SECURITY ENFORCEMENT IN THE PRESENCE OF DYNAMIC CODE LOADING
First Claim
1. A method, comprising:
- retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy;
applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification;
rejecting said program if it is determined by said static program analysis as being incompatible with said security specification;
if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and
indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation.
1 Assignment
0 Petitions
Accused Products
Abstract
A method (and structure) for enforcing a security policy includes retrieving from a memory a program to be verified against a security policy and a security specification defining the security policy. A static program analysis is performed on the program, using a processor on a computer, to determine whether the program is compatible with the security specification. The program is rejected if the program is determined by the static program analysis as being incompatible with the security specification. If the program is determined during the static program analysis as compatible with the security specification under static analysis criteria, then building a call-graph representation of the program for use to evaluate any dynamically-loaded code during an execution of the program. Any paths, if any, of the call-graph representation that reach at least one policy-relevant operation is marked.
-
Citations
11 Claims
-
1. A method, comprising:
-
retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy; applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification; rejecting said program if it is determined by said static program analysis as being incompatible with said security specification; if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation. - View Dependent Claims (2, 3)
-
-
4. An apparatus comprising:
-
a processor; and a memory system accessible to said processor, wherein said memory system has stored therein a set of computer-readable instructions that instruct said processor to execute a method for verifying a program for compliance with a security policy, said method comprising; retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy; applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification; rejecting said program if it is determined by said static program analysis as being incompatible with said security specification; if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation. - View Dependent Claims (5, 6, 7)
-
-
8. A non-transitory storage medium having tangibly embodied thereon a set of computer-readable claims that cause a computer to execute a method for enforcing a security policy, said method comprising:
-
retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy; applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification; rejecting said program if it is determined by said static program analysis as being incompatible with said security specification; if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation. - View Dependent Claims (9, 10, 11)
-
Specification