SECURITY ENFORCEMENT IN THE PRESENCE OF DYNAMIC CODE LOADING

US 20170169212A1
Filed: 12/09/2015
Published: 06/15/2017
Est. Priority Date: 12/09/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy;

applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification;

rejecting said program if it is determined by said static program analysis as being incompatible with said security specification;

if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and

indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method (and structure) for enforcing a security policy includes retrieving from a memory a program to be verified against a security policy and a security specification defining the security policy. A static program analysis is performed on the program, using a processor on a computer, to determine whether the program is compatible with the security specification. The program is rejected if the program is determined by the static program analysis as being incompatible with the security specification. If the program is determined during the static program analysis as compatible with the security specification under static analysis criteria, then building a call-graph representation of the program for use to evaluate any dynamically-loaded code during an execution of the program. Any paths, if any, of the call-graph representation that reach at least one policy-relevant operation is marked.

Citations

11 Claims

1. A method, comprising:
- retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy;
  
  applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification;
  
  rejecting said program if it is determined by said static program analysis as being incompatible with said security specification;
  
  if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and
  
  indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - during any of a dynamic loading of code during an execution of said program, determining whether any said paths of said call-graph representation indicated as reaching at least one policy-relevant operation have been dynamically loaded;
      
      if it is determined that no paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, determining that said dynamic loading is verified for said security policy; and
      
      if it is determined that any paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, then determining whether each said dynamically-loaded path is compatible with said security policy.
  - 3. The method of claim 2, further comprising:
    - if it is determined that all paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are compatible with said security specification, determining that said dynamic loading is verified for said security policy; and
      
      rejecting said program if it is determined that any of said paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are incompatible with said security specification.

4. An apparatus comprising:
- a processor; and
  
  a memory system accessible to said processor,wherein said memory system has stored therein a set of computer-readable instructions that instruct said processor to execute a method for verifying a program for compliance with a security policy, said method comprising;
  
  retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy;
  
  applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification;
  
  rejecting said program if it is determined by said static program analysis as being incompatible with said security specification;
  
  if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and
  
  indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation.
- View Dependent Claims (5, 6, 7)
- - 5. The apparatus of claim 4, wherein said method further comprises:
    - during any of a dynamic loading of code during an execution of said program, determining whether any said paths of said call-graph representation indicated as reaching at least one policy-relevant operation have been dynamically loaded;
      
      if it is determined that no paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, determining that said dynamic loading is verified for said security policy; and
      
      if it is determined that any paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, then determining whether each said dynamically-loaded path is compatible with said security policy.
  - 6. The apparatus of claim 5, wherein said method further comprises:
    - if it is determined that all paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are compatible with said security specification, determining that said dynamic loading is verified for said security policy; and
      
      rejecting said program if it is determined that any of said paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are incompatible with said security specification.
  - 7. The apparatus of claim 6, as comprising one of a mobile device, a desktop computer, a server on a network, and a computer providing a cloud service.

8. A non-transitory storage medium having tangibly embodied thereon a set of computer-readable claims that cause a computer to execute a method for enforcing a security policy, said method comprising:
- retrieving from a memory a program to be verified against a security policy and a security specification defining said security policy;
  
  applying a static program analysis on said program, using a processor on a computer, to determine whether said program is compatible with said security specification;
  
  rejecting said program if it is determined by said static program analysis as being incompatible with said security specification;
  
  if said program is determined during said static program analysis as compatible with said security specification under static analysis criteria, then building a call-graph representation of said program for use to evaluate any dynamically-loaded code during an execution of said program; and
  
  indicating which paths, if any, of said call-graph representation reach at least one policy-relevant operation.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory storage medium of claim 8, wherein said method further comprises:
    - during any of a dynamic loading of code during an execution of said program, determining whether any said paths of said call-graph representation indicated as reaching at least one policy-relevant operation have been dynamically loaded;
      
      if it is determined that no paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, determining that said dynamic loading is verified for said security policy; and
      
      if it is determined that any paths indicated as reaching at least one policy-relevant operation have been dynamically loaded, then determining whether each said dynamically-loaded path is compatible with said security policy.
  - 10. The non-transitory storage medium of claim 9, wherein said method further comprises:
    - if it is determined that all paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are compatible with said security specification, determining that said dynamic loading is verified for said security policy; and
      
      rejecting said program if it is determined that any of said paths indicated as reaching at least one policy-relevant operation and have been dynamically loaded are incompatible with said security specification.
  - 11. The non-transitory storage medium of claim 10, as comprising one of:
    - a memory in a processor-based device that stores programs that can selectively-executed by a processor in said processor-based device or that can be selectively transmitted to another processor-based device via a network;
      
      a memory of said processor-based device that stores programs currently being executed by said processor-based device; and
      
      a standalone memory device that can be selectively inserted into an input port of said processor-based device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
PISTOIA, Marco, BELLO, Luciano, FERRARA, Pietro, TRIPP, Omer

Granted Patent

US 10,296,737 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

SECURITY ENFORCEMENT IN THE PRESENCE OF DYNAMIC CODE LOADING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY ENFORCEMENT IN THE PRESENCE OF DYNAMIC CODE LOADING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links