Browse Prior Art Database

System, Method and Apparatus for Detection of Faulty Application level Patches for Framework Bugs with Applications in Security Assessment of Web and Mobile Systems

IP.com Disclosure Number: IPCOM000239779D
Publication Date: 2014-Dec-01
Document File: 2 page(s) / 31K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method for detection of faulty application level patches for framework bugs with applications in security assessment of web and mobile systems is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Method and Apparatus for Detection of Faulty Application level Patches for

      Method and Apparatus for Detection of Faulty Application level Patches for Framework Bugs with Applications in Security Assessment of Web and Mobile Systems

Disclosed is a method for detection of faulty application level patches for framework bugs with applications in security assessment of web and mobile systems.

The landscape of mobile software and hardware technologies is highly dynamic, advancing at a fast pace to meet the evolving demands and requirements of end-point consumers. This has led to the co-existence and co-use of multiple mobile platform and framework versions, and therefore the very concrete need for backward compatibility.

The situation becomes more complex when defects, in particular security vulnerability, are detected at the platform or framework level. On the one hand, there is the need for a framework level fix, which is often indeed released as part of the next version of the framework. On the other hand, applications using the framework must ensure backward compatibility, and thus contain patches for dealing with usage scenarios

where the application is forced to run atop an old version of the framework where the defect has not yet been fixed.

However, fixing of framework level bugs at the application level is often either incomplete or incorrect. This comes as little surprise given that framework level bugs are typically complex, subtle and tricky to understand. Often, the application developer doesn't even have full visibility into the bug and its respective framework code, and also may only have a partial understanding of the full scope of the problem.

The disclosed system and method detects and characterizes application level bugs due to patches for platform and framework level problems. Given an application, the analysis algorithm extracts the frameworks the application is based on; focuses modeling on interface points between the application and the frameworks; a...