Framework for efficient security coverage of mobile software applications

Assignee

• FireEye, Inc. · US

Inventors

• Osman Abdoul Ismael · Palo Alto, US
• Dawn Song · San Francisco, US
• Ashar Aziz · Kendall, US
• Noah Johnson · Oakland, US
• Prshanth Mohan · San Jose, US
• Hui Xue · Hunan, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/12
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.