the code of the application instance at the region of interest.
7 Assignments
0 Petitions
Accused Products
Abstract
A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application'"'"'s execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application'"'"'s run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
Citations
28 Claims
-
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
-
one or more hardware processors; and a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of the application instance by identifying a portion of code of the application instance that, when executed by the one or more hardware processors, triggers one or more processes of the application instance and causes the one or more processes to appear to be invoked by a user, (b) determines specific stimuli that causes transitions within the application instance to reach the region of interest, and (c) applies the stimuli to the application instance and performs subsequent monitoring of one or more behaviors resulting from execution of the portion of the code of the application instance at the region of interest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for automatically analyzing an application instance by one or more hardware processors executing software that perform operations comprising:
-
identifying a region of interest of the application instance based on an analysis of code of the application instance in response to execution of the software by the one or more hardware processors, the region of interest corresponds to one or more parts of the code of the application instance that are considered to potentially include improperly behaving code that triggers one or more processes of the application instance and causes the one or more processes to appear to be invoked by a user; determining, during execution of the software by the one or more hardware processors, specific stimuli and applying, the stimuli to the application instance so that the application instance commences processing of the one or more parts of code of the application instance that is associated with the region of interest; monitoring, during execution of the software by the one or more hardware processors, one or more behaviors of the application instance during processing of the one or more parts of code of the application instance that is associated with the region of interest within one or more virtual machines in response to the applied stimuli; and determining, during execution of the software by the one or more hardware processors, whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for automatically analyzing an application instance for improperly behaving code, the method comprising:
-
identifying a region of interest of an application instance by identifying whether a portion of code of the application instance that, when executed, triggers one or more processes of the application instance and causes the one or more processes to appear to be invoked by a user; determining specific stimuli that causes transitions within the application instance to reach the region of interest; and applying the stimuli to the application instance and performing subsequent monitoring of one or more behaviors resulting from execution of the portion of the code of the application instance at the region of interest. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification