SYSTEM AND METHOD FOR CREATING SECURE APPLICATIONS
First Claim
1. A method for generating a secure application, comprising:
- obtaining a target application;
decomposing the target application into original files that contain predictable instructions;
identifying one or more predictable instructions in the original files;
modifying the target application to create the secure application by binding one or more intercepts to the target application to enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application, wherein the modification of the target application is conducted without access to the source code of the target application.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for generating a secure application is described herein. The method can include the steps of obtaining a target application and decomposing the target application into original files that contain predictable instructions. One or more predictable instructions in the original files may be identified. In addition, the target application may be modified to create the secure application by binding one or more intercepts to the target application. These intercepts can enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application. Modification of the target application may be conducted without access to the source code of the target application.
-
Citations
72 Claims
-
1. A method for generating a secure application, comprising:
-
obtaining a target application; decomposing the target application into original files that contain predictable instructions; identifying one or more predictable instructions in the original files; modifying the target application to create the secure application by binding one or more intercepts to the target application to enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application, wherein the modification of the target application is conducted without access to the source code of the target application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for generating a secure application, comprising:
-
receiving a pre-compiled target application; identifying predictable instructions in the target application; configuring the target application with respect to the predictable instructions to enable selective behavior modification of the target application, thereby creating the secure application; wherein the configuration is performed without access to the source code of the target application and preserves the normal functions and application programming interfaces of an operating system for which the target application was designed. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of generating a secure application, comprising:
-
obtaining a target application; decomposing the target application into files that contain predictable instructions; identifying one or more predictable instructions in the files; and modifying the target application to create the secure application by binding one or more intercepts to the target application to enable the modification of the predictable instructions such that the behavior of the secure application is capable of being different from that of the target application; wherein modifying the target application to create the secure application maintains the pre-existing functionality of the target application and changing the behavior of the secure application from the behavior of the target application includes selectively controlling the execution of the pre-existing functionality.
-
-
30. A method of restricting access to an application, comprising:
-
obtaining a target application that is designed to conduct interprocess communications with a non-secure framework; imposing a namespace for interprocess communications on the target application during a securitization process to create a first secure application, wherein the namespace is integrated with a secure framework to permit the secure framework to process interprocess communications that are associated with the first secure application and that conform to the namespace and wherein the non-secure framework is unable to process the interprocess communications associated with the first secure application that conform to the namespace; and permitting a second secure application that conducts interprocess communications that conform to the namespace to share data with the first secure application. - View Dependent Claims (31, 32, 33, 34)
-
-
35. A method of operating a secure application, wherein the secure application was created from a target application having a first set of functions associated with a first application behavior and the secure application has a second set of functions that are imposed on the first set of functions and that are associated with a second application behavior, comprising:
-
receiving a request to activate the secure application; in response to the receipt of the request, forcing the secure application to override the first application behavior with the second application behavior, wherein the second application behavior takes priority over the first application behavior; and performing the second application behavior. - View Dependent Claims (36, 37, 38, 39, 72)
-
-
40. A system for generating a secure application, comprising:
-
a disassembler that is configured to receive and decompose a target application into original files that contain predictable instructions; and a securitization agent that is configured to; identify one or more predictable instructions in the original files of the target application; and modify the target application to create the secure application by binding one or more intercepts to be target application such that the behavior of the secure application is capable of being different from that of the target application; wherein the securitization agent modifies the target application without access to the source code of the target application. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. A system for creating a secure application, comprising:
-
a disassembler that is configured to receive a target application and make available predictable instructions of the target application; and a securitization agent that is configured to; identify at least some of the predictable instructions; and configure the target application with respect to the identified predictable instructions to enable selective behavior modification of the target application, thereby creating the secure application; wherein the securitization agent is able to configure the target application without access to the source code of the target application and to preserve the normal functions and application programming interfaces of an operating system for which the target application was designed. - View Dependent Claims (59, 60, 61, 62, 63)
-
-
64. A system for creating a secure application, comprising:
-
a disassembler that is configured to receive a target application and decompose the target application into files that contain predictable instructions of the target application; and a securitization agent that is configured to; identify at least some of the predictable instructions; and modify the target application to create the secure application by binding one or more intercepts to the target application to enable the modification of the predictable instructions such that the behavior of the secure application is capable of being different from the original behavior of the target application; wherein the securitization agent is further configured to maintain pre-existing functionality of the target application and change the behavior of the secure application from the original behavior of the target application by enabling selective control of the execution of the pre-existing functionality.
-
-
65. A system for restricting access to an application, comprising:
-
a disassembler that is configured to obtain a target application that is designed to conduct interprocess communications with a non-secure framework; and a securitization agent that is configured to; impose a namespace for interprocess communications on the target application during a securitization process to create a first secure application, wherein the namespace is to be integrated with a secure framework to permit the secure framework to process interprocess communications that are associated with the first secure application and that conform to the namespace and wherein the non-secure framework will be unable to process the interprocess communications associated with the first secure application that conform to the namespace; wherein a second secure application that conducts interprocess communications that conform to the namespace will be permitted to share data with the first secure application. - View Dependent Claims (66, 67)
-
-
68. A computing device, comprising:
-
an input device that is configured to receive a request to activate a secure application that is installed on the computing device, wherein the secure application was created from a target application having a first set of functions associated with a first application behavior and the secure application has a second set of functions that are imposed on the first set of functions and that are associated with a second application behavior; and a processing unit, wherein the processing unit is configured to; receive a request to activate the secure application; force the secure application to override the first application behavior with the second application behavior, wherein the second application behavior takes priority over the first application behavior; and execute the secure application to cause the secure application to perform the second application behavior. - View Dependent Claims (69, 70, 71)
-
Specification