Framework for efficient security coverage of mobile software applications
First Claim
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
- one or more hardware processors; and
a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of the application instance that includes code by analyzing a portion of the code of the application instance and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause a potentially improper behavior of the code to occur, or (iii) would cause a potentially improper state transition when the portion of the code is executed, (b) determines specific stimuli that will cause one or more state transitions within the application instance to reach the region of interest, and (c) applies the stimuli to the application instance prior to monitoring of one or more behaviors resulting from execution of at least the portion of the code of the application instance at the region of interest within one or more virtual machines comprising a run-time environment.
8 Assignments
0 Petitions
Accused Products
Abstract
A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application'"'"'s execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application'"'"'s run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
Citations
31 Claims
-
1. A system for automatically analyzing an application instance for improperly behaving code, the system comprising:
-
one or more hardware processors; and a memory coupled to the one or more hardware processors, the memory including a central intelligence engine that, when executed by the one or more hardware processors, (a) identifies a region of interest of the application instance that includes code by analyzing a portion of the code of the application instance and identifying whether the portion of the code either (i) represents an inappropriate code structure or (ii) would cause a potentially improper behavior of the code to occur, or (iii) would cause a potentially improper state transition when the portion of the code is executed, (b) determines specific stimuli that will cause one or more state transitions within the application instance to reach the region of interest, and (c) applies the stimuli to the application instance prior to monitoring of one or more behaviors resulting from execution of at least the portion of the code of the application instance at the region of interest within one or more virtual machines comprising a run-time environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 21, 22, 23, 24)
-
-
13. A method for automatically analyzing an application instance by one or more hardware processors executing software that perform operations comprising:
-
identifying, during execution of the software by the one or more hardware processors, a region of interest of the application instance based on an analysis of code of the application instance, the region of interest corresponds to one or more parts of the code of the application instance considered to potentially include improperly behaving code that either (i) represents an inappropriate code structure, or (ii) causes a potentially improper behavior of the code to occur, or (iii) causes a potentially improper state transition when executed; determining, during execution of the software by the one or more hardware processors, specific stimuli that causes one or more state transitions within the application instance to reach the region of interest to occur; applying, during execution of the software by the one or more hardware processors, the stimuli to the application instance so that the application instance commences processing of the one or more parts of code of the application instance that is associated with the region of interest; monitoring, during execution of the software by the one or more hardware processors, one or more behaviors of the application instance during processing of the one or more parts of code of the application instance that is associated with the region of interest within one or more virtual machines in response to the applied stimuli; and determining, during execution of the software by the one or more hardware processors, whether the one or more behaviors identify that the region of interest corresponds to improperly behaving code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 25, 26, 27)
-
-
28. A method for automatically analyzing an application instance by one or more hardware processors executing software that perform operations comprising:
-
receiving the application for analysis of a portion of code of the application instance, the portion of code considered to potentially include improperly behaving code that either (i) represents an inappropriate code structure, or (ii) causes a potentially improper behavior of the code to occur, or (iii) causes a potentially improper state transition when executed; determining a specific stimuli that causes one or more transitions within the application instance to begin processing the portion of code of the application instance; applying the stimuli to the application instance so that the application instance commences processing of the portion of code of the application instance; determining whether one or more behaviors monitored during processing of the portion of code of the application instance by the one or more hardware processor identify that the portion of the code corresponds to improperly behaving code. - View Dependent Claims (29, 30, 31)
-
Specification