Invention Grant
US08286250B1 Browser extension control flow graph construction for determining sensitive paths
失效
用于确定敏感路径的浏览器扩展控制流程图构造
- Patent Title: Browser extension control flow graph construction for determining sensitive paths
- Patent Title (中): 用于确定敏感路径的浏览器扩展控制流程图构造
-
Application No.: US13297982Application Date: 2011-11-16
-
Publication No.: US08286250B1Publication Date: 2012-10-09
- Inventor: Minh Thoai Anh Le , Andrew Swerdlow
- Applicant: Minh Thoai Anh Le , Andrew Swerdlow
- Applicant Address: US CA Mountain View
- Assignee: Google Inc.
- Current Assignee: Google Inc.
- Current Assignee Address: US CA Mountain View
- Agency: Sterne, Kessler, Goldstein & Fox PLLC
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00
Abstract:
A computer-implemented method, a system and a computer program product for determining whether a browser extension leaks information over a network, is provided. A control flow graph (CFG) is generated from a source code included in the browser extension. The CFG is particular to the programming language included in the source code. A sensitive path in the CFG is determined. The sensitive path begins at a sensitive source node and ends at a sensitive end node. A set of tainted variables in the CFG are identified, where each tainted variable stores sensitive or personal information. A subset of tainted variables is generated where each tainted variable in the subset is included in the sensitive path. When a tainted variable in the subset is included in the sensitive end node, the browser extension is determined to leak information over the network.
Information query
