Framework For Efficient Security Coverage Of Mobile Software Applications
First Claim
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
- one or more hardware processors; and
a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of application instance that includes code by analyzing a portion of the code of the application instance and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause an improper state transition when executed, (b) determine specific stimuli that will cause one or more state transitions within the application instance to reach the region of interest, and (c) apply the stimuli to the application instance to allow for subsequent monitoring of one or more behaviors resulting from execution of the code of the application instance at the region of interest within a run-time environment including one or more virtual machines.
5 Assignments
0 Petitions
Accused Products
Abstract
A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application'"'"'s execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application'"'"'s run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
136 Citations
20 Claims
-
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
-
one or more hardware processors; and a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of application instance that includes code by analyzing a portion of the code of the application instance and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause an improper state transition when executed, (b) determine specific stimuli that will cause one or more state transitions within the application instance to reach the region of interest, and (c) apply the stimuli to the application instance to allow for subsequent monitoring of one or more behaviors resulting from execution of the code of the application instance at the region of interest within a run-time environment including one or more virtual machines. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 12)
-
-
2. The system of claim 2, wherein the central intelligence engine, upon execution by the one or more hardware processors, identifies the region of interest by at least analyzing the portion of code of the application instance to determine if the portion of the code violates one or more rules.
-
13. A method for automatically analyzing an application instance by one or more hardware processors executing software that perform operations comprising:
-
identifying a region of interest of the application instance based on an analysis of code of the application instance in response to execution of the software by the one or more hardware processors, the region of interest corresponds to one or more parts of the code of the application instance that, are considered to potentially include improperly behaving code that either (i) represents an inappropriate code structure or (ii) causes an improper state transition when executed; determining, during execution of the software by the one or more hardware processors, specific stimuli that causes one or more state transitions to occur; applying, during execution of the software by the one or more hardware processors, the stimuli to the application instance so that the application instance commences processing of the one or more parts of code of the application instance that is associated with the region of interest; monitoring, during execution of the software by the one or more hardware processors, one or more behaviors of the application instance during processing of the one or more parts of code of the application instance that is associated with the region of interest within one or more virtual machines in response to the applied stimuli; and determining, during execution of the software by the one or more hardware processors, whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification