Method and system for preventing injection-type attacks in a web based operating system
Abstract
A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device is disclosed. The method requires (a) analyzing the widget at an App-Store to determine first invariant data; (b) recording within a metadata file first invariant data; (c) associating said metadata file with said widget, and supplying said widget within a user device; (d) upon running said widget, activating a monitoring module, analyzing the running widget and determining by said module a second invariants data, and comparing respectively said second determined invariant data with said first determined invariants data; and (e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively.
Claims
exact text as granted — not AI-modified1 . A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device, which comprises:
a) analyzing the widget at an App-Store to determine a first collection of invariants; b) recording within a metadata file first invariant data, said first invariant data being the determined first collection of invariants, a first structural representation of said invariants, or a first combination thereof; c) associating said metadata file with said widget, and supplying said widget, including said associated metadata file to within a user device; d) upon running said widget by a web based OS at said user device, activating a monitoring module, analyzing the running widget and determining by said module in a manner substantially the same as previously done at the App Store a second invariants data, said invariants data being a second collection of invariants, a second structural representation of said invariants, or a combination thereof, and comparing respectively said second determined invariant data with said first determined invariants data; and e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively.
2 . The method according to claim 1 , wherein said first or second invariants data comprises one or more of (a) HTML pages; (b) a Java Script (JS) functional call graph; (c) external JS libraries items that are used by the widget; and (d) The CSSs (Cascading Style Sheets) that are used by the widget.
3 . The method according to claim 1 , wherein said first or second invariants data of the HTML pages, is the DOM tree of the HTML pages.
4 . The method according to claim 1 , wherein said monitoring module is a part of said web-based OS.
5 . The method according to claim 1 , wherein when an update is introduced at the APP-Store to said widget, a corresponding updated metadata file is also prepared, and sent to the device together with said update to the widget.
6 . The method according to claim 1 , wherein the monitoring module is a part of the web based OS rendering engine.
7 . The method according to claim 1 , wherein all updates to said widget, said metadata file, and said web based OS are performed by the App-Store.
8 . The method according to claim 1 , which is generic in terms of being independent from the nature of the specific widget, and from the nature of the malicious code which is injected into the command stream of a widget.
9 . The method according to claim 1 , wherein the web based OS is the Tizen OS.
10 . The method according to claim 1 , wherein the first or second invariants data are a partial relative to the entire invariants data of the widget, respectively.
11 . The method according to claim 1 , wherein the metadata file is encoded, before supplying the same to the device.Join the waitlist — get patent alerts
Track US2016142437A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.