Method and system for protecting data flow at a mobile device

US 9,210,194 B2
Filed: 05/20/2015
Issued: 12/08/2015
Est. Priority Date: 06/29/2012
Status: Active Grant

First Claim

Patent Images

1. A data flow policy evaluation system for a mobile computing device embodied as executable instructions in one or more non-transitory machine-accessible storage media, comprising:

one or more hardware processors coupled to the media and executable by the one or more hardware processors;

a system call monitor to monitor system calls made by a plurality of security-wrapped software applications during execution of the security-wrapped software applications at the mobile computing device; and

a data flow policy engine to generate policy decisions to enable the security-wrapped software applications to prevent the execution of system calls that would violate a data flow policy, wherein the data flow policy defines security labels, associates data flow policies with the security labels, and associates data objects with the security labels, and the data flow policy engine is configured to;

associate an executing process of a security-wrapped software application with a security label in response to the process accessing a data object having the security label; and

associate another executing process with the security label in response to wherein the other executing process is in communication with the executing process;

wherein the data flow policy engine further defines each security label as either public or private;

wherein the system permits the executing instance of the security-wrapped software application to write data associated with a public security label only when;

the security-wrapped software application has not read data associated with a private security label; and

the security-wrapped software application has not written data associated with the private security label.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for evaluating and enforcing a data flow policy at a mobile computing device includes a data flow policy engine to evaluate data access requests made by security-wrapped software applications running on the mobile device and prevent the security-wrapped software applications from violating the data flow policy. The data flow policy defines a number of security labels that are associated with data objects. A software application process may be associated with a security label if the process accesses data having the security label or the process is in communication with another process that has accessed data having the security label.

Citations

15 Claims

1. A data flow policy evaluation system for a mobile computing device embodied as executable instructions in one or more non-transitory machine-accessible storage media, comprising:
- one or more hardware processors coupled to the media and executable by the one or more hardware processors;
  
  a system call monitor to monitor system calls made by a plurality of security-wrapped software applications during execution of the security-wrapped software applications at the mobile computing device; and
  
  a data flow policy engine to generate policy decisions to enable the security-wrapped software applications to prevent the execution of system calls that would violate a data flow policy, wherein the data flow policy defines security labels, associates data flow policies with the security labels, and associates data objects with the security labels, and the data flow policy engine is configured to;
  
  associate an executing process of a security-wrapped software application with a security label in response to the process accessing a data object having the security label; and
  
  associate another executing process with the security label in response to wherein the other executing process is in communication with the executing process;
  
  wherein the data flow policy engine further defines each security label as either public or private;
  
  wherein the system permits the executing instance of the security-wrapped software application to write data associated with a public security label only when;
  
  the security-wrapped software application has not read data associated with a private security label; and
  
  the security-wrapped software application has not written data associated with the private security label.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, comprising an access interceptor configured to prevent the security-wrapped software application from executing any system call that would violate the data flow policy.
  - 3. The system of claim 1, wherein the other executing process is a software application process invoked by the executing process.
  - 4. The system of claim 1, wherein the data flow policy engine associates the other executing process with the security label in response to the other executing process reading data from memory to which data has been written by the executing process.

5. A system for evaluating data access requests at a mobile computing device, embodied as executable instructions in one or more non-transitory machine-accessible storage media, comprising:
- one or more hardware processors coupled to the media and executable by the one or more hardware processors;
  
  a system call monitor to monitor system calls relating to data accesses made by an instance of a security-wrapped software application executing on the mobile computing device; and
  
  a data flow policy engine to;
  
  associate data access tracking data with the instance of the security-wrapped software application, wherein the data access tracking data relates to data objects accessed by the instance and security labels associated with the data objects, and the security labels indicate conflicts of interest between or among the data objects; and
  
  generate data flow policy decisions based on the data access tracking data, wherein the policy decisions are based on and in response to one or more current and one or more previous data accesses made by the instance;
  
  wherein the data flow policy engine further defines each security label as either public or private;
  
  wherein the system permits the executing instance of the security-wrapped software application to write data associated with a public security label only when;
  
  the security-wrapped software application has not read data associated with a private security label; and
  
  the security-wrapped software application has not written data associated with the private security label.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The system of claim 5, wherein the data flow policy engine stores data access tracking data associated with each instance of the security-wrapped software application.
  - 7. The system of claim 5, wherein the data access tracking data indicates data that has been read by the executing instance of the security-wrapped software application, data that is currently being read by the instance, and data that has been written by the instance.
  - 8. The system of claim 7, wherein the data flow policy engine separately associates data access tracking data with each instance of the security-wrapped software application.
  - 9. The system of claim 7, wherein the system permits the executing instance of the security-wrapped software application to read data associated with a security label only in response to wherein the instance has not read data associated with another security label that is in conflict with the security label.
  - 10. The system of claim 7, wherein the system permits the executing instance of the security-wrapped software application to read data associated with a plurality of security labels only in response to wherein the instance is authorized to read data associated with each of security labels.
  - 11. The system of claim 7, wherein the system permits the executing instance of the security-wrapped software application to read data associated with a plurality of security labels even if the instance is not authorized to read data associated with each of the security labels, in response to the instance being authorized to read data associated with at least one of the security labels.
  - 12. The system of claim 7, wherein the system permits the executing instance of the security-wrapped software application to write data associated with a plurality of security labels only in response to:
    - the instance is authorized to read data associated with each of the security labels; and
      
      the instance has not written data associated with another security label that is in conflict with any of the security labels.
  - 13. The system of claim 7, wherein the system permits the executing instance of the security-wrapped software application to write data associated with one or more security labels only in response to:
    - the instance is not currently reading data associated with another security label that is in conflict with any of the security labels; and
      
      the instance has not written data associated with another security label that is in conflict with any of the one or more security labels.

14. A system for enforcing a data flow policy at a mobile computing device, embodied as executable instructions in one or more non-transitory machine-accessible storage media, the system comprising:
- one or more hardware processors coupled to the media and executable by the one or more hardware processors;
  
  a system call monitor to monitor system calls made by an instance of a security-wrapped software application executing on the mobile computing device;
  
  a data flow policy engine to;
  
  analyze the system calls using a data flow policy, wherein the data flow policy associates security labels with data objects and the security labels indicate conflicts of interest between or among data objects,associate a data object with a security label in response to the data object is produced by a data source having the security label or in response to the data object is created by a software application process having the security label, andassociate the instance with the security label in response to the instance accessing the data object and the data object is associated with the security label;
  
  a data flow policy enforcer to prevent the instance from executing a system call that violates the data flow policy; and
  
  wherein the data flow policy engine further defines each security label as either public or private;
  
  wherein the system permits the executing instance of the security-wrapped software application to write data associated with a public security label only when;
  
  the security-wrapped software application has not read data associated with a private security label; and
  
  the security-wrapped software application has not written data associated with the private security label.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein the data object may be associated with more than one security label.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Porras, Phillip A.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US14/717,118
Publication Number

US 20150256559A1
Time in Patent Office

202 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Method and system for protecting data flow at a mobile device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting data flow at a mobile device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links