Application auditing through object level code inspection
US9015832B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 19, 2012 |
| Grant date | Apr 21, 2015 |
| Priority date | — |
| Expiry date | Mar 13, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Security auditing of an application is performed based on object data associated with the application. An application is executed on a physical or emulated host device, and assembly code is generated for the executing application. The assembly code is analyzed to identify objects associated with the application, and to identify relationships between the objects. Data stored in member variables of the objects is retrieved by setting analysis points at which to extract member variable data during execution of the application. Based on the object data, relationship data, and retrieved member variable data, potential security risks are identified for the application. Security risks may include access of data on the host device and external communication of the accessed data. The application may be instrumented to include logging functionality, or to disable certain features of the application, and deployed to enable further monitoring for security risks.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.