IDENTIFYING AND TRACKING SENSITIVE DATA

US 20170109541A1
Filed: 10/20/2015
Published: 04/20/2017
Est. Priority Date: 10/20/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of classifying privacy relevance of an application programming interface (API), the method comprising:

analyzing a set of input applications to identify a plurality of custom APIs;

generating a respective taint specification for each identified custom API, each taint specification relating one or more sources of data to one or more data sinks;

generating one or more taint flows based on each taint specification, the one or more taint flows being a data path and associated data values between a source of data and a data sink;

matching one or more features and associated feature values from the one or more taint flows to a set of feature templates;

correlating the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features;

detecting a candidate API;

extracting one or more features from the candidate API;

comparing the one or more features from the candidate API to the set of privacy relevant features; and

assigning a label to the candidate API indicating privacy relevance of the candidate API.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of classifying privacy relevance of an application programming interface (API) comprises analyzing a set of input applications to identify a plurality of custom APIs and generating a respective taint specification for each identified custom API. The method further comprises generating taint flows based on each taint specification and matching features and associated feature values from the taint flows to a set of feature templates. The method also comprises correlating the matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features. The method further comprises detecting a candidate API, extracting features from the candidate API and comparing the extracted features to the set of privacy relevant features. Based on the comparison, a label is assigned to the candidate API indicating privacy relevance of the candidate API.

24 Citations

View as Search Results

20 Claims

1. A computer-implemented method of classifying privacy relevance of an application programming interface (API), the method comprising:
- analyzing a set of input applications to identify a plurality of custom APIs;
  
  generating a respective taint specification for each identified custom API, each taint specification relating one or more sources of data to one or more data sinks;
  
  generating one or more taint flows based on each taint specification, the one or more taint flows being a data path and associated data values between a source of data and a data sink;
  
  matching one or more features and associated feature values from the one or more taint flows to a set of feature templates;
  
  correlating the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features;
  
  detecting a candidate API;
  
  extracting one or more features from the candidate API;
  
  comparing the one or more features from the candidate API to the set of privacy relevant features; and
  
  assigning a label to the candidate API indicating privacy relevance of the candidate API.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein analyzing a set of input applications to identify a plurality of custom APIs comprises searching respective abstract syntax trees, each representative of one of the set of input applications, to identify the plurality of custom APIs.
  - 3. The method of claim 1, wherein the set of feature templates includes a plurality of keywords.
  - 4. The method of claim 1, wherein the set of feature templates includes a plurality of channel properties.
  - 5. The method of claim 1, wherein the set of feature templates includes a plurality of proximate transformations.
  - 6. The method of claim 1, wherein correlating the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs comprises:
    - grouping the matched features based on similarity of features and associated feature values; and
      
      annotating each group as privacy relevant or privacy irrelevant.
  - 7. The method of claim 1, wherein correlating the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs comprises:
    - annotating each instance of each custom API as privacy relevant or privacy irrelevant; and
      
      identifying features and associated feature values of privacy relevant instances of the plurality of custom APIs as the set of privacy relevant features.

8. A program product comprising a processor-readable storage medium having program instructions embodied thereon, wherein the program instructions are configured, when executed by at least one programmable processor, to cause the at least one programmable processor to:
- analyze a set of input applications to identify a plurality of custom APIs;
  
  generate a respective taint specification for each identified custom API, each taint specification relating one or more sources of data to one or more data sinks;
  
  generate one or more taint flows based on each taint specification, the one or more taint flows being a data path and associated data values between a source of data and a data sink;
  
  match one or more features and associated feature values from the one or more taint flows to a set of feature templates correlate the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features;
  
  detect a candidate API;
  
  extract one or more features from the candidate API;
  
  compare the one or more features from the candidate API to the set of privacy relevant features; and
  
  assign a label to the candidate API indicating privacy relevance of the candidate API.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The program product of claim 8, wherein the program instructions are further configured to cause the at least one programmable processor to analyze a set of input applications by searching respective abstract syntax trees, each representative of one of the set of input applications, to identify the plurality of custom APIs.
  - 10. The program product of claim 8, wherein the set of feature templates includes a plurality of keywords.
  - 11. The program product of claim 8, wherein the set of feature templates includes at least one of a plurality of channel properties and a plurality of data transformations.
  - 12. The program product of claim 8, wherein the program instructions are further configured to cause the at least one programmable processor to correlate the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs by:
    - grouping the matched features based on similarity of features and associated feature values; and
      
      annotating each group as privacy relevant or privacy irrelevant.
  - 13. The program product of claim 8, wherein the program instructions are further configured to cause the at least one programmable processor to correlate the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs by:
    - annotating each instance of each custom API as privacy relevant or privacy irrelevant; and
      
      identifying features and associated feature values of privacy relevant instances of the plurality of custom APIs as the set of privacy relevant features.

14. A computer system comprising:
- a memory;
  
  a network interface; and
  
  a processor communicatively coupled to the memory and the network interface;
  
  wherein the processor is configured to obtain a set of input applications via the network interface and to analyze the set of input applications to identify a plurality of custom APIs in the set of input applications;
  
  wherein the processor is further configured to determine a set of privacy relevant features from the plurality of identified custom APIs and to store the set of privacy relevant features in the memory;
  
  wherein the processor is further configured to detect execution of a candidate API subsequent to storing the set of privacy relevant features in the memory;
  
  wherein the processor is further configured to extract one or more features from the candidate API and to compare the extracted one or more features to the set of privacy relevant features in order to determine the privacy relevance of the candidate API.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer system of claim 14, wherein the processor is configured to determine the set of privacy relevant features by:
    - generating a respective taint specification for each identified custom API, each taint specification relating one or more sources of data to one or more data sinks;
      
      generating one or more taint flows based on each taint specification, the one or more taint flows being a data path and associated data values between a source of data and a data sink;
      
      matching one or more features and associated feature values from the one or more taint flows to a set of feature templates; and
      
      correlating the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify the set of privacy relevant features and associated feature values.
  - 16. The computer system of claim 15, wherein the set of feature templates includes at least one of a plurality of keywords, a plurality of channel properties, and a plurality of data transformations.
  - 17. The computer system of claim 15, wherein the processor is further configured to correlate the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs by:
    - grouping the matched features based on similarity of features and associated feature values; and
      
      annotating each group as privacy relevant or privacy irrelevant.
  - 18. The computer system of claim 15, wherein the processor is further configured to correlate the one or more matched features and associated feature values with respective privacy relevance of the plurality of custom APIs by:
    - annotating each instance of each custom API as privacy relevant or privacy irrelevant; and
      
      identifying features and associated feature values of privacy relevant instances of the plurality of custom APIs as the set of privacy relevant features.
  - 19. The computer system of claim 14, wherein the computer system further comprises a user output device;
    - wherein the processor is further configured to output an indication of the privacy relevance of the candidate API via the user output device.
  - 20. The computer system of claim 14, wherein the processor is further configured to analyze the set of input applications by searching respective abstract syntax trees, each representative of one of the set of input applications, to identify the plurality of custom APIs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ionescu, Paul, Onut, Iosif V., Tripp, Omer

Granted Patent

US 9,940,479 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2246   Trees, e.g. B+trees

G06F 16/285   Clustering or classification

G06F 16/9535   Search customisation based ...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

IDENTIFYING AND TRACKING SENSITIVE DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTIFYING AND TRACKING SENSITIVE DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links