Framework for efficient security coverage of mobile software applications
First Claim
1. A method for automatically analyzing an application by one or more hardware processors executing instructions that perform operations comprising:
- receiving the application that includes code;
identifying a region of interest of the application based on rules or analysis of the application, the identifying of the region of interest includes analyzing a portion of the code of the application and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause an improper state transition when executed;
determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest;
applying the stimuli to the application; and
monitoring one or more behaviors of the application by a central intelligence engine during virtual execution of the application in response to the applied stimuli to determine whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code, wherein the central intelligence engine being processed by a hardware processor of the one or more hardware processors.
7 Assignments
0 Petitions
Accused Products
Abstract
A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application'"'"'s execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application'"'"'s run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
Citations
48 Claims
-
1. A method for automatically analyzing an application by one or more hardware processors executing instructions that perform operations comprising:
-
receiving the application that includes code; identifying a region of interest of the application based on rules or analysis of the application, the identifying of the region of interest includes analyzing a portion of the code of the application and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause an improper state transition when executed; determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest; applying the stimuli to the application; and monitoring one or more behaviors of the application by a central intelligence engine during virtual execution of the application in response to the applied stimuli to determine whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code, wherein the central intelligence engine being processed by a hardware processor of the one or more hardware processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for automatically analyzing an application by one or more hardware processors executing instructions that perform operations comprising:
-
identifying a region of interest of the application, the region of interest corresponds to one or more parts of code of the application that are considered to potentially include improperly behaving code that either (i) represents an inappropriate code structure or (ii) causes an improper state transition when executed; determining specific stimuli that will cause one or more state transitions to occur for the application so that the application commences processing of code associated with the region of interest; applying the stimuli to the application; monitoring one or more behaviors of the application during virtual execution of the code associated with the region of interest in response to the applied stimuli; and determining, by a central intelligence engine, whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
15. A system comprising:
-
one or more hardware processors; and a memory coupled to the one or more hardware processors, the memory comprises a static instrumentation engine that, when executed by the one or more hardware processors, is configured to (i) identify a region of interest for an application under test that includes a portion of code that represents an inappropriate code structure or would cause an improper state transition, (ii) determine specific stimuli that causes one or more state transitions within the application to reach the region of interest, and (iii) applying the stimuli to the application, a dynamic run time environment that, when executed by the one or more hardware processors, is configured to conduct virtual execution of the application and monitoring one or more behaviors of the application during virtual execution of the application in response to the applied stimuli, and a central intelligence engine that, when executed by the one or more hardware processors, is configured to determine, in response to information associated with the one or more behaviors monitored during virtual execution of the application, whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
16. A method for automatically analyzing an application by one or more hardware processors executing instructions that perform operations comprising:
-
generating one or more machine learned rules; identify a region of interest of an application based on at least the one or more machine learned rules, the identifying of the region of interest includes analyzing a portion of code of the application and identifying that the portion of code either (i) represents an inappropriate code structure or (ii) would cause an improper state transition upon execution; configuring one or more monitors for the application to be enabled in a run time environment of the application; determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest; and applying the stimuli to the application; observing behaviors of the application during virtual processing within a virtual machine operating within the run time environment; and determining, by a central intelligence engine, whether the region of interest corresponds to improperly behaving code. - View Dependent Claims (17, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification