Obfuscating trace data

US 9,021,262 B2
Filed: 01/25/2013
Issued: 04/28/2015
Est. Priority Date: 01/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer processor on a first device, said method comprising:

executing an application, said application processing data objects;

with a tracer which obtains data from instrumentation in the application when an instrumentation condition instructs the tracer to monitor at least one of debugging data and performance data with respect to the application, and while said application is executing, and when the instrumentation condition occurs, monitoring a first function within said application, said first function receiving a first data object and returning a second data object;

identifying said first data object as being passed to said first function;

identifying said second data object as being returned from said first function;

while not obfuscating a name of the first function, selectively obfuscating said first data object to create a first obfuscated data object;

while not obfuscating the name of the first function, selectively obfuscating said second data object to create a second obfuscated data object; and

storing said first obfuscated data object and said second obfuscated data object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tracer may obfuscate trace data such that the trace data may be used in an unsecure environment even though raw trace data may contain private, confidential, or other sensitive information. The tracer may obfuscate using irreversible or lossy hash functions, look up tables, or other mechanisms for certain raw trace data, rendering the obfuscated trace data acceptable for transmission, storage, and analysis. In the case of parameters passed to and from a function, trace data may be obfuscated as a group or as individual parameters. The obfuscated trace data may be transmitted to a remote server in some scenarios.

Citations

22 Claims

1. A method performed by a computer processor on a first device, said method comprising:
- executing an application, said application processing data objects;
  
  with a tracer which obtains data from instrumentation in the application when an instrumentation condition instructs the tracer to monitor at least one of debugging data and performance data with respect to the application, and while said application is executing, and when the instrumentation condition occurs, monitoring a first function within said application, said first function receiving a first data object and returning a second data object;
  
  identifying said first data object as being passed to said first function;
  
  identifying said second data object as being returned from said first function;
  
  while not obfuscating a name of the first function, selectively obfuscating said first data object to create a first obfuscated data object;
  
  while not obfuscating the name of the first function, selectively obfuscating said second data object to create a second obfuscated data object; and
  
  storing said first obfuscated data object and said second obfuscated data object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising:
    - transmitting said first obfuscated data object and said second obfuscated data object to a remote device for analysis.
  - 3. The method of claim 2 further comprising:
    - receiving analysis results from said remote device, said analysis results comprising said first obfuscated data object.
  - 4. The method of claim 3 further comprising:
    - determining said first data object from said first obfuscated data object.
  - 5. The method of claim 4 further comprising:
    - storing said first data object and said first obfuscated data object as a record in a lookup database.
  - 6. The method of claim 5, said first data object being obfuscated by performing a lossy hash function on said first data object.
  - 7. The method of claim 5, said first data object being obfuscated by creating a randomized representation of said first data object.
  - 8. The method of claim 4, said first obfuscated data object being determined by encrypting said first data object.
  - 9. The method of claim 8, said first data object being determined from said first obfuscated data object by decrypting said first obfuscated data object.
  - 10. The method of claim 9, said encrypting being performed using a public key/private key encryption system.
  - 11. The method of claim 1:
    - identifying a third data object being passed to said first function along with said first data object; and
      
      creating said first obfuscated data object comprising said first data object and said third data object.
  - 12. The method of claim 1:
    - identifying a third data object being passed to said first function along with said first data object; and
      
      creating a third obfuscated data object comprising said third data object.

13. A system comprising:
- a processor, said processor being a hardware processor;
  
  an execution environment that executes an application using said processor, said execution environment having a process scheduler;
  
  a tracer that monitors said application during execution in said execution environment to obtain at least one of debugging data and performance data with respect to the application when an instrumentation condition occurs, said tracer that gathers actions performed by said process scheduler when the instrumentation condition occurs, one of said actions comprising function calls having input parameters and output parameters;
  
  an obfuscator that receives said input parameters and selectively creates obfuscated input parameters, and receives said output parameter and selectively creates obfuscated output parameters while not obfuscating a function name related to such input parameters;
  
  a communicator that transmits said obfuscated input parameters and said obfuscated output parameters and said function name to a remote device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13 further comprising:
    - a storage device that stores said obfuscated input parameters and said obfuscated output parameters in a storage device.
  - 15. The system of claim 13, said obfuscator creating said obfuscated input parameters by executing a hash function.
  - 16. The system of claim 13, said obfuscator creating a lookup database comprising a record comprising a first obfuscated input parameter and a first raw input parameter.
  - 17. The system of claim 13, said obfuscator that creates a single obfuscated input parameter from a plurality of input parameters passed to a first function.

18. A method comprising:
- executing an application in a first secure location, said application processing confidential data, said application further comprising a first function receiving a first confidential parameter;
  
  during said executing, tracing said application within said first secure location to obtain at least one of debugging data and performance data with respect to the application when an instrumentation condition occurs, and when said instrumentation occurs, said tracing comprising identifying said first function and said first confidential parameter;
  
  selectively obfuscating said first confidential parameter to create a first obfuscated parameter while not obfuscating a function name related to the first confidential parameter; and
  
  transmitting said first obfuscated parameter and the function name to a remote device, said remote device being located outside of said first secure location.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, said name being transmitted in a cleartext manner.
  - 20. The method of claim 18 further comprising:
    - receiving an optimization file comprising said first obfuscated parameter;
      
      determining said first confidential parameter from said first obfuscated parameter; and
      
      consuming said optimization file while executing said application.
  - 21. The method of claim 20 further comprising:
    - creating a record in a database comprising said first confidential parameter and said first obfuscated parameter.
  - 22. The method of claim 21, said obfuscating comprising executing a lossy hash function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Concurix Corporation
Inventors
Krajec, Russell S.
Primary Examiner(s)
Reza, Mohammad W

Application Number

US13/751,000
Publication Number

US 20140019756A1
Time in Patent Office

823 Days
Field of Search

713/167
US Class Current

713/167
CPC Class Codes

G06F 11/3404   for parallel or distributed...

G06F 11/3409   for performance assessment

G06F 11/3466   Performance evaluation by t...

G06F 21/52   during program execution, e...

G06F 21/6245   Protecting personal data, e...

G06F 2201/865   Monitoring of software

H04L 41/069   using logs of notifications...

H04L 41/28   Restricting access to netwo...

H04L 43/04   Processing captured monitor...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 67/34   involving the movement of s...

H04L 69/40   for recovering from a failu...

Obfuscating trace data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Obfuscating trace data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links