Fine-grained analysis and prevention of invalid privilege transitions

US 10,402,564 B2
Filed: 06/15/2017
Issued: 09/03/2019
Est. Priority Date: 08/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method executed on a processor for analyzing operations of privilege changes, the method comprising:

inputting source code of a program from a computing device;

performing, via the processor, source code analysis on the program by;

generating a privilege control flow graph (PCFG);

generating a privilege data flow graph (PDFG) defined as a graph where a node is a privilege state of the program and an edge is a transition between source and destination privilege states, the edge having properties regarding parameters for privilege change operations, metadata of the parameters including three properties, the first property indicating whether a parameter of the parameters is a constant or a variable, the second property shows possible values either as a list of values or a range of values with start and end values, and the third property represents a list of source code locations which define and manipulate the values; and

generating a privilege call context graph (PCCG);

based on the source code analysis results, instrumenting the source code of the program to insert an inspection code to check for proper transitions of privileges and to prevent potential invalid privilege transitions;

rebuilding the program by employing revised code including information from the PCFG, the PDFG, and the PCCG;

at runtime inspection, deploying the rebuilt program to the computing device to perform runtime inspection to determine potential abnormal usages of the privilege change operations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for analyzing operations of privilege changes is presented. The computer-implemented method includes inputting a program and performing source code analysis on the program by generating a privilege control flow graph (PCFG), generating a privilege data flow graph (PDFG), and generating a privilege call context graph (PCCG). The computer-implemented method further includes, based on the source code analysis results, instrumenting the program to perform inspections on execution states at privilege change operations, and performing runtime inspection and anomaly prevention.

10 Citations

20 Claims

1. A computer-implemented method executed on a processor for analyzing operations of privilege changes, the method comprising:
- inputting source code of a program from a computing device;
  
  performing, via the processor, source code analysis on the program by;
  
  generating a privilege control flow graph (PCFG);
  
  generating a privilege data flow graph (PDFG) defined as a graph where a node is a privilege state of the program and an edge is a transition between source and destination privilege states, the edge having properties regarding parameters for privilege change operations, metadata of the parameters including three properties, the first property indicating whether a parameter of the parameters is a constant or a variable, the second property shows possible values either as a list of values or a range of values with start and end values, and the third property represents a list of source code locations which define and manipulate the values; and
  
  generating a privilege call context graph (PCCG);
  
  based on the source code analysis results, instrumenting the source code of the program to insert an inspection code to check for proper transitions of privileges and to prevent potential invalid privilege transitions;
  
  rebuilding the program by employing revised code including information from the PCFG, the PDFG, and the PCCG;
  
  at runtime inspection, deploying the rebuilt program to the computing device to perform runtime inspection to determine potential abnormal usages of the privilege change operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the privilege control flow graph provides code locations of the privilege change operations, includes all transitions of privileges inside the program in the nodes, and includes all possible transitions regarding what privilege change functions are employed.
  - 3. The method of claim 2, wherein the privilege data flow graph provides data flow of the parameters of the privilege change operations.
  - 4. The method of claim 3, wherein the privilege call context graph provides possible call stacks when the privilege change operations are invoked.
  - 5. The method of claim 4, wherein the runtime inspection determines whether the privilege change operations are invoked from places obtained from static analysis.
  - 6. The method of claim 5, wherein the runtime inspection determines whether the parameters of the privilege change operations are consistent with data obtained in the static analysis.
  - 7. The method of claim 6, wherein the runtime inspection determines whether the call stacks at the privilege change operations are consistent with possible call stacks obtained from the static analysis.
  - 8. The method of claim 1, wherein the runtime inspection includes privilege change inspection and prevention logic (PIPL) for comparing the PCFG, PDFG, and PCCG graphs with runtime function call information.

9. A system for analyzing operations of privilege changes, the system comprising:
- a memory; and
  
  a processor in communication with the memory, wherein the processor is configured to;
  
  input source code of a program from a computing device;
  
  perform, via the processor, source code analysis on the program by;
  
  generating a privilege control flow graph (PCFG);
  
  generating a privilege data flow graph (PDFG) defined as a graph where a node is a privilege state of the program and an edge is a transition between source and destination privilege states, the edge having properties regarding parameters for privilege change operations, metadata of the parameters including three properties, the first property indicating whether a parameter of the parameters is a constant or a variable, the second property shows possible values either as a list of values or a range of values with start and end values, and the third property represents a list of source code locations which define and manipulate the values; and
  
  generating a privilege call context graph (PCCG);
  
  based on the source code analysis results, instrument the source code of the program to insert an inspection code to check for proper transitions of privileges and to prevent potential invalid privilege transitions;
  
  rebuild the program by employing revised code including information from the PCFG, the PDFG, and the PCCG;
  
  at runtime inspection, deploy the rebuilt program to the computing device to perform runtime inspection to determine potential abnormal usages of the privilege change operations.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the privilege control flow graph provides code locations of the privilege change operations, includes all transitions of privileges inside the program in the nodes, and includes all possible transitions regarding what privilege change functions are employed.
  - 11. The system of claim 10, wherein the privilege data flow graph provides data flow of the parameters of the privilege change operations.
  - 12. The system of claim 11, wherein the privilege call context graph provides possible call stacks when the privilege change operations are invoked.
  - 13. The system of claim 12, wherein the runtime inspection determines whether the privilege change operations are invoked from places obtained from static analysis.
  - 14. The system of claim 13, wherein the runtime inspection determines whether the parameters of the privilege change operations are consistent with data obtained in the static analysis.
  - 15. The system of claim 14, wherein the runtime inspection determines whether the call stacks at the privilege change operations are consistent with possible call stacks obtained from the static analysis.
  - 16. The system of claim 9, wherein the runtime inspection includes privilege change inspection and prevention logic (PIPL) for comparing the PCFG, PDFG, and PCCG graphs with runtime function call information.

17. A non-transitory computer-readable storage medium comprising a computer-readable program for analyzing operations of privilege changes, wherein the computer-readable program when executed on a computer causes the computer to perform the steps of:
- inputting source code of a program from a computing device;
  
  performing, via the processor, source code analysis on the program by;
  
  generating a privilege control flow graph (PCFG);
  
  generating a privilege data flow graph (PDFG) defined as a graph where a node is a privilege state of the program and an edge is a transition between source and destination privilege states, the edge having properties regarding parameters for privilege change operations, metadata of the parameters including three properties, the first property indicating whether a parameter of the parameters is a constant or a variable, the second property shows possible values either as a list of values or a range of values with start and end values, and the third property represents a list of source code locations which define and manipulate the values; and
  
  generating a privilege call context graph (PCCG);
  
  based on the source code analysis results, instrumenting the source code of the program to insert an inspection code to check for proper transitions of privileges and to prevent potential invalid privilege transitions;
  
  rebuilding the program by employing revised code including information from the PCFG, the PDFG, and the PCCG;
  
  at runtime inspection, deploying the rebuilt program to the computing device to perform runtime inspection to determine potential abnormal usages of the privilege change operations.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable storage medium of claim 17,wherein the privilege control flow graph provides code locations of the privilege change operations, includes all transitions of privileges inside the program in the nodes, and includes all possible transitions regarding what privilege change functions are employed;
    - wherein the privilege data flow graph provides data flow of the parameters of the privilege change operations; and
      
      wherein the privilege call context graph provides possible call stacks when the privilege change operations are invoked.
  - 19. The non-transitory computer-readable storage medium of claim 18,wherein the runtime inspection determines whether the privilege change operations are invoked from places obtained from static analysis;
    - wherein the runtime inspection determines whether the parameters of the privilege change operations are consistent with data obtained in the static analysis; and
      
      wherein the runtime inspection determines whether the call stacks at the privilege change operations are consistent with possible call stacks obtained from the static analysis.
  - 20. The non-transitory computer-readable storage medium of claim 17, wherein the runtime inspection includes privilege change inspection and prevention logic (PIPL) for comparing the PCFG, PDFG, and PCCG graphs with runtime function call information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Rhee, Junghwan, Jeon, Yuseok, Li, Zhichun, Jee, Kangkook, Wu, Zhenyu, Jiang, Guofei
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/623,589
Publication Number

US 20180052998A1
Time in Patent Office

810 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/563   by source code analysis

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2141   Access rights, e.g. capabil...

Fine-grained analysis and prevention of invalid privilege transitions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Fine-grained analysis and prevention of invalid privilege transitions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others