US2016055345A1PendingUtilityA1

Automatic mediation of resource access in mobile applications

Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Jun 7, 2013Filed: Aug 24, 2015Published: Feb 25, 2016
Est. expiryJun 7, 2033(~6.9 yrs left)· nominal 20-yr term from priority
G06F 21/629G06F 21/60G06F 21/54G06F 8/75G06F 8/30
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . In a computing environment, a method, comprising:
 using a dominator tree corresponding to a program representation graph to determine, at a dominator-based placement component, whether one or more placement points are identifiable to insert prompting code corresponding to a consent dialog into a program code associated with the program representation graph;   on condition that the one or more placement points are not identifiable using the dominator tree, performing, at a backward search placement component, a backward search on the program representation graph to identify the one or more placement points; and   inserting the prompting code at the one or more placement points, the prompting code inserted while avoiding code of a library.   
     
     
         22 . The method of  claim 21  wherein the prompting code is inserted while avoiding code of a background process. 
     
     
         23 . The method of  claim 21  wherein the program code is processed by an automatic mediation component, and wherein the automatic mediation component is part of a cloud service. 
     
     
         24 . The method of  claim 21  further comprising:
 statically analyzing the program code to determine where sensitive data is able to be accessed during runtime without a consent prompt being shown to a user prior to the sensitive data being accessed. 
 
     
     
         25 . The method of  claim 21  further comprising:
 using isolated storage of the program code to avoid duplicating showing of a consent prompt. 
 
     
     
         26 . The method of  claim 25  further comprising:
 recording user consent in the isolated storage of the program code for a current runtime session. 
 
     
     
         27 . The method of  claim 25  further comprising:
 recording user consent in the isolated storage of the program code for future invocations of an application. 
 
     
     
         28 . The method of  claim 25  wherein using isolated storage of the program code to avoid duplicate showing of the consent prompt further comprises:
 saving a prompt status to the isolated storage of the program code to make user-granted permissions persistent. 
 
     
     
         29 . The method of  claim 21  further comprising:
 performing the backward search going backwards from a given node in the program representation graph to ensure that a first prompt is placed on a first path to the given node. 
 
     
     
         30 . The method of  claim 21  wherein the program code is mobile program code, and further comprising:
 placing the consent dialog within the mobile application program code. 
 
     
     
         31 . The method of  claim 21 , wherein using the dominator tree further comprises:
 determining whether a node in the dominator tree is an anticipating node.   
     
     
         32 . In a computing environment, a system comprising:
 a program representation graph construction component configured, upon execution by a processor, to construct a program representation graph representing application program code;   a program representation graph processing component configured, upon execution by the processor, to use the program representation graph to determine whether the application program code fails to provide a runtime consent dialog prior to a potential runtime access of a privacy-sensitive resource;   one or more placement components configured, upon execution by the processor, to determine one or more placement points to insert prompting code corresponding to the runtime consent dialog into the application program code where the application program code fails to provide the runtime consent dialog prior to the potential runtime access of the privacy-sensitive resource;   an insert prompt component configured, upon execution by the processor, to insert the prompting code at the one or more placement points; and   an isolated storage of the application program code configured to record a user consent to avoid duplicating showing of the consent prompt.   
     
     
         33 . The system of  claim 32  further comprising:
 a dominator-based placement component configured, upon execution by the processor, to determine the one or more placement points based upon walking of a dominator tree. 
 
     
     
         34 . The system of  claim 32  wherein the prompting code is inserted while avoiding code of a library. 
     
     
         35 . The system of  claim 32  wherein the prompting code inserted while avoiding code of a background process. 
     
     
         36 . The system of  claim 32  further comprising:
 a backward search placement component configured, upon execution by the processor, to perform a backward search using the program representation graph to determine at least one of the one or more placement points. 
 
     
     
         37 . The system of  claim 32  further comprising:
 a prompt status saved to the isolated storage of the application program code, wherein the prompt status makes user-granted permissions persistent. 
 
     
     
         38 . One or more computer-readable storage devices having computer-executable instructions, which are executed to perform steps comprising:
 using a dominator tree corresponding to a program representation graph to determine whether one or more placement points are identifiable to insert prompting code corresponding to a runtime consent dialog into a program code associated with the program representation graph; and   inserting the prompting code at the one or more placement points to restrict access to sensitive data during runtime without a prior consent prompt being shown to a user, the prompting code inserted while avoiding code of a library.   
     
     
         39 . The one or more computer-readable storage devices of  claim 38  having further computer-executable instructions comprising:
 on condition that the one or more placement points are not identifiable using a dominator tree, performing a backward search on the program representation graph to identify the one or more placement points. 
 
     
     
         40 . The one or more computer-readable storage devices of  claim 38  having further computer-executable instructions comprising:
 recording a user consent within an isolated storage of the program code to avoid duplicating output of the runtime consent dialog.

Join the waitlist — get patent alerts

Track US2016055345A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.