Framework for efficient security coverage of mobile software applications that is usable to harden in the field code

US 9,824,209 B1
Filed: 02/23/2013
Issued: 11/21/2017
Est. Priority Date: 02/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving an application in a first level of code, wherein said first level of code is executable code;

translating the application to a second level of code different than the first level of code;

creating a representation of an application that describes states and state transitions of said application;

receiving a description of unwanted behaviors of said application;

using said description and said representation to determine changes to code of said application wherein said changes to said code preclude said application from performing at least one of said unwanted behaviors; and

instrumenting, by a static instrumentation unit within a computer system, said application with said changes to said code to create an instrumented application that does not perform said at least one of said unwanted behaviors, wherein said instrumenting of said application is performed at said second level of code.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is described that includes receiving an application and creating a representation of the application that describes states and state transitions of the application. The method further includes receiving a description of unwanted behaviors of the application. The method further includes using the description and the representation to determine actions to be added to the application and locations within the application where the actions are to be performed. The method also includes instrumenting the application with the actions in the locations to create an instrumented application that does not perform the unwanted behaviors.

Citations

39 Claims

1. A method, comprising:
- receiving an application in a first level of code, wherein said first level of code is executable code;
  
  translating the application to a second level of code different than the first level of code;
  
  creating a representation of an application that describes states and state transitions of said application;
  
  receiving a description of unwanted behaviors of said application;
  
  using said description and said representation to determine changes to code of said application wherein said changes to said code preclude said application from performing at least one of said unwanted behaviors; and
  
  instrumenting, by a static instrumentation unit within a computer system, said application with said changes to said code to create an instrumented application that does not perform said at least one of said unwanted behaviors, wherein said instrumenting of said application is performed at said second level of code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said translating of said application to said second level of code is performed prior to said creating of said representation.
  - 3. The method of claim 2 wherein said application is received as Java®
    - byte code.
  - 4. The method of claim 1 further comprising retranslating said instrumented application to said first level of code.
  - 5. The method of claim 1 wherein said instrumentation is to:
    - prevent said application from accessing sensitive information;
      
      prevent said application from sending sensitive information externally from said application'"'"'s mobile device;
      
      orprevent said application from engaging in a particular type of communication session.
  - 6. The method of claim 1 wherein said second level of code comprises byte code.

7. A method for hardening an application operating within a mobile device comprising:
- receiving the application in a first level of code, wherein said first level of code is executable code;
  
  translating the application to a second level of code different than the first level of code;
  
  creating a representation of an application that describes states and state transitions of said application;
  
  identifying one or more unwanted behaviors to be conducted by the mobile device based on an analysis of code of said application and the representation of said application;
  
  determining changes to said code of the application, wherein said changes to said code preclude the application from performing the one or more unwanted behaviors; and
  
  instrumenting the application with said changes to said code to preclude the application from performing the one or more unwanted behaviors, wherein the instrumenting is performed on the second level object code.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 8. The method of claim 7, wherein prior to installing the instrumented application on the mobile device, the method further comprises re-translating the instrumented application currently as the second level object code to an original code level.
  - 9. The method of claim 7, wherein the identifying of the one or more unwanted behaviors comprises determining whether any states of the application could cause a command to be sent to either hardware or an operating system of the mobile device to activate an input/output component of the mobile device.
  - 10. The method of claim 9, wherein the input/output component is a microphone.
  - 11. The method of claim 9, wherein the input/output component is a camera.
  - 12. The method of claim 9, wherein the input/output component is a network interface.
  - 13. The method of claim 7, wherein the identifying of the one or more unwanted behaviors comprises determining whether access to either prescribed files or prescribed system memory regions is available despite the mobile device being precluded from access to the prescribed files or the prescribed system memory regions.
  - 14. The method of claim 7, wherein prior to identifying the one or more unwanted behaviors, the method comprises generating a representation of the application, the representation defines different states of the application and stimuli needed to cause a transition from one particular application state to another particular application state.
  - 15. The method of claim 14, wherein the representation is generated based on internal structures or code flows of the application.
  - 16. The method of claim 7, wherein the instrumented application is an operating system.
  - 17. The method of claim 7, wherein the mobile device is a smartphone.
  - 18. The method of claim 7, wherein the unwanted behavior is a release of sensitive information from the application.
  - 19. The method of claim 7 being conducted by a framework implemented as a cloud service.
  - 20. The method of claim 7 wherein said second level of code comprises byte code.

21. A system comprising:
- one or more hardware processors; and
  
  a storage medium communicatively coupled to the one or more hardware processors, and having stored thereon;
  
  a central intelligence unit configured to (i) identify one or more unwanted behaviors to be conducted by a device based on an analysis of code of an application and a representation of said application that describes states and state transitions of said application, and (ii) determine changes to code of said application, wherein said changes to code preclude the application from performing the one or more unwanted behaviors, wherein prior to identifying the one or more unwanted behaviors, the central intelligence unit translates the application from a first level of code being executable code to a second level of code different than the first level of code; and
  
  a static instrumentation engine in communication with the central intelligence unit, the static instrumentation engine being configured to (i) create said representation of said application, (ii) instrument the application with the changes to the code so that the application is precluded from performing the one or more unwanted behaviors, and (iii) install the instrumented application into data storage of the device, wherein the instrumenting is performed on the second level object code.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The system of claim 21 wherein said second level of code comprises byte code.
  - 23. The system of claim 21 wherein said translating, by the static instrumentation engine, of said application to the second level of code is performed prior to said creating of said representation.
  - 24. The system of claim 21 wherein said application is received as Java®
    - byte code.
  - 25. The system of claim 21 further comprising re-translating, by the static instrumentation engine, said instrumented application to said first level of code.
  - 26. The system of claim 21 wherein said device is a mobile device.
  - 27. The system of claim 26 wherein said instrumentation is to:
    - prevent said application from accessing sensitive information;
      
      prevent said application from sending sensitive information externally from said application'"'"'s mobile device;
      
      orprevent said application from engaging in a particular type of communication session.

28. A system for hardening an application, the system comprising:
- one or more hardware processors; and
  
  a storage medium communicatively coupled to the one or more hardware processors, and having stored thereon;
  
  a central intelligence unit including;
  
  an explorer engine configured to receive a description of unwanted behaviors of said application, anda static instrumentation unit including;
  
  a translation unit configured to receive said application in a first level of code and translate the application to a higher level of code different than the first level of code, wherein said first level of code is executable code,an application representation generation unit configured to create a representation of an application that describes states and state transitions of said application, wherein said explorer engine uses said description and said representation to determine changes to code of said application to preclude said application from performing at least one of said unwanted behaviors,an instrumentation unit configured to instrument said application with said changes to said code to create an instrumented application that does not perform said at least one of said unwanted behaviors, wherein instrumenting of said application is performed at said higher level of code.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The system of claim 28 wherein said translating of said application to the higher level of code is performed prior to said creating of said representation.
  - 30. The system of claim 28 wherein said application is received as Java®
    - byte code.
  - 31. The system of claim 28 further comprising re-translating, by a re-translation unit of said static instrumentation engine, said instrumented application to said first level of code.
  - 32. The system of claim 28 wherein said application is installed on a mobile device.
  - 33. The system of claim 32 wherein said instrumentation is to:
    - prevent said application from accessing sensitive information;
      
      prevent said application from sending sensitive information externally from said mobile device;
      
      orprevent said application from engaging in a particular type of communication session.

34. A non-transitory computer-readable medium having stored thereon logic, the logic being executable by one or more processors to perform operations including:
- receiving, by a translation unit, an application in a first level of code, wherein said first level of code is executable code;
  
  translating, by the translation unit, the application to a second level of code different than the first level of code;
  
  creating, by an application representation generation unit, a representation of an application that describes states and state transitions of said application;
  
  receiving, by an explorer engine, a description of unwanted behaviors of said application;
  
  using, by the explorer engine, said description and said representation to determine changes to code of said application, wherein said changes to said code preclude said application from performing at least one of said unwanted behaviors; and
  
  instrumenting, by a static instrumentation unit, said application with said code adapted to the changes to said code to create an instrumented application that does not perform said at least one of said unwanted behaviors, wherein said instrumenting of said application is performed at said second level of code.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The system of claim 34 wherein said translating of said application to said second level of code is performed prior to said creating of said representation.
  - 36. The system of claim 34 wherein said application is received as Java®
    - byte code.
  - 37. The system of claim 34 further comprising re-translating said instrumented application to said first level of code.
  - 38. The system of claim 34 wherein said application is installed on a mobile device.
  - 39. The system of claim 38 wherein said instrumentation is to:
    - prevent said application from accessing sensitive information;
      
      prevent said application from sending sensitive information externally from said mobile device;
      
      orprevent said application from engaging in a particular type of communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
FireEye, Inc. (Alphabet Inc.)
Inventors
Ismael, Osman Abdoul, Song, Dawn, Aziz, Ashar, Johnson, Noah, Mettler, Adrian Matthew
Primary Examiner(s)
Reza, Mohammad W

Application Number

US13/775,172
Time in Patent Office

1,732 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54 by adding security routines...

Framework for efficient security coverage of mobile software applications that is usable to harden in the field code

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Framework for efficient security coverage of mobile software applications that is usable to harden in the field code

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links