System and method for detecting data extrusion in software applications
US10025688B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 17, 2012 |
| Grant date | Jul 17, 2018 |
| Priority date | — |
| Expiry date | Aug 10, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Comprehensive techniques identify data leaks in software applications using Asset Flow Analysis (AFA) to determine whether critical data leaves a system through an exit point such that the data is no longer protected by mechanisms of the system. A novel data extrusion mechanism makes use of a relevant subset of all the possible data paths detected by AFA using a knowledge base of critical business functions and critical database content. The system checks if any code performs read access to critical business data and subsequently transfers this data beyond the control limits of the target system. The knowledge base can be extended by configuring which database content is to be regarded as critical in any given organization. The approach is particularly valuable in protecting systems that manipulate, distribute, or store sensitive information associated with financial, business, or personal data, including SAP® ABAP™ software applications.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.