Invented by David Richardson, Ahmed Mohamed Farrakha, William Neil Robinson, Brian James Buck, LookOut Inc
Analyzing the source software of a computing device has become a crucial aspect of assessing its security state. Source software refers to the original code written by developers, which forms the foundation of any software or application. By examining this code, security experts can identify vulnerabilities, potential backdoors, or malicious code that may compromise the device’s security.
One of the key players in this market is the field of static code analysis. Static code analysis involves examining the source code without executing it, allowing for a comprehensive review of potential security flaws. This analysis can identify common coding errors, such as buffer overflows or SQL injection vulnerabilities, which can be exploited by attackers.
Another important aspect of determining the security state of a computing device is dynamic code analysis. Unlike static code analysis, dynamic code analysis involves executing the software and monitoring its behavior in real-time. This approach allows for the identification of vulnerabilities that may only manifest during runtime, such as memory leaks or insecure network communication.
Several companies have emerged in recent years to cater to the growing demand for source software analysis. These companies offer a range of solutions, from automated tools that scan the code for vulnerabilities to comprehensive security audits performed by experienced professionals. They provide detailed reports highlighting potential security risks and recommendations for remediation.
The market for determining the security state of a computing device by analyzing its source software is not limited to large organizations or government agencies. Small businesses and individual users are also recognizing the importance of securing their devices. As a result, there is a growing demand for user-friendly tools and services that can assess the security state of personal computers, smartphones, and other computing devices.
Furthermore, regulatory bodies and industry standards are increasingly emphasizing the need for secure software development practices. Compliance with these standards often requires organizations to conduct thorough security assessments of their software and devices. This further drives the market for source software analysis, as companies seek to meet regulatory requirements and demonstrate their commitment to cybersecurity.
However, challenges remain in this market. Analyzing source software can be a time-consuming and complex process, requiring expertise in both software development and cybersecurity. Additionally, as attackers become more sophisticated, they may employ techniques to obfuscate or hide malicious code, making it harder to detect. Therefore, continuous research and development are necessary to stay ahead of emerging threats and ensure the effectiveness of source software analysis tools.
In conclusion, the market for determining the security state of a computing device by analyzing its source software is witnessing significant growth. The increasing awareness of cybersecurity risks, coupled with regulatory requirements, is driving the demand for source software analysis tools and services. As the threat landscape evolves, it is crucial for organizations and individuals to invest in robust security measures, and analyzing source software is a vital component of this effort.
The LookOut Inc invention works as follows
To increase security, software is installed from a specific source on a computer device. In one method, the computing device provides an application identifier for an installation. The source identifier for the application is identified. The source and application identifiers are sent to the server over a network. The server sends a first state designation to the first application. The first state designator represents either a trusted or untrusted state. A second state designation will be set in response to the first state designation. The computing device receives the second state designation.
Background for Determining the security state of a computing device by analyzing its source software
Mobile application management (MAM), also known as mobile app management, is a software and service that allows users to control and manage access to apps developed by the company and those available commercially. These apps are used to run business applications on smartphones and tablets provided by the company and those brought in for use. “Mobile application management (MAM) relates to software and services for provisioning and controlling access to internally developed and commercially available mobile apps used in business settings on both company-provided devices as well as?bring your own?
Mobile Device Management (MDM)” is the industry term used to describe the management of mobile devices such as smartphones and tablets. MDM is typically implemented by using a third-party product with management features specific to a particular vendor of mobile devices. Good Technology, for example, provides MDM software.
MDM functionality includes over-the-air delivery of applications, data, and configuration settings to all types of mobile devices including mobile phones, tablets, smartphones, mobile printers, mobile POS, etc. Recently, desktops and laptops were added to the supported systems list. MDM tools can be used to manage both employee-owned devices (BYOD), as well as company-owned devices. BYOD, or Bring Your Own Device (BYOD), is a growing trend that requires MDM to be more effective and secure for both devices and enterprises. MDM reduces support costs and risks by controlling and protecting data and configuration settings on all mobile devices within a network.
Mobile monitoring has become more important as mobile devices are becoming more common and as there are more applications available for them. Many vendors assist mobile device manufacturers, portals of content and developers in testing and monitoring the delivery and use of their mobile apps. This testing is carried out in real time by simulating thousands of users and detecting bugs in the application.
The typical solution includes a server component that sends management commands to mobile devices and a client element which runs on mobile devices and implements management commands.
Central remote control uses commands that are sent via the airwaves to mobile devices.” Administrators at mobile operators, enterprise data centers, or handset OEMs can update or configure a single handset, a group of handsets, or even a whole group. OMA Device Management is a device management protocol that has been specified by the Open Mobile Alliance. The protocol is supported by many mobile devices such as PDAs, mobile phones and other mobile devices.
Over-the-air (OTA) programming capabilities are an integral part of enterprise and mobile network operator-grade software for mobile device management. This includes the ability to configure a mobile device remotely, or an entire fleet. OTA commands are transmitted as binary messages. These are messages that include binary data.
Over-the-air capabilities have become a high-demand feature. Enterprises that use OTA in their MDM infrastructure require high-quality OTA messaging. MDM solutions are available in both Software as a Service and on-premises versions.
As mentioned above, Good Technology provides an example of mobile device-management software that gives administrators some control and visibility. IT managers ensure that mobile devices comply with their organization-specific IT policies and that the correct configuration is pushed to devices. Good’s software for mobile device management allows users to enroll themselves over the air. IT can also automatically configure corporate policies and control, WiFi, VPN, and Exchange ActiveSync on mobile devices.
An administrator defines and deploys policy for an organization. The admin can choose from a list of policies that control passwords, encryption, Wi-Fi, VPNs, cameras, Wi, etc. The admin can wipe the data off a device if it is lost, stolen or retired.
The admin can manage and control multiple devices using a single console. Good’s MDM is compatible with a variety of mobile devices and operating systems, including Apple iOS and Apple Watch, Android and Windows Pro. It also supports Samsung KNOX and Samsung KNOX. Customizable policies ensure that the right policies will be applied to the device, whether it is a Bring Your Own Device, Corporate-Owned and Personally-Enabled devices (COPE), or a combination.
Good’s MDM is able to support a wide range of use cases, including those of business users, remote employees, sensitive users, shared devices and kiosks. Good’s MDM is available as a cloud-based solution. Good Technology’s Dynamics Secure Mobility Platform can be integrated into Good Technology’s MDM.
As users of mobile devices want to and can install applications from many different sources, which are outside the control of administrators, there is a greater risk of malware or unwanted software being installed. Peer-to-peer software sharing (e.g. using BitTorrent protocol) is one source of available software that users can access, but administrators may not be able to control or monitor. Some file-sharing sources are untrustworthy or known to be bad software sources.
BitTorrent” is a protocol used for peer-topeer file-sharing over the Internet. BitTorrent is a popular protocol for sending large files. “To send or receive files, the user must have a BitTorrent Client (a computer software that implements BitTorrent protocol).
Some popular BitTorrent clients are Xunlei Transmission,?Torrent MediaGet Vuze BitComet. BitTorrent trackers list files that are available for download and help with the transfer and reconstruction of those files. BitTorrent clients can be downloaded for many operating systems and computing platforms, including the official BitTorrent, Inc. client. According to BitTorrent, Inc., 150 million users are using BitTorrent as of January 2012.
Several BitTorrent studies indicate that a significant portion of the files available to download via BitTorrent contains malware. One small sample showed that 18% all executables available for downloading contained malware. “Another study states that up to 14.5% of BitTorrent files contain zero-day malware.
In contrast to BitTorrent, which is a potentially risky or untrusted source, users may install applications on their mobile devices from trusted sources. Google Play is a popular source for applications that are installed on Android-based mobile devices.
The Android system requires all applications to be digitally-signed with a private key that is owned by the developer. Android uses certificates to identify the author of an app and establish trust between apps. The certificate doesn’t need to be issued by a certification authority. Android applications are more likely to use self signed certificates.
Click here to view the patent on Google Patents.
Leave a Reply