Detection of vulnerabilities in computer systems
First Claim
1. A method for detecting a presence of at least one vulnerability in a software application, the method comprising:
- modifying instructions of the software application to instrument a method by;
parsing binary instructions of the software application associated with the method as the binary instructions are being loaded from a storage device; and
installing, by one or more processors, at least one monitor to the parsed binary instructions of the software application associated with the method before the parsed binary instructions of the software application are executed by the same one or more processors, wherein the at least one monitor is inserted at non-random locations within the binary instructions, and wherein the at least one monitor is adapted to generate an action snapshot of data or control flow pattern of the instrumented method whenever the instrumented method is invoked;
storing the action snapshot of with other stored action snapshots generated by the at least one monitor during execution of the software application whenever the instrument method is invoked;
analyzing, from within the same software application, the stored action snapshots;
based on the analysis, detecting the presence of at least one vulnerability in the software application, each of the at least one vulnerability defined by a particular security rule to identify a vulnerable data or control flow pattern of the unparsed binary instructions, the vulnerable data or control flow pattern rendering the software application more likely to perform actions unintended by the software application when executed by the same one or more processors; and
reporting the presence of the at least one vulnerability in the software application as detected based on the analysis of the stored action snapshots.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.
-
Citations
22 Claims
-
1. A method for detecting a presence of at least one vulnerability in a software application, the method comprising:
-
modifying instructions of the software application to instrument a method by; parsing binary instructions of the software application associated with the method as the binary instructions are being loaded from a storage device; and installing, by one or more processors, at least one monitor to the parsed binary instructions of the software application associated with the method before the parsed binary instructions of the software application are executed by the same one or more processors, wherein the at least one monitor is inserted at non-random locations within the binary instructions, and wherein the at least one monitor is adapted to generate an action snapshot of data or control flow pattern of the instrumented method whenever the instrumented method is invoked; storing the action snapshot of with other stored action snapshots generated by the at least one monitor during execution of the software application whenever the instrument method is invoked; analyzing, from within the same software application, the stored action snapshots; based on the analysis, detecting the presence of at least one vulnerability in the software application, each of the at least one vulnerability defined by a particular security rule to identify a vulnerable data or control flow pattern of the unparsed binary instructions, the vulnerable data or control flow pattern rendering the software application more likely to perform actions unintended by the software application when executed by the same one or more processors; and reporting the presence of the at least one vulnerability in the software application as detected based on the analysis of the stored action snapshots. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for detecting vulnerabilities in a software application, the system comprising:
-
an instrumentation module structured and arranged to modify instructions of the software application to instrument a method by; parsing binary instructions of the software application associated with the method as the binary instructions are being loaded from a storage device; and installing, by one or more processors, at least one monitor to the parsed binary instructions of the software application before the parsed binary instructions of the software application are executed by the same one or more processors, wherein the at least one monitor is inserted at non-random locations within the binary instructions, and wherein the at least one monitor is adapted to generate an action snapshot of data or control flow pattern of the instrumented method whenever the instrumented method is invoked; a tracking module structured and arranged to; store the action snapshot with other stored action snapshots generated by the at least one monitor during execution of the software application whenever the instrument method is invoked; analyze, from within the same software application, the stored action snapshots, and based on the analysis, detect a presence of at least one vulnerability in the software application, each of the at least one vulnerability defined by a particular security rule to identity a vulnerable data or control flow pattern of the unparsed binary instructions, the vulnerable data or control flow pattern rendering the software application more likely to perform actions unintended by the software application when executed on the same one or more processors; and a reporting module structured and arranged to report the presence of at least one vulnerability in the software application as detected based on the analysis of the stored action snapshots. - View Dependent Claims (18, 19)
-
-
20. A non-transitory computer readable medium including stored executable instructions for detecting at least one vulnerability in an software application executing on at least one processor, the medium comprising instructions for causing the processor to:
-
modify instructions of the software application to instrument a method by; parsing binary instructions of the software application associated with the method as the binary instructions of the software application are being loaded from a storage device; and installing, by one or more processors, at least one monitor to the parsed binary instructions of the software application associated with the method before the parsed binary instructions of the software application are executed by the same one or more processors, wherein the at least one monitor is inserted at non-random locations within the binary instructions, and wherein the at least one monitor is adapted to generate an action snapshot of data or control flow pattern of the instrumented method whenever the instrumented method is invoked an action performed by the software application, wherein the action snapshot includes at least some data associated with the action; store the action snapshot with other stored action snapshots generated by the at least one monitor during the execution of the software application whenever the instrument method is invoked; analyze, from within the same software application, the stored action snapshots; based on the analysis, detecting the presence of at least one vulnerability in the software application, each of the at least one vulnerability defined by a particular security rule to identify a vulnerable data or control flow pattern of the unparsed binary instructions, the vulnerable data or control flow pattern rendering the software application more likely to perform actions unintended by the software application when executed by the same one or more processors; and report the presence of at least one vulnerability in the software application as detected based on the analysis of the stored action snapshots. - View Dependent Claims (21, 22)
-
Specification