Method and system for application-based policy monitoring and enforcement on a mobile device

US 8,844,036 B2
Filed: 03/02/2012
Issued: 09/23/2014
Est. Priority Date: 03/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

with at least one computing device;

selecting a self-contained application package for security and/or privacy repackaging, the application package comprising an executable software application, the selecting in response to a user selecting a user interface element representative of the application package;

processing the selected application package to obtain a plurality of executable components of the software application;

creating, without modifying or replacing any of the executable components of the software application, a self-contained repackaged application package, the repackaged application package comprising the executable components of the software application, non-operating system redirecting code, and intercepting code;

storing the self-contained repackaged application package on the computing device;

activating the repackaged application package in response to the user selecting a user interface element representative of the repackaged application package;

in response to activating the repackaged application package and prior to executing the software application, executing the redirecting code to (i) store an address associated with an operating system interface object callable by the software application during execution of the software application and (ii) replace the address associated with the operating system interface object with an address of the intercepting code; and

during execution of the software application, in response to a system call by the software application to the operating system interface object, executing the intercepting code to (i) process an argument of the system call for use by application monitoring code, (ii) pass the processed argument to the application monitoring code, and (iii) with the application monitoring code, determine whether the software application is attempting to use the system call to perform a potentially unauthorized activity based on a security and/or privacy policy.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

84 Citations

View as Search Results

20 Claims

1. A method comprising:
- with at least one computing device;
  
  selecting a self-contained application package for security and/or privacy repackaging, the application package comprising an executable software application, the selecting in response to a user selecting a user interface element representative of the application package;
  
  processing the selected application package to obtain a plurality of executable components of the software application;
  
  creating, without modifying or replacing any of the executable components of the software application, a self-contained repackaged application package, the repackaged application package comprising the executable components of the software application, non-operating system redirecting code, and intercepting code;
  
  storing the self-contained repackaged application package on the computing device;
  
  activating the repackaged application package in response to the user selecting a user interface element representative of the repackaged application package;
  
  in response to activating the repackaged application package and prior to executing the software application, executing the redirecting code to (i) store an address associated with an operating system interface object callable by the software application during execution of the software application and (ii) replace the address associated with the operating system interface object with an address of the intercepting code; and
  
  during execution of the software application, in response to a system call by the software application to the operating system interface object, executing the intercepting code to (i) process an argument of the system call for use by application monitoring code, (ii) pass the processed argument to the application monitoring code, and (iii) with the application monitoring code, determine whether the software application is attempting to use the system call to perform a potentially unauthorized activity based on a security and/or privacy policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the computing device comprises at least one computer-accessible medium and an operating system stored in the at least one computer-accessible medium, the method creating the self-contained repackaged application package and storing the self-contained repackaged application package on the computing device without modifying the operating system.
  - 3. The method of claim 1, wherein the components of the software application comprise unsecured compiled components and the redirecting code comprises at least one compiled component configured to secure the software application against potentially unauthorized activity.
  - 4. The method of claim 1, comprising creating a single executable file based on the components of the software application and the redirecting code without modifying the components of the software application.
  - 5. The method of claim 1, comprising configuring the repackaged application package so that after the software application is started, the redirecting code executes prior to executing the software application.
  - 6. The method of claim 1, wherein the software application is embodied in a first software application package comprising a manifest file, the method comprising updating the manifest file to cause the redirecting code to execute after the software application is started and prior to execution of the software application.
  - 7. The method of claim 1, wherein the software application is embodied in a first software application package and the first software application package comprises a first digital certificate, comprising signing the software application package with a second digital certificate.
  - 8. The method of claim 1, wherein the computing device comprises a device-specific security system, the method comprising installing the repackaged software application package on the computing device without modifying the device-specific security system.
  - 9. The method of claim 1, comprising receiving input from a user of the computing device and defining the security and/or privacy policy based on the input from the user.
  - 10. The method of claim 1, comprising defining a security and/or privacy policy relating to at least one of:
    - application security, application performance, device security, privacy, network security, privilege escalation, a sequence of events, native code, and non-native code.
  - 11. The method of claim 1, comprising downloading the repackaged application package to a mobile computing device.
  - 12. The method of claim 1, comprising creating a mapping table associating a plurality of operating system interface objects referenced by the software application during execution of the software application with memory addresses assigned to the operating system interface objects.
  - 13. The method of claim 12, comprising updating the mapping table to associate the operating system interface objects with one or more memory addresses of the intercepting code.
  - 14. The method of claim 1, comprising, with the intercepting code, extracting a parameter embedded in the argument of the system call and reconstructing the extracted parameter for use by the application monitoring code.

15. A method comprising:
- with at least one computing device;
  
  processing an original application package, the original application package comprising a software application executable by a mobile device to obtain a plurality of executable components of the software application;
  
  with an application repackager, associating redirecting code with at least one of the executable components of the software application without modifying or replacing any of the executable components of the software application, the redirecting code configured to;
  
  after the software application is launched by a user and prior to execution of the software application, change a dynamic link to an external function that is called by the software application during execution of the software application to point to a memory location of application monitoring code, and during execution of the software application follow the changed dynamic link to evaluate a call to the external function using the application monitoring code;
  
  creating a new self-contained executable software application package comprising the components of the software application, the redirecting code, and the application monitoring code, wherein the new self-contained executable software application package is configured to be executed on the mobile device in response to a user activation of a user interface element representative of the new self-contained executable software application package; and
  
  defining a runtime priority of the components of the software application and the redirecting code to execute the redirecting code after the user activation of the user interface element and prior to the execution of the software application.
- View Dependent Claims (16)
- - 16. The method of claim 15, comprising preserving the memory location of the dynamically-linked external function prior to changing the dynamic link.

17. A method comprising, with at least one computing device:
- selecting a self-contained application package for security and/or privacy repackaging, the application package comprising an executable software application, the selecting in response to a user selecting a user interface element representative of the application package;
  
  creating, without modifying or replacing any executable components of the software application, a self-contained repackaged application package, the repackaged application package comprising the executable components of the software application, non-operating system redirecting code, and intercepting code;
  
  activating the repackaged application package in response to a user selecting a user interface element representative of the repackaged application package;
  
  in response to activating the repackaged application package and prior to executing the software application, executing the redirecting code to replace an address associated with an operating system interface object callable by the software application during execution of the software application with an address of the intercepting code; and
  
  during execution of the software application, in response to a system call by the software application to the operating system interface object, executing the intercepting code to pass an argument of the system call to application monitoring code, and, with the application monitoring code, determine whether the software application is attempting to use the system call to perform a potentially unauthorized activity based on a security and/or privacy policy.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, comprising transferring the repackaged application package to a mobile computing device.
  - 19. The method of claim 17, comprising mapping the operating system interface object with a memory address assigned to the operating system interface object.
  - 20. The method of claim 17, comprising changing a dynamic link to the operating system object to point to a memory location of the application monitoring code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Saidi, Hassen, Xu, Rubin
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US13/411,072
Publication Number

US 20130232540A1
Time in Patent Office

935 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/37   Managing security policies ...

H04W 88/02   Terminal devices

Method and system for application-based policy monitoring and enforcement on a mobile device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for application-based policy monitoring and enforcement on a mobile device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links