Systematic Approach to Uncover GUI Logic Flaws
First Claim
1. A method comprising:
- mapping a visual invariant to a program invariant; and
discovering inputs to GUI logic that includes a user actions and an execution context to cause the program invariant to be violated.
2 Assignments
0 Petitions
Accused Products
Abstract
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
23 Citations
20 Claims
-
1. A method comprising:
-
mapping a visual invariant to a program invariant; and discovering inputs to GUI logic that includes a user actions and an execution context to cause the program invariant to be violated. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
generating a webpage; loading the webpage through a browser, wherein an action sequence performed by the browser is simulated, and states of the browser are tracked; and checking for spoofs when the loading is performed.
-
- 11. The method of claim 11, wherein the action sequence is pumped by repeatedly calling a routine.
-
14. A method comprising:
-
examining graphic user interface (GUI) logic; and identifying flaws in the logic that expose security damage. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification