Systematic Approach to Uncover Visual Ambiguity Vulnerabilities
First Claim
1. A method comprising:
- mapping a visual invariant to a program invariant; and
discovering inputs to GUI logic that includes a user actions and an execution context to cause the program invariant to be violated.
2 Assignments
0 Petitions
Accused Products
Abstract
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
20 Citations
23 Claims
-
1. A method comprising:
-
mapping a visual invariant to a program invariant; and discovering inputs to GUI logic that includes a user actions and an execution context to cause the program invariant to be violated. - View Dependent Claims (2, 3, 4, 5, 18)
-
-
6. An reasoning engine comprising:
-
a formal model of a system comprised of a user action sequence, an execution context, and system state; and one or more program invariants, wherein a spoofing scenario is output if a program invariant is violated based on the user action sequence, the execution context, and the system state. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23)
-
Specification