Determining the vulnerability of computer software applications to privilege-escalation attacks

摘要

Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.

主权项

1. A method for determining vulnerability of computer software applications to privilege-escalation attacks implemented by a computing processor, the method comprising:
identifying, by the computing processor, a candidate access-restricted area of instructions of a computer software application; statically analyzing, by the computing processor, the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area; in response to determining that the conditional instruction exists, performing, by the computing processor, static analysis to determine if the conditional instruction is dependent on a user input; and in response to determining that the conditional instruction is not dependent on the user input, designating, by the computing processor, the candidate access-restricted area as vulnerable to privilege-escalation attacks.