公开(公告)号：US20190095619A1

公开(公告)日：2019-03-28

申请号：US16199250

申请日：2018-11-26

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/56 ,  G06F21/51

CPC分类号： G06F21/56 ,  G06F21/51 ,  G06F21/561 ,  G06F21/562 ,  G06F21/566

摘要： A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

公开(公告)号：US20180247060A1

公开(公告)日：2018-08-30

申请号：US15966411

申请日：2018-04-30

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/57 ,  G06F21/55 ,  G06F21/60 ,  G06F21/56 ,  G06F21/62 ,  G06F21/52

CPC分类号： G06F21/577 ,  G06F21/52 ,  G06F21/554 ,  G06F21/566 ,  G06F21/606 ,  G06F21/62

摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

公开(公告)号：US09959411B2

公开(公告)日：2018-05-01

申请号：US14026347

申请日：2013-09-13

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/62 ,  G06F21/56 ,  G06F21/52 ,  G06F21/60 ,  G06F21/55

CPC分类号： G06F21/577 ,  G06F21/52 ,  G06F21/554 ,  G06F21/566 ,  G06F21/606 ,  G06F21/62

摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

公开(公告)号：US09037916B2

公开(公告)日：2015-05-19

申请号：US14025031

申请日：2013-09-12

申请人： International Business Machines Corporation

发明人： Daniel Kalman ,  Adi Sharabani ,  Omer Tripp

IPC分类号： G06F11/00 ,  G06F11/36

CPC分类号： G06F11/3612 ,  G06F11/3668

摘要： Dynamic concolic execution of an application. A first hypotheses pertaining to a nature of test payloads that satisfy a specified property, and that are expected to satisfy a condition tested by the application's program code, can be generated. A plurality of first test payloads to test first hypothesis can be synthesized and submitted to the application during respective executions of the application. Whether each of the first test payloads actually satisfy the condition tested by the application's program code can be determined. When at least one of the first test payloads does not actually satisfy the condition tested by the application's program code, a second hypotheses that is expected to satisfy the condition tested by the application's program code can be generated. A plurality of second test payloads to test the second hypothesis can be synthesized and submitted to the application during respective executions of the application.

摘要翻译： 应用程序的动态Concolic执行。 可以生成关于满足指定属性并且期望满足由应用程序代码测试的条件的测试有效载荷的性质的第一假设。 用于测试第一假设的多个第一测试有效载荷可以在应用的相应执行期间被合成并提交给应用。 可以确定每个第一测试有效载荷是否实际满足应用程序代码测试的条件。 当第一测试有效载荷中的至少一个实际上不满足应用程序代码测试的条件时，可以生成预期满足由应用程序代码测试的条件的第二假设。 用于测试第二假设的多个第二测试有效载荷可以在应用的各自执行期间被合成并提交给应用。

公开(公告)号：US20140096248A1

公开(公告)日：2014-04-03

申请号：US13971270

申请日：2013-08-20

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/56

CPC分类号： G06F21/56 ,  G06F21/51 ,  G06F21/561 ,  G06F21/562 ,  G06F21/566

摘要： Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious.

公开(公告)号：US10599843B2

公开(公告)日：2020-03-24

申请号：US16199250

申请日：2018-11-26

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F11/00 ,  G06F21/56 ,  G06F21/51

摘要： A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

公开(公告)号：US10528744B2

公开(公告)日：2020-01-07

申请号：US15966411

申请日：2018-04-30

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/62 ,  G06F21/56 ,  G06F21/52 ,  G06F21/60 ,  G06F21/55

摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

公开(公告)号：US09977903B2

公开(公告)日：2018-05-22

申请号：US13705705

申请日：2012-12-05

申请人： International Business Machines Corporation

发明人： Roee Hay ,  Daniel Kalman ,  Roi Saltzman ,  Omer Tripp

IPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/62 ,  G06F21/56 ,  G06F21/52 ,  G06F21/60 ,  G06F21/55

CPC分类号： G06F21/577 ,  G06F21/52 ,  G06F21/554 ,  G06F21/566 ,  G06F21/606 ,  G06F21/62

摘要： Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

公开(公告)号：US08909992B2

公开(公告)日：2014-12-09

申请号：US13686129

申请日：2012-11-27

申请人： International Business Machines Corporation

发明人： Daniel Kalman ,  Adi Sharabani ,  Omer Tripp

IPC分类号： G06F11/00 ,  G06F11/36

CPC分类号： G06F11/3612 ,  G06F11/3668

摘要： Dynamic concolic execution of an application. A first hypotheses pertaining to a nature of test payloads that satisfy a specified property, and that are expected to satisfy a condition tested by the application's program code, can be generated. A plurality of first test payloads to test first hypothesis can be synthesized and submitted to the application during respective executions of the application. Whether each of the first test payloads actually satisfy the condition tested by the application's program code can be determined. When at least one of the first test payloads does not actually satisfy the condition tested by the application's program code, a second hypotheses that is expected to satisfy the condition tested by the application's program code can be generated. A plurality of second test payloads to test the second hypothesis can be synthesized and submitted to the application during respective executions of the application.

摘要翻译： 应用程序的动态Concolic执行。 可以生成关于满足指定属性并且期望满足由应用程序代码测试的条件的测试有效载荷的性质的第一假设。 用于测试第一假设的多个第一测试有效载荷可以在应用的相应执行期间被合成并提交给应用。 可以确定每个第一测试有效载荷是否实际满足应用程序代码测试的条件。 当第一测试有效载荷中的至少一个实际上不满足应用程序代码测试的条件时，可以生成预期满足由应用程序代码测试的条件的第二假设。 用于测试第二假设的多个第二测试有效载荷可以在应用的各自执行期间被合成并提交给应用。

公开(公告)号：US20140298474A1

公开(公告)日：2014-10-02

申请号：US14305280

申请日：2014-06-16

申请人： International Business Machines Corporation

发明人： Daniel Kalman ,  Ory Segal ,  Omer Tripp ,  Omri Weisman

IPC分类号： G06F21/57

CPC分类号： G06F21/577 ,  G06F21/10 ,  G06F2221/034 ,  H04L63/1433

摘要： Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output.

摘要翻译： 对被测电脑程式（CPUT）执行安全性分析。 可以分析CPUT以识别与CPUT的潜在安全漏洞相关的数据。 至少可以自动合成在CPUT内测试程序代码的特定单位的第一单元测试。 可以将第一单元测试配置为初始化由CPUT内的程序代码的特定单元使用的至少一个参数，并且可以提供至少一个被配置为利用CPUT的至少一个潜在安全漏洞的第一测试负载。 可以动态地处理第一单元测试，以将第一测试有效负载传送到CPUT内的程序代码的特定单元。 是否可以确定第一个测试有效负载是否利用CPUT的实际安全漏洞，并可以输出安全分析报告。