Methods and apparatuses for improved app security testing

US 10,474,826 B2
Filed: 04/18/2016
Issued: 11/12/2019
Est. Priority Date: 04/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method for improved app security testing, the method comprising:

processing, by a security analysis system, an app for analysis;

analyzing the app by diagnostic circuitry of the security analysis system, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by;

selecting the lab rig based on its compatibility with the app;

causing instrumentation of the lab rig to facilitate capture of interactions by the app;

causing execution of the app by the lab rig;

recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and

upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises;

auto-rooting the lab rig,installing native hooks and custom loader to the lab rig,installing custom modules to the lab rig, andauto connecting the lab rig to one or more predefined networks,generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app; and

outputting, by the security analysis system, the set of risk issues.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are disclosed for performing static and/or non-emulated dynamic analysis of mobile computing device software to improve app security testing. In the context of a method, an example embodiment includes processing, by a security analysis system, an app for analysis. This example embodiment of the method further includes analyzing the app by diagnostic circuitry of the security analysis system. In this regard, analyzing the app includes at least one of performing static analysis on the app or causing performance, by a lab rig, of non-emulated dynamic analysis on the app. In turn, this example embodiment further includes generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app, and outputting, by the security analysis system, the set of risk issues. Corresponding apparatuses and computer program products are also provided.

Citations

18 Claims

1. A method for improved app security testing, the method comprising:
- processing, by a security analysis system, an app for analysis;
  
  analyzing the app by diagnostic circuitry of the security analysis system, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by;
  
  selecting the lab rig based on its compatibility with the app;
  
  causing instrumentation of the lab rig to facilitate capture of interactions by the app;
  
  causing execution of the app by the lab rig;
  
  recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and
  
  upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises;
  
  auto-rooting the lab rig,installing native hooks and custom loader to the lab rig,installing custom modules to the lab rig, andauto connecting the lab rig to one or more predefined networks,generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app; and
  
  outputting, by the security analysis system, the set of risk issues.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein processing the app for analysis includes:
    - retrieving the app; and
      
      determining whether to perform static analysis on the app or cause performance of dynamic analysis on the app.
  - 3. The method of claim 2, wherein retrieving the app includes:
    - receiving the app from a user terminal in conjunction with an app analysis request;
      
      orretrieving the app via a crawler rig designed to proactively identify and harvest apps from a network.
  - 4. The method of claim 2, wherein the determination of whether to perform static analysis on the app or cause performance of dynamic analysis on the app is based on one or more workflows designed for implementation by the security analysis system, the one or more workflows comprising distinct arrangements of static analysis tools and dynamic analysis designed for various evaluative purposes.
  - 5. The method of claim 1, wherein performing static analysis on the app includes:
    - instantiating, by the diagnostic circuitry, one or more containers, wherein each container runs a corresponding tool for performing static analysis on the app; and
      
      for each of the one or more containers,consuming, by a tool running on the container, the app as binary data,producing output data by the tool, andstoring the output data by the diagnostic circuitry.
  - 6. The method of claim 1, wherein performance of the static analysis uses information gained during performance of the non-emulated dynamic analysis.
  - 7. The method of claim 1, wherein the non-emulated dynamic analysis is caused to be performed by the lab rig using the information gained during performance of the static analysis.
  - 8. The method of claim 7, wherein the information gained during performance of the static analysis comprises at least a set of static analysis risk issues and a set of anticipated classes or functions in the app.
  - 9. The method of claim 1, wherein outputting the set of risk issues includes at least one of:
    - generating a report identifying the set of risk issues using a standardized language, orgenerating a mapping of the set of risk issues to one or more known security standards.
  - 10. The method of claim 1, wherein outputting the set of risk issues includes:
    - applying a risk rating to the set of risk issues based on standardized or customized rules.
  - 11. The method of claim 1, wherein outputting the set of risk issues includes:
    - identifying user devices subscribed to a mobile intelligence service;
      
      determining which of the user devices subscribed to the mobile intelligence service have installed the app; and
      
      transmitting the set of risk issues to the user devices subscribed to the mobile intelligence service that have installed the app.

12. An apparatus for improved app security testing, the apparatus comprising at least one processor and at least one memory storing computer-executable instructions, that, when executed by the at least one processor, cause the apparatus to:
- process an app for analysis;
  
  analyze the app, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by;
  
  selecting the lab rig based on its compatibility with the app;
  
  causing instrumentation of the lab rig to facilitate capture of interactions by the app;
  
  causing execution of the app by the lab rig;
  
  recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and
  
  upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises;
  
  auto-rooting the lab rig,installing native hooks and custom loader to the lab rig,installing custom modules to the lab rig, andauto connecting the lab rig to one or more predefined networks,generate, based on analyzing the app, a set of risk issues presented by the app; and
  
  output the set of risk issues.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the computer-executable instructions, when executed by the at least one processor, cause the apparatus to perform static analysis on the app by causing the apparatus to:
    - instantiate one or more containers, wherein each container runs a corresponding tool for performing static analysis on the app; and
      
      for each of the one or more containers;
      
      consume, by a tool running on the container, the app as binary data,produce output data by the tool, andstore the output data.
  - 14. The apparatus of claim 12, wherein performance of the static analysis uses information gained during performance of the non-emulated dynamic analysis.
  - 15. The apparatus of claim 14, wherein the information gained during performance of the static analysis comprises at least a set of static analysis risk issues and a set of anticipated classes or functions in the app.
  - 16. The apparatus of claim 12, wherein the computer-executable instructions, when executed by the at least one processor, cause the apparatus to cause performance of the non-emulated dynamic analysis by the lab rig using the information gained during performance of the static analysis.
  - 17. The apparatus of claim 12, wherein the computer-executable instructions, when executed by the at least one processor, cause the apparatus to output the set of risk issues by causing the apparatus to:
    - identify user devices subscribed to a mobile intelligence service;
      
      determine which of the user devices subscribed to the mobile intelligence service have installed the app; and
      
      transmit the set of risk issues to the user devices subscribed to the mobile intelligence service that have installed the app.

18. A computer program product comprising at least one non-transitory computer-readable storage medium for improved app security testing, the at least one non-transitory computer-readable storage medium storing computer-executable instructions that, when executed, cause an apparatus to:
- process an app for analysis;
  
  analyze the app, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by;
  
  selecting the lab rig based on its compatibility with the app;
  
  causing instrumentation of the lab rig to facilitate capture of interactions by the app;
  
  causing execution of the app by the lab rig;
  
  recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and
  
  upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises;
  
  auto-rooting the lab rig,installing native hooks and custom loader to the lab rig,installing custom modules to the lab rig, andauto connecting the lab rig to one or more predefined networks,generate, based on analyzing the app, a set of risk issues presented by the app; and
  
  output the set of risk issues.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NowSecure, Inc., Viaforensics, LLC
Original Assignee
Viaforensics, LLC
Inventors
Hoog, Andrew, Weinstein, David
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Truvan, Leynna T

Application Number

US15/131,556
Publication Number

US 20160306981A1
Time in Patent Office

1,303 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3664   Environments for testing or...

G06F 11/3692   for test results analysis

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

Methods and apparatuses for improved app security testing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatuses for improved app security testing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links