公开(公告)号：US08156559B2

公开(公告)日：2012-04-10

申请号：US11565426

申请日：2006-11-30

申请人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： H04L29/06

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

公开(公告)号：US08539585B2

公开(公告)日：2013-09-17

申请号：US11768134

申请日：2007-06-25

申请人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： G06F21/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

公开(公告)号：US20080134338A1

公开(公告)日：2008-06-05

申请号：US11565426

申请日：2006-11-30

申请人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

发明人： Shuo Chen ,  Jose Meseguer ,  Ralf Sasse ,  Jiahe Helen Wang ,  Yi-Min Wang

IPC分类号： G08B23/00

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

公开(公告)号：US20080133976A1

公开(公告)日：2008-06-05

申请号：US11768134

申请日：2007-06-25

申请人： Shuo Chen ,  Yi-Min Wang ,  Ralf Sasse ,  Jiahe Helen Wang

发明人： Shuo Chen ,  Yi-Min Wang ,  Ralf Sasse ,  Jiahe Helen Wang

IPC分类号： G06F11/36

CPC分类号： G06F11/3608 ,  G06F21/577 ,  G06F21/83

摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

摘要翻译： 为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。 这里描述的发明是使用系统推理方法揭露这些缺陷的技术。 该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。