Framework for efficient security coverage of mobile software applications using machine learning
First Claim
Patent Images
1. A method comprising:
- instrumenting, by a static instrumentation engine within software executed by a processor, an application of a computing system with at least a first monitoring function, the first monitoring function capable of operating in a run-time environment during processing of the instrumented application;
tracking, by at least a second monitoring function, movement of data associated with the application, the data being at least partially identified by a storage location;
determining whether movement of the data from a first storage location to a second storage location is suspicious; and
reporting suspicious movement of the data.
5 Assignments
0 Petitions
Accused Products
Abstract
For one embodiment, a method is described that involves the instrumenting of an application of a computing system with at least one monitoring function, where the monitoring function is capable of operating in a run-time environment during processing of the instrumented application. The movement of data associated with the application is tracked by one or more monitoring functions. This data is at least partially identified by a storage location. Thereafter, a determination is made whether movement of the data from a first storage location to a second storage location is suspicious, and if so, suspicious movement of the data is reported.
506 Citations
36 Claims
-
1. A method comprising:
-
instrumenting, by a static instrumentation engine within software executed by a processor, an application of a computing system with at least a first monitoring function, the first monitoring function capable of operating in a run-time environment during processing of the instrumented application; tracking, by at least a second monitoring function, movement of data associated with the application, the data being at least partially identified by a storage location; determining whether movement of the data from a first storage location to a second storage location is suspicious; and reporting suspicious movement of the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor; and a memory coupled to the processor, the memory comprises a static instrumentation engine that, when executed by the processor, is configured to instrument an application with at least a first monitoring function; and one or more virtual machines included as part of a run-time environment, a first virtual machine of the one or more virtual machines, when executed by the processor, is configured to process the instrumented application and at least a second monitoring function tracking movement of data associated with instrumented application that is determined to be a suspicious activity in response to determining, by the second monitoring function during processing the instrumented application, that the instrumented application is attempting to cause the data to be directed out of the run-time environment. - View Dependent Claims (13, 14, 15, 16, 31, 32)
-
-
17. A system comprising:
-
a static instrumentation engine configured to instrument an application with at least a first monitoring function; a run-time environment to process the instrumented application where at least a second monitoring function tracking movement of data associated with the instrumented application that is determined to be a suspicious activity, the run-time environment determining whether movement of the data is a suspicious activity by identifying an attempt by the instrumented application to direct data to an unapproved storage location; and a central intelligence engine configured to receive a report indicating the determined suspicious activity. - View Dependent Claims (18, 19, 33, 34, 35, 36)
-
-
20. A system comprising:
-
a processor; and a memory coupled to the processor, the memory comprises a static instrumentation engine configured to instrument an application with at least a first monitoring function, a run-time environment communicatively coupled to the static instrumentation engine, the run-time environment comprises one or more virtual machines that comprises at least a first virtual machine including at least a second monitoring function, the first virtual machine, when executed by the processor, processes the instrumented application and the second monitoring function tracking movement of data associated with the instrumented application that is determined to correspond to a suspicious activity, wherein the run-time environment is further configured to output information that identifies the determined suspicious activity. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A method comprising:
-
instrumenting an application of a computing system to operate in cooperation with one or more monitoring functions, at least a first monitoring function of the one or more monitoring functions operating in a run-time environment during processing of the instrumented application; tracking, by at least a second monitoring function of, movement of data associated with the application, the data being at least partially identified by a storage location, the tracking of the movement of the data comprises determining, during the processing of the instrumented application, whether the instrumented application is attempting to cause the data to be directed out of the run-time environment; determining whether the tracked movement of the data is suspicious; and reporting suspicious movement of the data. - View Dependent Claims (29, 30)
-
Specification