Identifying Security Breaches Caused by Web-Enabled Software Applications

US 20100299754A1
Filed: 05/20/2009
Published: 11/25/2010
Est. Priority Date: 05/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method for identifying, a security breach caused when a computer-based software application uses a computer-based web browser application, the method comprising:

identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to said software application;

at least partially replacing said data with malicious content that is configured to cause a predefined action to occur when said malicious content is accessed by said web browser application, wherein said predefined action is associated with a known security breach when said predefined action occurs subsequent to said malicious content being accessed by said web browser application;

causing said software application to perform said function; and

determining whether said predefined action is performed,wherein any of said steps are implemented in either of computer hardware and computer software and embodied in a computer-readable medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Identifying a security breach caused when a computer-based software application uses a computer-based web browser application, including identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to the software application, at least partially replacing the data with malicious content that is configured to cause a predefined action to occur when the malicious content is accessed by the web browser application, where the predefined action is associated with a known security breach when the predefined action occurs subsequent to the malicious content being accessed by the web browser application, causing the software application to perform the function, and determining whether the predefined action is performed.

230 Citations

18 Claims

1. A method for identifying, a security breach caused when a computer-based software application uses a computer-based web browser application, the method comprising:
- identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to said software application;
  
  at least partially replacing said data with malicious content that is configured to cause a predefined action to occur when said malicious content is accessed by said web browser application, wherein said predefined action is associated with a known security breach when said predefined action occurs subsequent to said malicious content being accessed by said web browser application;
  
  causing said software application to perform said function; and
  
  determining whether said predefined action is performed,wherein any of said steps are implemented in either of computer hardware and computer software and embodied in a computer-readable medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method according to claim 1 and further comprising monitoring the execution of said computer-based software application to identify said function.
  - 3. A method according to claim 1 wherein said steps are performed if said web browser application is embedded within said software application.
  - 4. A method according to claim 1 wherein said at least partially replacing step comprises at least partially replacing said data at said source.
  - 5. A method according to claim 1 and further comprising providing a notification regarding said security breach.
  - 6. A method according to claim 1 and further comprising providing any of said applications with a wrapper configured to detect the presence of said malicious content in said data.
  - 7. A method according to claim 1 and further comprising:
    - inspecting and enumerating through GUI objects of said software application,determining whether said software application utilizes said web browser application as an embedded browser object; and
      
      querying said embedded browser object to determine the existence of said malicious content that is accessed by said embedded browser object.
  - 8. A method according to claim 1 wherein said at least partially replacing step comprises at least partially replacing said data such that said malicious content includes at least one instruction for interacting with an external resource, and wherein said method further comprises detecting said interaction with said external resource.
  - 10. A system according to claim 1 wherein said software application is configured such that its main purpose does not require it to include functions that are uniquely associated with web browsers, and such that it has the ability to cause said web browser application to perform any functions that are uniquely associated with web browsers.
  - 11. A system according to claim 1 wherein said web browser application is either of a stand-alone browser application external to said software application and an embedded browser with respect to said software application.
  - 12. A system according to claim 1 wherein said security breach provoker is configured to simulate network connections to intercept attempts by said web browser application to access said data and ensure that said web browser application accesses said data.
  - 13. A system according to claim 1 wherein said security breach detector is configured to provide a notification regarding said security breach.
  - 14. A system according to claim 1 wherein said malicious content is configured to create a window containing a predefined siring, and wherein said security breach detector is configured to detect the creation of said window and determine whether said window contains said predefined string.
  - 15. A system according to claim 1 and further comprising a wrapper cooperative with either of said software application and said web browser application, wherein said wrapper is configured to detect the presence of said malicious content in said data.
  - 16. A system according to claim 1 and further comprising a GUI inspector configured toinspect and enumerate through GUI objects of said software application;
    - determine whether said software application utilizes said web browser application as an embedded browser object; and
      
      query said embedded browser object to determine the existence of said malicious content that is accessed by said embedded browser object.
  - 17. A system according to claim 1 wherein said malicious content includes at least one instruction for interacting with an external resource, and further comprising an external security breach detector configured to detect said interaction with said external resource.

9. A system for identifying a security breach caused when a computer-based software application uses a computer-based web browser application, the system comprising:
- an application analyzer configured to identify at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to said software application;
  
  a data manipulator configured to at least partially replace said data with malicious content that is configured to cause a predefined action to occur when said malicious content is accessed by said web browser application, wherein said predefined action is associated with a known security breach when said predefined action occurs subsequent to said malicious content being accessed by said web browser application;
  
  a security breach provoker configured to cause said software application to perform said function; and
  
  a security breach detector configured to determine whether said predefined action is performed.wherein any of said application analyzer, data manipulator, security breach provoker, and security breach detector are implemented in either of computer hardware and computer software and embodied in a computer-readable medium.

18. A computer program product for identifying a security breach caused when a computer-based software application uses a computer-based web browser application, the computer program product comprising:
- a computer readable medium; and
  
  computer program instructions operative toidentify at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to said software application,at least partially replace said data with malicious content that is configured to cause a predefined action to occur when said malicious content is accessed by said web browser application, wherein said predefined action is associated with a known security breach when said predefined action occurs subsequent to said malicious content being accessed by said web browser application,cause said software application to perform said function, anddetermine whether said predefined action is performed,wherein said program instructions are stored on said computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Amit, Yair, Hay, Roee, Sharabani, Adi

Granted Patent

US 8,370,945 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/14   for detecting or protecting...

Identifying Security Breaches Caused by Web-Enabled Software Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

230 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying Security Breaches Caused by Web-Enabled Software Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links