SYSTEM AND METHOD FOR A SECURITY ASSESSMENT OF AN APPLICATION UPLOADED TO AN APPSTORE

US 20140215614A1
Filed: 01/30/2013
Published: 07/31/2014
Est. Priority Date: 01/30/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for assessing the level of security of an application to be uploaded to an App Store, comprising:

i. Providing a security system comprising an attack dictionary relevant to a specific device, information regarding security sensitivity grades of subsystems of said device and an Identifier, suitable to recognize the API'"'"'s related to each of said subsystems and to inspect each line of the code to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code;

ii. For each specific attack present in the attack dictionary, inspecting a code to determine whether the attack is attempted; and

iii. If a suspicion of attack is detected, taking corrective action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for assessing the level of security of an application to be uploaded to an App Store, comprises: (i) Providing a security system comprising an attack dictionary relevant to a specific device, information regarding security sensitivity grades of subsystems of said device and an Identifier, suitable to recognize the API'"'"'s related to each of said subsystems and to inspect each line of the code to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code; (ii) For each specific attack present in the attack dictionary, inspecting a code to determine whether the attack is attempted; and (iii) If a suspicion of attack is detected, taking corrective action.

20 Citations

View as Search Results

8 Claims

1. A method for assessing the level of security of an application to be uploaded to an App Store, comprising:
- i. Providing a security system comprising an attack dictionary relevant to a specific device, information regarding security sensitivity grades of subsystems of said device and an Identifier, suitable to recognize the API'"'"'s related to each of said subsystems and to inspect each line of the code to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code;
  
  ii. For each specific attack present in the attack dictionary, inspecting a code to determine whether the attack is attempted; and
  
  iii. If a suspicion of attack is detected, taking corrective action.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein the Identifier is suitable to inspect each line of the code and to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code.
  - 3. A method according to claim 1, comprisingd) providing rules in or relating to an SDK, with which the application must comply;
    - e) when an application is packaged by a developer for uploading to the App Store, analyzing the software code for compliance with said rules;
      
      f) for each rule compiling a level of suspicion or confidence based on the level of compliance of the software code with the rule; and
      
      g) compiling a suspicion or confidence rate of the application based on the suspicious behavior, if any, identified for each rule and embedding in the application code information representative of such suspicion or confidence rate.
  - 4. A method for preventing the distribution of applications containing malicious codes through an App Store, comprising performing the process of claim 1 and thereafter:
    - h) uploading the application to the App Store and analyzing the suspicion rate therein; and
      
      i) based on the results of the analysis of the suspicion rate allowing or refusing inclusion of the application in the App Store and/or taking additional or other corrective action.
  - 5. A method according to claim 1, further comprising contacting the developer of the application to obtain clarification for suspicious behavior found in the software code.
  - 6. A method according to claim 1, wherein the application to be uploaded to the App Store is intended for a device selected from among smart phones, tablet PCs or Smart TV.

7. A system for distributing applications through an App Store, comprising:
- i. A security system comprising an attack dictionary relevant to a specific device, information regarding security sensitivity grades of subsystems of said device and an Identifier, suitable to recognize the API'"'"'s related to each of said subsystems and to inspect each line of the code to calculate the maximum security sensitivity grade for each information flow emanating from a given line of code; and
  
  ii. An Inspector, for inspecting a code to determine, for each specific attack present in the attack dictionary, whether the attack is attempted.
- View Dependent Claims (8)
- - 8. A security system according to claim 7, comprising:
    - iii. rules in or relating to an SDK, with which the application must comply;
      
      iv. packaging and uploading circuitry for uploading an application to the App Store;
      
      v. software analysis apparatus to analyze the software code for compliance with said rules;
      
      vi. compilation means for compiling for each rule a level of suspicion or confidence based on the level of compliance of the software code with the rule;
      
      vii. software for compiling a suspicion or confidence rate of the application based on the suspicious behavior, if any, identified for each rule and embedding in the application code information representative of such suspicion or confidence rate.viii. an uploader for uploading the application to the App Store and for analyzing the suspicion rate therein; and
      
      ix. logic circuitry for allowing or refusing inclusion of the application in the App Store based on the results of the analysis of the suspicion rate and/or for taking additional or other corrective action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
BESKROVNY, Evgeny, LEV ARI, Iris

Application Number

US13/753,555
Publication Number

US 20140215614A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

SYSTEM AND METHOD FOR A SECURITY ASSESSMENT OF AN APPLICATION UPLOADED TO AN APPSTORE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR A SECURITY ASSESSMENT OF AN APPLICATION UPLOADED TO AN APPSTORE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links