Systematic approach to uncover visual ambiguity vulnerabilities
First Claim
1. A system comprising:
- memory;
one or more processors;
a subsystem stored in the memory and executed by the one or more processors, the subsystem to;
analyze a formal model of a graphical user interface (GUI) of the system, the formal model comprised of a user action sequence, an execution context, and system state; and
generate a map of one or more expected visual invariants corresponding to one or more defined program invariants associated with at least one of an address bar or a status bar of the GUI;
execute a search by applying events on a portion of logic of the GUI associated with at least one of the one or more defined program invariants to determine an occurrence of a violation of the map associated with at least one of the address bar or the status bar corresponding to the user action sequence, the execution context and the system state;
construct a visual spoofing scenario based in part on one or more of the events associated with the violation; and
output the spoofing scenario.
2 Assignments
0 Petitions
Accused Products
Abstract
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
27 Citations
12 Claims
-
1. A system comprising:
-
memory; one or more processors; a subsystem stored in the memory and executed by the one or more processors, the subsystem to; analyze a formal model of a graphical user interface (GUI) of the system, the formal model comprised of a user action sequence, an execution context, and system state; and generate a map of one or more expected visual invariants corresponding to one or more defined program invariants associated with at least one of an address bar or a status bar of the GUI; execute a search by applying events on a portion of logic of the GUI associated with at least one of the one or more defined program invariants to determine an occurrence of a violation of the map associated with at least one of the address bar or the status bar corresponding to the user action sequence, the execution context and the system state; construct a visual spoofing scenario based in part on one or more of the events associated with the violation; and output the spoofing scenario. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer implemented method comprising:
-
analyzing a formal model of a graphical user interface (GUI) of a system, the formal model comprised of a user action sequence, an execution context, and system state; generating a map of one or more expected visual invariants corresponding to one or more defined program invariants associated with at least one of an address bar or a status bar of the GUI; executing a search by applying event sequences on a portion of logic of the GUI associated with at least one of the one or more defined program invariants to identify an occurrence of a violation of the map associated with at least one of the address bar or the status bar corresponding to the user action sequence, the execution context and the system state; constructing a visual spoofing scenario based in part on one or more of the event sequences associated with the violation; and outputting the spoofing scenario. - View Dependent Claims (8, 9, 10, 11)
-
-
12. One or more computer storage devices having executable instructions stored thereon, that when executed by one or more processors, implement a method comprising:
-
analyzing a formal model of a graphical user interface (GUI), the formal model comprising a machine generated user action sequence, an execution context and system state; generating a map of one or more expected visual invariants corresponding to one or more defined program invariants associated with at least one of an address bar or a status bar of the GUI; executing a search by applying input entries on a portion of logic of the GUI associated with at least one of the one or more defined program invariants to identify an occurrence of a violation of the map associated with at least one of the address bar or the status bar corresponding to the user action sequence, the execution context and the system state; and constructing a visual spoofing scenario based in part on one or more of the input entries associated with the violation.
-
Specification