中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

2 records (took 0.015 seconds)

    System and method for detecting sensitive user input leakages in software applications
    1.
    发明授权
    System and method for detecting sensitive user input leakages in software applications 有权

    公开(公告)号:US09870485B2

    公开(公告)日:2018-01-16

    申请号:US14939366

    申请日:2015-11-12

    Applicant: NEC Laboratories America, Inc.

    Inventor: Zhichun Li Xusheng Xiao Zhenyu Wu Jianjun Huang Guofei Jiang

    IPC: G06F21/57 G06F21/62

    CPC classification number: G06F21/6245 G06F21/577

    Abstract: A system and method for detecting sensitive user input leakages in software applications, such as applications created for smartphone platforms. The system and method are configured to parse user interface layout files of the software application to identify input fields and obtain information concerning the input fields. Input fields that contain sensitive information are identified and a list of sensitive input fields, such as contextual IDs, is generated. The sensitive information fields are identified by reviewing the attributes, hints and/or text labels of the user interface layout file. A taint analysis is performed using the list of sensitive input fields and a sink dataset in order to detect information leaks in the sensitive input fields.

    SYSTEM AND METHOD FOR DETECTING SENSITIVE USER INPUT LEAKAGES IN SOFTWARE APPLICATIONS
    2.
    发明申请
    SYSTEM AND METHOD FOR DETECTING SENSITIVE USER INPUT LEAKAGES IN SOFTWARE APPLICATIONS 有权
    用于检测软件应用中敏感用户输入漏洞的系统和方法

    公开(公告)号:US20160132679A1

    公开(公告)日:2016-05-12

    申请号:US14939366

    申请日:2015-11-12

    Applicant: NEC Laboratories America, Inc.

    Inventor: Zhichun Li Xusheng Xiao Zhenyu Wu Jianjun Huang Guofei Jiang

    IPC: G06F21/55 G06F17/27

    CPC classification number: G06F21/6245 G06F21/577

    Abstract: A system and method for detecting sensitive user input leakages in software applications, such as applications created for smartphone platforms. The system and method are configured to parse user interface layout files of the software application to identify input fields and obtain information concerning the input fields. Input fields that contain sensitive information are identified and a list of sensitive input fields, such as contextual IDs, is generated. The sensitive information fields are identified by reviewing the attributes, hints and/or text labels of the user interface layout file. A taint analysis is performed using the list of sensitive input fields and a sink dataset in order to detect information leaks in the sensitive input fields.

    Abstract translation: 用于检测软件应用程序中敏感的用户输入漏洞的系统和方法,例如为智能手机平台创建的应用程序。 系统和方法被配置为解析软件应用的用户界面布局文件以识别输入字段并获得关于输入字段的信息。 识别包含敏感信息的输入字段,并生成敏感输入字段(如上下文ID)的列表。 通过查看用户界面布局文件的属性,提示和/或文本标签来标识敏感信息字段。 使用敏感输入字段和接收器数据集列表执行污染分析,以便检测敏感输入字段中的信息泄漏。

Patent Agency Ranking