Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement using API call graph

Assignee

• ArecaBay, Inc. · US

Inventors

• Lebin Cheng · Saratoga, US
• Ravindra K. Balupari · San Jose, US
• Sekhar Babu Chintaginjala · Survanagiri, IN
• Ankit Kumar · San Diego, US
• Sandeep Yadav · Sunnyvale, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N5/02
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A multi-API security policy that covers multiple API calls of a transaction is dynamically enforced at runtime, without access to the specification or code of the APIs. Calls made to APIs of the transaction are logged, and the logs are read. Data objects used by the APIs are identified. Specific data labels are assigned to specific fields of the data objects, consistently identifying data fields of specific types. Linkages are identified between specific ones of the multiple APIs, based on the consistent identification of specific types of data fields. An API call graph is constructed, identifying a sequence of API calls made during the transaction. The call graph is used to enforce the security policy, by tracking the flow of execution of the multi-API transaction at runtime, and detecting actions that violate the security policy. Security actions are taken responsive to the detected actions that violate the policy.