Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement

US 20160246992A1
Filed: 06/18/2015
Published: 08/25/2016
Est. Priority Date: 02/24/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium comprising computer-readable code embodied thereon, wherein execution of the computer-readable code by at least one processor causes an apparatus to perform:

accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system;

determining, in the application, one or more program points involving access to the private data of the user via the application programming interface;

for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user;

packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and

outputting the application with the rewritten code for use by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method whereby permission is accessed that is to be revoked for an application. The permission involves access to private data of a user via an API of an OS. It is determined, in the application, program point(s) involving access to the private data of the user via the API. For each selected one of the program point(s), code in the application is rewritten to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement. The mock object or value does not expose the private data of the user. The application with the rewritten code is packaged as an output application able to be subsequently executed by the user, and is output for use by the user.

19 Citations

View as Search Results

17 Claims

1. A computer-readable storage medium comprising computer-readable code embodied thereon, wherein execution of the computer-readable code by at least one processor causes an apparatus to perform:
- accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system;
  
  determining, in the application, one or more program points involving access to the private data of the user via the application programming interface;
  
  for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user;
  
  packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and
  
  outputting the application with the rewritten code for use by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-readable storage medium of claim 1, wherein the permission is to a protected part of the application programming interface and the source statements that are rewritten access methods of the application programming interface, wherein the methods require the permission to access the private data of the user.
  - 3. The computer-readable storage medium of claim 1, wherein determining one or more program points involving access to the private data of the user via the application programming interface further comprises performing constraint inference of the code in the application to determine a plurality of constraints on paths through the code, wherein the constraints prevent the application from transitioning into program locations that are considered to be bad locations.
  - 4. The computer-readable storage medium of claim 3, wherein performing constraint inference of the code in the application further comprises determining mock objects or values meeting the plurality of constraints and causing flow through the paths that maximizes functionality of the application in absence of an actual value for the private data of the user.
  - 5. The computer-readable storage medium of claim 4, wherein determining mock objects or values further comprises determining that two paths are both good, wherein a good path does not contain a bad location, and determining that a first path of the two paths makes more use of a first value causing the selected path to be traversed, than does a second path of the two paths make of a different second value causing the second path to be traversed, and setting a mock object or value to the first value.
  - 6. The computer-readable storage medium of claim 4, wherein execution of the computer-readable code by at least one processor further causes the apparatus to perform the following:
    - performing constraint solving to satisfy as many as possible of good constraints, which capture conditions that force execution along a good path, while simultaneously refraining from violating any bad constraints, which ensure that execution along bad paths are avoided, wherein each bad path contains at least one bad location and each good path does not contain a bad location.
  - 7. The computer-readable storage medium of claim 6, wherein a bad location comprises a program point where (i) an exception is thrown or (ii) an error-handling method is invoked.
  - 8. The computer-readable storage medium of claim 6, wherein constraint solving comprises assigning a good constraint a first weight and assigning a bad constraint a different, second weight, and partitioning the constraints into clusters according to a conflict relation.

9. An apparatus comprising:
- one or more memories comprising computer-readable code;
  
  one or more processors coupled to the one or more memories, wherein the one or more processors are configured by execution of the computer-readable code to cause the apparatus to perform the following;
  
  accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system;
  
  determining, in the application, one or more program points involving access to the private data of the user via the application programming interface;
  
  for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user;
  
  packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and
  
  outputting the application with the rewritten code for use by the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the permission is to a protected part of the application programming interface and the source statements that are rewritten access methods of the application programming interface, wherein the methods require the permission to access the private data of the user.
  - 11. The apparatus of claim 9, wherein determining one or more program points involving access to the private data of the user via the application programming interface further comprises performing constraint inference of the code in the application to determine a plurality of constraints on paths through the code, wherein the constraints prevent the application from transitioning into program locations that are considered to be bad locations.
  - 12. The apparatus of claim 11, wherein performing constraint inference of the code in the application further comprises determining mock objects or values meeting the plurality of constraints and causing flow through the paths that maximizes functionality of the application in absence of an actual value for the private data of the user.
  - 13. The apparatus of claim 12, wherein determining mock objects or values further comprises determining that two paths are both good, wherein a good path does not contain a bad location, and determining that a first path of the two paths makes more use of a first value causing the selected path to be traversed, than does a second path of the two paths make of a different second value causing the second path to be traversed, and setting a mock object or value to the first value.
  - 14. The apparatus of claim 12, wherein the one or more processors are further configured by execution of the computer-readable code to cause the apparatus to perform the following:
    - performing constraint solving to satisfy as many as possible of good constraints, which capture conditions that force execution along a good path, while simultaneously refraining from violating any bad constraints, which ensure that execution along bad paths are avoided, wherein each bad path contains at least one bad location and each good path does not contain a bad location.
  - 15. The apparatus of claim 14, wherein a bad location comprises a program point where (i) an exception is thrown or (ii) an error-handling method is invoked.
  - 16. The apparatus of claim 14, wherein constraint solving comprises assigning a good constraint a first weight and assigning a bad constraint a different, second weight, and partitioning the constraints into clusters according to a conflict relation.

17. An apparatus, comprising:
- means for accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system;
  
  means for determining, in the application, one or more program points involving access to the private data of the user via the application programming interface;
  
  means, responsive to each selected one of the one or more program points, for rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user;
  
  means for packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and
  
  means for outputting the application with the rewritten code for use by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Brutschy, Lucas, Ferrara, Pietro, Pistoia, Marco, Tripp, Omer

Granted Patent

US 9,940,478 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6281   at program execution time, ...

G06F 8/30   Creation or generation of s...

G06F 8/60   Software deployment

G06F 8/65   Updates security arrangemen...

Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links