METHOD AND SYSTEM FOR RUN-TIME DYNAMIC AND INTERACTIVE IDENTIFICATION OF SOFTWARE AUTHORIZATION REQUIREMENTS AND PRIVILEGED CODE LOCATIONS, AND FOR VALIDATION OF OTHER SOFTWARE PROGRAM ANALYSIS RESULTS
First Claim
1. A method for detecting and verifying security authorization and privileged-code requirements in a run-time execution environment in which a software program is executing, said method comprising:
- implementing reflection objects for identifying program points in said executing program where authorization failures have occurred in response to the program'"'"'s attempted access of resources requiring authorizations as enforced by a particular security subsystem;
displaying instances of identified program points via a user interface, said identified instances being user selectable;
for a selected program point, determining authorization and privileged-code requirements for said access restricted resources associated with said selected program point in real-time; and
,enabling a user to select, via said user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorization is provided.
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program'"'"'s attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.
81 Citations
43 Claims
-
1. A method for detecting and verifying security authorization and privileged-code requirements in a run-time execution environment in which a software program is executing, said method comprising:
-
implementing reflection objects for identifying program points in said executing program where authorization failures have occurred in response to the program'"'"'s attempted access of resources requiring authorizations as enforced by a particular security subsystem; displaying instances of identified program points via a user interface, said identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for said access restricted resources associated with said selected program point in real-time; and
,enabling a user to select, via said user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorization is provided. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A run-time authorization requirement discovery tool for a computing device executing software programs requiring security authorizations comprising:
-
means providing an execution environment enabling automatic discovery of security-sensitive and access-restricted actions attempted by an executing program, said means enabling execution of reflection objects for identifying program points in said executing program where authorization failures have occurred in response to the program'"'"'s attempt to access resources requiring permissions as enforced by a particular security subsystem; means for displaying instances of identified program points via a user interface; means enabling user selection of a displayed program point via said interface; and
,means for determining said authorizations for said access-restricted resources associated with said selected program point in real-time, said user being enabled to select, via said user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring permissions is provided. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for providing real-time software authorization access to restricted resources by a computer program, said system comprising:
-
means for enabling program execution in a restricted execution environment; means for determining one or more program points of said executing program where a required authorization is missing; means for selecting a program point requiring a missing authorization; means enabling a user to inspect, via a display device, a stack trace generated in response to said selected program point, said stack trace provided via said display means to indicate those required authorizations; and
,means enabling a user to grant, via said display means, one or more said required authorizations, wherein said granting of authorizations is performed without terminating execution of the program. - View Dependent Claims (32, 33, 34)
-
-
35. A method for providing real-time software authorization access to restricted resources by a computer program, said method comprising:
-
enabling program execution in a restricted execution environment; determining one or more program points of said executing program where a required authorization is missing; selecting a program point requiring a missing authorization; enabling a user to inspect, via a display device, a stack trace generated in response to said selected program point, said stack trace provided via said display means to indicate those required authorizations; and
,enabling a user to grant, via said display means, one or more said required authorizations, wherein said granting of authorizations is performed without terminating execution of the program. - View Dependent Claims (36)
-
-
37. A method for detecting problems in an executing software program comprising:
-
enabling program execution in a restricted execution environment, which prevents the underlying system from becoming corrupted if the program being executed is malicious or performs incorrectly; determining one or more program points of said executing program wherein an exception is raised indicating a potential problem in said executing software; selecting a program point; initiating the execution of a selected program point without causing the system to stop its own execution if all exception is raised indicating a problem with the software; enabling a user to inspect, via a display device, a stack trace generated in response to said selected program point, said stack trace provided via said display means to indicate said raised exception for said potential problem in said executing software; and means enabling a user to detect, via said display means, the optimal locations where code may be inserted to correct the indicated problem. - View Dependent Claims (38, 39, 40)
-
-
41. A method for verifying analysis results of software programs, said analysis results being obtained as a result of a previously performed software analysis technique, said method comprising:
-
enabling program execution in a restricted execution environment, which prevents the underlying system from becoming corrupted if the program being analyzed is malicious or performs incorrectly; determining from said previously obtained analysis results, one or more program points of said executing program indicating a potential problem in said software program; selecting a program point; initiating the execution of a selected program point without causing the system to stop its own execution if an exception is raised indicating said potential problem with the software; enabling a user to inspect, via a display device, a stack trace generated in response to said selected program point, said stack trace provided via said display means to indicate said problem in said executing software; and enabling a user to verify, via said display means, whether the potential problem was correctly indicated by said previously performed software analysis technique. - View Dependent Claims (42, 43)
-
Specification