Systems and methods for performing security analyses of applications configured for cloud-based platforms

US 9,223,961 B1
Filed: 04/04/2012
Issued: 12/29/2015
Est. Priority Date: 04/04/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for performing security analyses of applications configured for cloud-based platforms, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, wherein the online service hosts and/or processes data via one or more cloud-based applications;

identifying, by a security system separate from the online service, at least one third-party application by identifying user-facing content within the online service that references the third-party application, the third-party application being;

separate from and configured to operate on the online platform;

specifically designed to be integrated with the online service and enhancing the online service by customizing an interaction with the online service;

retrieving, from the online service by the security system, metadata describing;

at least one characteristic of the third-party application;

the interaction of the third-party application with the online service;

an internet resource provided via a canvas page that comprises at least a portion of the third-party application;

in response to determining that the third-party application is separate from the online platform, performing, by the security system, a security analysis of the third-party application instead of the online service that determines a most probable classification of the third-party application, based at least in part on the metadata describing at least one characteristic of the third-party application, the interaction of the third-party application with the online service, and the internet resource provided via the canvas page, and flagging the third-party application as malicious based on the security analysis.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for performing security analyses of applications configured for cloud-based platforms may include 1) identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, 2) identifying at least one third-party application that is integrated with the online service and configured to operate on the online platform, 3) identifying metadata describing at least one characteristic of the third-party application, and 4) performing a security analysis of the third-party application based at least in part on the metadata. Various other methods, systems, and computer-readable media are also disclosed.

Citations

20 Claims

1. A computer-implemented method for performing security analyses of applications configured for cloud-based platforms, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, wherein the online service hosts and/or processes data via one or more cloud-based applications;
  
  identifying, by a security system separate from the online service, at least one third-party application by identifying user-facing content within the online service that references the third-party application, the third-party application being;
  
  separate from and configured to operate on the online platform;
  
  specifically designed to be integrated with the online service and enhancing the online service by customizing an interaction with the online service;
  
  retrieving, from the online service by the security system, metadata describing;
  
  at least one characteristic of the third-party application;
  
  the interaction of the third-party application with the online service;
  
  an internet resource provided via a canvas page that comprises at least a portion of the third-party application;
  
  in response to determining that the third-party application is separate from the online platform, performing, by the security system, a security analysis of the third-party application instead of the online service that determines a most probable classification of the third-party application, based at least in part on the metadata describing at least one characteristic of the third-party application, the interaction of the third-party application with the online service, and the internet resource provided via the canvas page, and flagging the third-party application as malicious based on the security analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein:
    - the online service comprises an internet site that provides a service to a user;
      
      the third-party application customizes the interaction with the online service by providing an additional service to the user via the internet site.
  - 3. The computer-implemented method of claim 1, further comprising:
    - retrieving the metadata by;
      
      identifying a classification of the third-party application;
      
      identifying at least one permission used by the third-party application within the online platform;
      
      identifying a set of expected permissions to be used by the third-party application based on the classification of the third-party application;
      
      wherein performing the security analysis further comprises determining that the permission used by the third-party application is not within the set of expected permissions.
  - 4. The computer-implemented method of claim 1,wherein retrieving the metadata further comprises:
    - identifying an actual vendor of the third-party application;
      
      identifying user-facing content within the third-party application indicating an apparent vendor of the third-party application;
      
      wherein performing the security analysis further comprises determining that the actual vendor of the third-party application differs from the apparent vendor of the third-party application.
  - 5. The computer-implemented method of claim 1, further comprising:
    - retrieving the metadata by;
      
      identifying a classification of the third-party application;
      
      identifying content generated by the third-party application within the online service;
      
      analyzing the content to identify at least one topic of the content;
      
      identifying an expected topic of the third-party application based on the classification;
      
      wherein performing the security analysis further comprises determining that the expected topic does not match the topic of the content.
  - 6. The computer-implemented method of claim 1, further comprising:
    - retrieving the metadata by;
      
      identifying a classification of the third-party application;
      
      identifying a volume of content generated by the third-party application within the online service;
      
      identifying an expected volume of content generated by the third-party application based on the classification;
      
      wherein performing the security analysis further comprises determining that the volume of content generated by the third-party application exceeds the expected volume of content.
  - 7. The computer-implemented method of claim 1,wherein retrieving the metadata further comprises identifying content generated by the third-party application within the online service;
    - wherein performing the security analysis further comprises determining that the content generated by the third-party application comprises spam content.
  - 8. The computer-implemented method of claim 1,wherein retrieving the metadata further comprises identifying at least one rating used to describe the third-party application;
    - wherein performing the security analysis further comprises determining that the rating falls below a predetermined threshold.
  - 9. The computer-implemented method of claim 1,wherein retrieving the metadata further comprises identifying a user account for the online service usable for testing third-party applications integrated with the online service;
    - wherein performing the security analysis further comprises loading the third-party application within the online service via the user account.

10. A system for performing security analyses of applications configured for cloud-based platforms, the system comprising:
- an identification module programmed to identify an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, wherein the online service hosts and/or processes data via one or more cloud-based applications;
  
  an application module programmed to identify, from a security server separate from the online service, at least one third-party application by identifying user-facing content within the online service that references the third-party application, the third-party application being;
  
  separate from and configured to operate on the online platform;
  
  specifically designed to be integrated with the online service and enhancing the online service by customizing an interaction with the online service;
  
  a metadata module programmed to retrieve, from the security server, metadata from within the online service describing;
  
  at least one characteristic of the third-party application;
  
  the interaction of the third-party application with the online service;
  
  an internet resource provided via a canvas page that comprises at least a portion of the third-party application;
  
  a security module programmed to perform, from the security server and in response to determining that the third-party application is separate from the online platform, a security analysis of the third-party application instead of the online service that determines a most probable classification of the third-party application, based at least in part on the metadata describing at least one characteristic of the third-party application, the interaction of the third-party application with the online service, and the internet resource provided via the canvas page, and flagging the third-party application as malicious based on the security analysis;
  
  at least one hardware processor configured to execute the identification module, the application module, the metadata module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein:
    - the online service comprises an internet site that provides a service to a user;
      
      the third-party application customizes the interaction with the online service by providing an additional service to the user via the internet site.
  - 12. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by:
    - identifying a classification of the third-party application;
      
      identifying at least one permission used by the third-party application within the online platform;
      
      wherein the metadata module is further programmed to identify a set of expected permissions to be used by the third-party application based on the classification of the third-party application;
      
      wherein the security module is further programmed to perform the security analysis by determining that the permission used by the third-party application is not within the set of expected permissions.
  - 13. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by:
    - identifying an actual vendor of the third-party application;
      
      identifying user-facing content within the third-party application indicating an apparent vendor of the third-party application;
      
      wherein the security module is further programmed to perform the security analysis by determining that the actual vendor of the third-party application differs from the apparent vendor of the third-party application.
  - 14. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by:
    - identifying a classification of the third-party application;
      
      identifying content generated by the third-party application within the online service;
      
      analyzing the content to identify at least one topic of the content;
      
      wherein the metadata module is further programmed to identify an expected topic of the third-party application based on the classification;
      
      wherein the security module is further programmed to perform the security analysis by determining that the expected topic does not match the topic of the content.
  - 15. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by:
    - identifying a classification of the third-party application;
      
      identifying a volume of content generated by the third-party application within the online service;
      
      wherein the metadata module is further programmed to identify an expected volume of content generated by the third-party application based on the classification;
      
      wherein the security module is further programmed to perform the security analysis by determining that the volume of content generated by the third-party application exceeds the expected volume of content.
  - 16. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by identifying content generated by the third-party application within the online service;
    - wherein the security module is further programmed to perform the security analysis by determining that the content generated by the third-party application comprises spam content.
  - 17. The system of claim 10,wherein the metadata module is further programmed to retrieve the metadata by identifying at least one rating used to describe the third-party application;
    - wherein the security module is further programmed to perform the security analysis by determining that the rating falls below a predetermined threshold.

18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, wherein the online service hosts and/or processes data via one or more cloud-based applications;
  
  identify, from a security server separate from the online service, at least one third-party application by identifying user-facing content within the online service that references the third-party application, the third-party application being;
  
  separate from and configured to operate on the online platform;
  
  specifically designed to be integrated with the online service and enhancing the online service by customizing an interaction with the online service;
  
  retrieve, from the security server, metadata from within the online service describing;
  
  at least one characteristic of the third-party application;
  
  the interaction of the third-party application with the online service;
  
  an internet resource provided via a canvas page that comprises at least a portion of the third-party application;
  
  in response to determining that the third-party application is separate from the online platform, perform, from the security server, a security analysis of the third-party application instead of the online service that determines a most probable classification of the third-party application, based at least in part on the metadata describing at least one characteristic of the third-party application, the interaction of the third-party application with the online service, and the internet resource provided via canvas page, and flagging the third-party application as malicious based on the security analysis.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable-storage medium of claim 18, wherein:
    - the online service comprises an internet site that provides a service to a user;
      
      the third-party application customizes the interaction with the online service by providing an additional service to the user via the internet site.
  - 20. The non-transitory computer-readable-storage medium of claim 18,wherein the one or more computer-executable instructions further cause the computing device to:
    - retrieve the metadata by;
      
      identifying a classification of the third-party application;
      
      identifying at least one permission used by the third-party application within the online platform;
      
      identify a set of expected permissions to be used by the third-party application based on the classification of the third-party application;
      
      perform the security analysis by determining that the permission used by the third-party application is not within the set of expected permissions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sokolov, Ilya
Primary Examiner(s)
Abedin, Shanto M

Application Number

US13/439,458
Time in Patent Office

1,364 Days
Field of Search

726 22- 25, 726/1, 709/204, 709/224, 707/707
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

Systems and methods for performing security analyses of applications configured for cloud-based platforms

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for performing security analyses of applications configured for cloud-based platforms

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links