US20190245833A1 - Intercepting and injecting calls into operations and objects - Google Patents
Intercepting and injecting calls into operations and objects Download PDFInfo
- Publication number
- US20190245833A1 US20190245833A1 US16/236,522 US201816236522A US2019245833A1 US 20190245833 A1 US20190245833 A1 US 20190245833A1 US 201816236522 A US201816236522 A US 201816236522A US 2019245833 A1 US2019245833 A1 US 2019245833A1
- Authority
- US
- United States
- Prior art keywords
- operations
- computer
- original
- source code
- variable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 claims abstract description 42
- 238000004590 computer program Methods 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 70
- 230000009466 transformation Effects 0.000 claims description 54
- 230000014509 gene expression Effects 0.000 claims description 33
- 238000000844 transformation Methods 0.000 claims description 10
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000001131 transforming effect Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 16
- 230000003068 static effect Effects 0.000 description 15
- 238000013515 script Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 9
- 238000002347 injection Methods 0.000 description 6
- 239000007924 injection Substances 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000010979 ruby Substances 0.000 description 2
- 229910001750 ruby Inorganic materials 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/51—Source to source
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/106—Enforcing content protection by specific content processing
- G06F21/1066—Hiding content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45516—Runtime code conversion or optimisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45529—Embedded in an application, e.g. JavaScript in a Web browser
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G06F2221/0748—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a remote client computer, and comprising, using an intermediary computer that is topologically interposed between the server computer and the remote client computer is provided. The intermediary computer is configured to intercept a first set of source code instructions from the server computer. The intermediary computer identifies first party operations that include operations on objects and the objects themselves. The intermediary computer identifies a first set of operations within the first party operations that are configured to define values for one or more objects based on one or more constants. The intermediary computer then generates a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer. The intermediary computer transforms the first party operations into transformed first party operations by substituting the first set of operations with the second set of operations. The intermediary computer generates a second set of source code instructions that are based on the first set of source code instructions and the transformed first party operations. The intermediary computer then sends the second set of source code instructions to the client computer.
Description
- This application claims the benefit under 35 U.S.C. § 120 as a Continuation of U.S. patent application Ser. No. 15/069,667, filed on Mar. 14, 2016, the entire contents of which are hereby incorporated by reference as if fully set forth herein.
- The present disclosure generally relates to security techniques applicable to client/server systems, and relates more specifically to techniques for improving resistance of server computers to attacks by client computers. SUGGESTED GROUP ART UNIT: 2441; SUGGESTED CLASS/SUBCLASS: 709/224.
- The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section. A scripting language is a programing language for writing computer programs in the form of scripts. Examples of scripting languages include JavaScript or ECMAScript, ActionScript, Dart, VB Script, Typescript, Ruby, and Python. A script is a program distributed as source code and executed by interpretation rather than compilation. Interpretation is advantageous because deployment and customization are simplified. These advantages make scripting well suited for adding custom behaviors to an already installed application, such as a web browser. Browser support has made JavaScript the most widely used programing language for the Internet.
- Execution by interpretation may also present drawbacks for a scripting language. Since a script is distributed to a browser as source code, security and intellectual property are heightened concerns. Source code is vulnerable to reverse engineering, copying, spoofing, and cracking. For example, when script source code is delivered to a browser, malicious programs can alter the script source code for malicious purposes, such as capturing passwords, bank information, and other sensitive information, causing the browser to execute the maliciously altered script source code rather than the original script source code that the server computer generated. Algorithms and data are difficult to hide when source code is publicized.
- Machine analysis is an important part of misuse of source code. For example, internet bots programmed to run automated tasks, compromised endpoints, or malicious software may attempt to read and analyze source code for malicious purposes. To achieve security by obscurity, techniques are needed to prevent or encumber machine analysis of scripts.
- The appended claims may serve as a summary of the invention.
- In the drawings:
-
FIG. 1 illustrates functional units of a computer system that is configured to improve security of server computers interacting with client computers. -
FIG. 2 illustrates a more detailed view of the functional units within a web infrastructure, an intermediary computer, and client computers. -
FIG. 3 illustrates a process for improved security by injecting additional source code instructions into original source code instructions, sent by server computers, and then sending the modified source code instructions to client computers. -
FIG. 4 illustrates an example of generating a second set of source code instructions based upon a subset of original operations and additional second party source code instructions. -
FIG. 5 illustrates a computer system upon which an embodiment may be implemented. - While each of the drawing figures illustrates a particular embodiment for purposes of illustrating a clear example, other embodiments may omit, add to, reorder, and/or modify any of the elements shown in the drawing figures. For purposes of illustrating clear examples, one or more figures may be described with reference to one or more other figures, but using the particular arrangement illustrated in the one or more other figures is not required in other embodiments.
- In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention.
- Embodiments are described herein according to the following outline:
-
- 1.0 General Overview
- 2.0 Computer System for Source Code Obfuscation
- 2.1 Browser
- 2.2 Web Infrastructure
- 2.3 Intermediary
- 3.0 Transforming First Party Source Code Instructions
- 4.0 Example Source Code Obfuscation Transformations
- 4.1 Unobtrusive Obfuscations
- 4.1.1 Numeric Expression Substitution
- 4.1.2 Literal Deconstruction
- 4.1.3 Visually Similar Identifiers
- 4.2 Obfuscation Transformations that Generate Functions
- 4.2.1 Code Extraction
- 4.2.2 Code Injection
- 4.2.3 Immediately-Invoked Function Expression
- 4.2.4 Recursive Function Injection
- 4.1 Unobtrusive Obfuscations
- 5.0 Implementation Mechanisms-Hardware Overview
- 6.0 Other Aspects of Disclosure
- 1.0 General Overview
- A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a remote client computer, and comprising, using an intermediary computer that is topologically interposed between the server computer and the remote client computer is provided. In an embodiment, the intermediary computer is configured to intercept a first set of source code instructions from the server computer. The first set of source code instructions are configured to achieve an expected result when executed by a web browser on the client computer. The intermediary computer is configured to identify first party operations within the first set of source code instructions, where the first party operations include operations on objects and the objects referenced by the first set of source code instructions. The intermediary computer is configured to identify a first set of operations within the first party operations that are configured to define values for one or more objects based on one or more constants. The intermediary computer then generates a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer. The intermediary computer transforms the first party operations into transformed party operations by substituting the first set of operations with the second set of operations. The intermediary computer generates a second set of source code instructions that are based on the first set of source code instructions and the transformed first party operations. The intermediary computer then sends the second set of source code instructions to the client computer.
- Embodiments discussed herein provide numerous benefits and improvements over the general idea of increasing the resistance of servers to reverse engineering, spoofing, and cracking. Unauthorized reuse of scripts or data is made more difficult. Human analysis is thwarted by reducing the readability of scripts.
- 2.0 Computer System for Source Code Obfuscation
-
FIG. 1 illustrates a system comprising a server security system, in an example embodiment.System 100 includesweb infrastructure 105,client computer 130, andintermediary computer 120 distributed across a plurality of interconnected networks. While each of the components listed above are illustrated as if running on a separate, computer from each other, one or more of the components listed above may be part of and/or executed on the same computer. For example,intermediary computer 120 andweb infrastructure 105 may be executed on the same computer, local area, and/or wide area network. Additionally or alternatively,intermediary computer 120 is a proxy server forweb infrastructure 105. Additionally or alternatively,intermediary computer 120 may be physically and/or logically between a router andweb infrastructure 105, such that all network data sent to, and/or sent from,web infrastructure 105 over one or more protocols may be intercepted byintermediary computer 120. - 2.1. Browser
-
Browser 135 may be a browser that is executed onclient computer 130 and operated by a user usingclient computer 130. For example,browser 135 may be a web browser that is configured to request data fromweb infrastructure 105, and receive and execute JavaScript, Hypertext Markup Language (HTML), and/or cascading style sheets (CSS). Thebrowser 135 includes abrowser frontend 140 and aruntime environment 145. - The
browser frontend 140 may cause one or more objects to be presented and/or updated visually and/or audibly to a user usingclient computer 130. Thebrowser frontend 140 may receive one or more inputs. For example, in response to a user pressing a particular button on a mouse or keyboard coupled toclient computer 130, thebrowser frontend 140 may receive data from the operating system running onclient computer 130 indicating that a user pressed the particular button. - In this context, an “object” may be a data structure that can be identified by an identifier and/or a relationship with another object. For example, an object may have a unique identifier that is a string, such as a name, customer number, or username. Accordingly, the object may be referenced and/or retrieved using the identifier. Also for example, if a particular object is the first child object of a parent object, then the particular object may be referenced and/or retrieved using a pointer to the parent object and then retrieving a pointer to the first child object. The
browser frontend 140 and/or theruntime environment 145 may provide one or more Application Programming Interfaces (“APis”) for referencing and/or retrieving objects within a Document Object Model (“DOM”). A DOM may be a cross-platform and language-independent representation of one or more objects that areinterrelated. The one or more APis may allow a user to reference and/or retrieve an object by unique identifier, and/or a relative and/or absolute location in a DOM. Selector APis and XPaths are two examples of APis that may be available in a browser to reference and/or retrieve objects within a DOM. An object may be a particular type of object. For example, one object may be a button, another object may be an input, or specifically a text field, and another object may be an image. - The
browser frontend 140 andruntime environment 145 may be communicatively coupled. For example, in response to receiving the data from the operating system, thebrowser frontend 140 may call an operation, or cause an operation to be called, such as method call. One or more of method calls may execute an operation on one or more objects in Document Object Model (DOM) which may update the user interface and thebrowser frontend 140 accordingly. - 2.2. Web Infrastructure
- In an embodiment, the
web infrastructure 105 depicted inFIG. 1 may be one or more server computers that receive requests for data from users, such as auser using browser 135, throughintermediary computer 130. In response,web infrastructure 105 may send data tobrowser 135, throughintermediary computer 130. As illustrated inFIG. 1 the data sent fromweb infrastructure 105 may include instructions: unmodified HTML, JavaScript, andCSS 110. In an embodiment, instructions are defined as one or more codes that define one or more objects and/or one or more operations. For example, instructions may comprise HTML, JavaScript, CSS, eXtensible Markup Language (XML), ActionScript, Dart, VBScript, Typescript, Ruby, Python, and/or any other standard or proprietary languages or codes that define objects, attributes, relationships between objects, and/or operations. -
FIG. 2 illustrates a web infrastructure in an example embodiment. Theweb infrastructure 105 may be described with reference to originalweb server computer 205 and second partyweb server computers 210 inFIG. 2 , but using the particular arrangement illustrated inFIG. 2 is not required in other embodiments. - Original
web server computer 205 may be a server computer that receives requests for data and responds with data. For example, originalweb server computer 205 may be an HTTP-based web server that receives HTTP requests and responds with data comprising HTML, JavaScript, and/or CSS instructions. - Second party
web server computers 210 may be one or more server computers that store additional source code that may be used for various operations including, but not limited to, logging, collecting telemetry data, or source code used for obfuscating objects and/or operations. - 2.3. Intermediary
- In an embodiment, the
intermediary computer 120, as depicted inFIG. 1 , may intercept first party source code instructions sent fromweb infrastructure 105, generate new source code instructions, and send the new source code instructions tobrowser 135. For example,intermediary computer 120 may intercept first party unmodified HTML, JavaScript, andCSS 110 from, add second party additionalsource code instructions 160 to implement a set of additional operations, generate modified HTML, JavaScript, and CSS 125 (which may be different than HTML, JavaScript, and CSS 110), and send the modified HTML, JavaScript,CSS 125, which includes the additionalsource code instructions 160, tobrowser 135. Additionally,intermediary computer 120 may intercept a request frombrowser 135, generate a new, modified request, and send the new, modified request toweb infrastructure 105. - In
FIG. 2 , theintermediary computer 120 may be an HTTP intermediary that intercepts and modifies HTML, JavaScript, CSS, and HTTP requests for HTTP web browsers. However, theintermediary computer 120 may be an intermediary for any other standard and/or proprietary protocol. Theintermediary computer 120 may also add additional source code instructions to the modified HTML, JavaScript, and/orCSS 125. Furthermore, each of the components discussed, which theintermediary computer 120 is comprised of, may be configured to perform any of the processes and/or methods discussed herein for any standard and/or proprietary protocol. - The
intermediary computer 120 may be a server computer that is located on the same network asweb infrastructure 105. Additionally or alternatively,intermediary computer 120 may be topologically located between a public-facing router andweb infrastructure 105, logically and/or physically. Theintermediary computer 120 may be located in a shared computing facility such as a co-location facility, with or without theweb infrastructure 105. Theintermediary computer 120 also may be implemented as a software process that executes in a general-purpose computer system that is co-located with theweb infrastructure 105, or is hosted using a shared computing facility such as a private datacenter or public datacenter or cloud computing facility. In any of these embodiments, theintermediary computer 120 may execute using one or more virtual machine instances. Using any of these embodiments, requests frombrowser 135 toweb infrastructure 105 may be passed through and/or modified byintermediary computer 120. Furthermore, instructions fromweb infrastructure 105 tobrowser 135 may be passed through and/or modified byintermediary computer 120. -
FIG. 2 illustrates a more detailed view of theintermediary computer 120, in an example embodiment. Theintermediary computer 120 may be described with reference to several components illustrated inFIG. 2 and discussed in detail below, but using the particular arrangement is not required in other embodiments. Theintermediary computer 120 may compriseprotocol client logic 215,browser backend logic 220,forward transformer logic 225,protocol server logic 230,transaction store logic 235, andreverse transformer logic 240. In an embodiment, each of the functional units ofintermediary computer 120 may be implemented using any of the techniques further described herein in connection withFIG. 4 ; for example, theintermediary computer 120 may comprise a general-purpose computer configured with one or more stored programs which when executed cause performing the functions described herein for theintermediary computer 120, or a special-purpose computer with digital logic that is configured to execute the functions, or digital logic that is used in other computing devices. -
Protocol client logic 215 may intercept data over any standard or proprietary protocol. For example,Protocol client logic 215 may intercept data over HTTP. Accordingly,Protocol client logic 215 may be communicatively coupled withweb infrastructure 105, originalweb server computer 205, and third partyweb server computers 215. -
Browser backend 220 may be an HTTP-based headless browser. Additionally or alternatively,browser backend logic 220 may be a headless browser based on one or more other standard and/or proprietary protocols.Browser backend 220 may make requests for second party additional source code instructions from second partyweb server computers 210 for the purpose of injecting and/or substituting second party source code instructions into the first party source code instructions intercepted over HTTP. - In an embodiment, the
browser backend logic 220 may parse the first party source code instructions intercepted byprotocol client logic 215 to identify a set of operations. An operation may be any function, method, script, and/or any other code, which when executed operates on an object. In an embodiment, operations may also be objects themselves. In an embodiment, thebrowser backend logic 220 may generate and store the objects and/or operations in memory that have been parsed from the first party source code instructions intercepted. - In an embodiment,
browser backend logic 220 may create additional operations from the second party additional source code instructions and the identified set of operations from the first party source code. These additional operations may be used for the purposes of logging specific function calls and/or collecting telemetry data related to specific function calls. These types of additional operations may include be referred to as supervisor operations. Supervisor operations are operations designed to track specific function calls executed by thebrowser 135. The supervisor operations may also include functions, methods, scripts, and/or other code. For example, a supervisor operation may include an operation from the original first party source code instructions, referred to as a base operation, such that when the supervisor operation is invoked the invocation is logged and then the base operation from the original first party code instructions is executed. By embedding, the base operation from the original first party code instructions within the supervisor operation, theintermediary computer 120 may be able to track when and how often the original base operation is executed. - In an embodiment, additional operations may also include a set of operations which, when invoked perform a function call that does not affect the output of the original first party source code instructions embedded within it. These types of additional operations may be used for the purpose of obfuscating the original function call within the original first party code.
- The
browser backend logic 220 may notifyforward transformer logic 225 of the set of generated additional operations and the identified set of operations from the first party source code instructions and to begin generating new transformed source code instructions based on the objects and/or operations that are currently in memory. - The
forward transformer logic 225 may operate on the objects and/or operations created by thebrowser backend logic 220, to generate one or more attribute maps and/or DOM maps, a new set of transformed instructions based on the one or more operations and/or objects in memory, and add additional operations. - For example,
browser backend logic 220 may modify the objects and/or operations in memory according to one or more real-time polymorphic methods: modifying one or more object identifiers, attribute, or relationship(s) with one or more other objects. Then the forward transformer 336 may send the transformed instructions toprotocol server logic 230 based upon the objects and/or operations in memory. Theforward transformer logic 225 may send the attribute maps and/or DOM maps totransaction store 240. -
Protocol server logic 230 may receive the transformed instructions generated byforward transformer logic 225 and send the transformed instructions tobrowser 135. Additionally or alternatively,protocol server logic 230 may intercept requests frombrowser 135 and forward the requests totransaction store logic 235. - The
transaction store logic 235 may receive requests intercepted byprotocol server logic 230 frombrowser 135.Transaction store 235 may retrieve one or more attribute maps and/or DOM maps, based on data in the request, and forward the request with the retrieved one or more attribute maps and/or DOM maps to reversetransformer logic 240. Accordingly,transaction store logic 235 may be communicatively coupled withreverse transformer logic 240. - In an embodiment, the
transaction store logic 235 may receive requests related to supervisor operations that were inserted into the modified source code instructions that were sent to thebrowser 135. Thetransaction store logic 235 may store the requests related to supervisor operations into data storage, coupled to theintermediary computer 120, as telemetry data which then may be used to analyze the frequency and origin of specific function calls monitored. - The
reverse transformer logic 240 may transform requests intercepted byprotocol server logic 230, which are based on instructions generated byforward transformer logic 225, into requests that would have been generated bybrowser 135 hadbrowser 135 received the original instructions sent from originalweb server computer 205.Reverse transformer 240 may transform requests based on the one or more attribute maps and/or DOM maps retrieved bytransaction store logic 235.Reverse transformer 240 may send the transformed request to originalweb server computer 205 throughprotocol client logic 215. - 3.0. Transforming First Party Source Code Instructions
-
FIG. 3 illustrates an example process for improved security by inserting second party source code instructions into the original first party source code instructions and then sending transformed source code instructions to thebrowser 135. For purposes of illustrating a clear example,FIG. 3 may be described with reference toFIG. 1 andFIG. 2 , but using the particular arrangements illustrated inFIG. 1 andFIG. 2 are not required in other embodiments. - At
step 305, theintermediary computer 120 intercepts the first party source code instructions from theoriginal web server 205. For example, theprotocol client logic 215 may receive instructions from theoriginal web server 205, in response to a request from thebrowser 135. - At
step 310, theintermediary computer 120 parses the first party source code instructions to identify a set of operations. In an embodiment, thebrowser backend logic 220 parses the first party source code instructions to identify a set of first party operations. For example, theprotocol client logic 215 may send a first set of HTML and/or JavaScript instructions to thebrowser backend logic 220. TheBrowser backend 220 may parse the received HTML and/or JavaScript instructions into an abstract syntax tree. For the purposes of illustrating a clear example, assume that the intercepted set of instructions include instructions that define an original set of JavaScript methods that operate on one or more original objects using original object identifiers. In an embodiment, thebrowser backend logic 220 may use semantic analysis to determine which operations assign static literals to objects. These identified operations may be identified as a subset of operations that qualify for modification with second party source code instructions. The subset of operations is herein referred to as a first set of operations. - Snippet 1 is an example of first party operations that the
browser backend logic 220 may analyze to determine whether an operation assigns a static literal to a variable. -
Snippet 1: line 01: var val= 4; line 02: var doubledVal =value* 2; - In an embodiment, the
browser backend logic 220 may identify line 01 as a static literal assignment to a variable. In this case, thebrowser backend logic 220 would include line 01 as part of a first set of operations suitable for modification and/or substitution using second party source code instructions.FIG. 4 illustrates an example of generating a second set of source code instructions from the first set of operations identified and the second party source code instructions. First partysource code instructions 405 represents the first party source code instructions intercepted by theprotocol client logic 215. Thebrowser backend logic 220 receives the first partysource code instructions 405 and identifies operations, such as JavaScript operations, within the first partysource code instructions 405. The identified operations are referred to asfirst party operations 410 and include all operations on objects and objects themselves. Thebrowser backend logic 220 then identifies a first set of operations to be modified and/or substituted, referred to as a first set ofoperations 415. In an embodiment, the first set ofoperations 415 includes operations that include assignments of static literals to objects. - At
step 315, thebrowser backend logic 220 generates a second set of operations that are based upon the first set ofoperations 415 identified by thebrowser backend logic 220 and received second partysource code instructions 430 from the secondparty web servers 210. - In an embodiment, block 425 illustrates merging the first set of
operations 415 with the second partysource code instructions 430 by either modifying or substituting part of the first set ofoperations 415. For example, line 01 from Snippet 1 (above) may be partially modified by substituting the static literal with second partysource code instructions 430 that include function calls including the original static literal from line 01. Snippet 2 is an example of additional second party source code that may be added to line 01 of Snippet 1. -
Snippet 2: line 03: document.addEventListener(‘click’, function( ) { console.log(“Document was clicked”)}); - Snippet 2 illustrates an example of second party source code instructions that add logging functionality to JavaScript code. When added to the first set of
operations 415, the second partysource code instructions 430 do not affect the result of the first set ofoperations 415. Snippet 3 illustrates inserting line 03 into line 01 using an immediately invoked function expression (IIFE). An IIFE is a self-executing anonymous function that is defined in an expression that is immediately executed by the browser. By inserting snippets of original operations, such as assignments of static literals, into IIFEs, reading source code to determine the output of the source code becomes more difficult. For example, if a bot tried to parse and read modified source code by removing inserted IIFEs then the bot would end up with unpredictable source code because by removing the inserted IIFEs the bot would also be removing parts of the original source code that included assignments of static literals to essential objects. Snippet 3 depicts an example inserted IIFE with an embedded assignment of a static literal. -
Snippet 3: line 01: var val= (function ( ) { document.addEventListener ( ‘click’, function( ) {console.log(“Document was clicked” ) }) ; return 4; } ( ); - In Snippet 3, the function described in line 03 has been implemented within an IIFE and the static literal “4” has been appended to the end of the IIFE so that the returned result of the function is the original static literal, which is assigned to object val.
- In an embodiment, before merging the first set of
operations 415 with the second partysource code instructions 430, thebrowser backend logic 220 may implement obfuscation transformation logic 420 on the first set ofoperations 415. Obfuscation transformation is a technique reconfiguring operations from one form to another form that distorts the structure of the operation without altering the effects of the operation. For example, line 01 of Snippet 1 may be transformed into the following obfuscated Snippet 4. - Obfuscated Snippet 4:
-
var val=[−(Math·LOG 10E*10)]; line 01 - In an embodiment,
browser backend logic 220 may transform original line 1 into the obfuscated line 1 above, where the obfuscated line 1 is a mathematical expression that when evaluated returns “4”, which is the same value assigned to “val” in original line 1. The result of the obfuscation transformation logic 420 may then be merged with second partysource code instructions 430 by theoperation merging logic 425. Additional embodiments of obfuscation techniques are described in detail in the EXAMPLE SOURCE CODE OBFUSCATION TRANSFORMATIONS section herein. - Snippet 5 illustrates an embodiment of a static literal assignment operation that is transformed using obfuscation transformation logic 420 and then merged with second party
source code instructions 430 usingoperation merging logic 425. -
Snippet 5: (Block 415) (original) line 01: var val = 4; (obfuscated transformation) line 02: var val= [--(Math.LOG10E * 10)]; (Block 420) (second party source code to be added) line 03: document.addEventListener(‘click’, function( ) { console.log(“Document was clicked”) }); (line 02 merged with obfuscated line 1) line 04: var val= (function ( ) { document.addEventListener ( 1click 1,function( ) {console.log(“Document was clicked” ) }) return [--(Math.LOG10E * 10)]; } ( ); -
Block 435 represents a modified secondparty source code 435, which is the output of merging the second partysource code instructions 430 with the first set ofoperations 415. In the example above, line 04 is the combination of the obfuscation transformation of line 02 combined with the second partysource code instructions 430 of line 03 executed as an IIFE. - At
step 320, theforward transformer logic 225 transforms thefirst party operations 410 by substituting the identified first set ofoperations 415 with the modified secondparty source code 435. In an embodiment, if the first set ofoperations 415 is a set of operations that are assignments of static literals then theforward transformer logic 225 substitutes all identified first set ofoperations 415 with the modified secondparty source code 435 to produce a set of transformedfirst party operations 445. The transformedfirst party operations 445 include all of thefirst party operations 410, which are not part of the first set ofoperations 415, and the modified secondparty source code 435. - For example, snippet 6 represents the
first party operations 410, including operations that are identified as part of the first set ofoperations 415, and substituting the first set ofoperations 415 with the modified secondparty source code 435. -
Snippet 6: line 01: var val = 4; (original first set of operations 415) line 02: vardoubledVal value* 2; (original first party operations 410) -
Transformed Snippet 6: (modified second party source code 435) line 01: line la: var val= (function ( ) { document.addEventListener ( 1click1,function( {console.log(“Document was clicked” ) }) ; return [--(Math.LOG10E * 10)]; } ( ); (original first party operations 410) line 02: line 2: var doubledVal =value* 2; - In this example, line 01 is identified as part of the first set of
operations 415. Line 02 is part of thefirst party operations 410, but not part of the first set ofoperations 415. Therefore only line 01 is substituted with the modified secondparty source code 435. Transformed snippet 6 represents the result ofstep 320, the transformedfirst party operations 445. - At
step 325, theforward transformer logic 225 generates a second set ofsource code instructions 450. In an embodiment, theforward transformer logic 225 replaces the originalfirst party operations 410 that were identified within the first partysource code instructions 405 with the transformedfirst party operations 445 to generate the second set ofsource code instructions 450. In an embodiment, the second set ofsource code instructions 450 includes the transformedfirst party operations 445, which represents identified JavaScript operations, and any other source code that was part of the first partysource code instructions 405 and was not previously parsed and identified as JavaScript operations, such as HTML and/or CSS. In another embodiment, the transformedfirst party operations 445 may represent identified scripting operations other than JavaScript. The second set ofsource code instructions 450 is then sent to theprotocol server logic 230 for forwarding to thebrowser 135. Atstep 330, theprotocol server logic 230 sends the second set of source code instructions to thebrowser 135. - 4.0. Example Source Code Obfuscation Transformations
- In various embodiments, obfuscation transformation logic 420 implements, one or more of the obfuscation transformations that are described in this section. Any one or more of these obfuscations may be combined, such that a statement may be obfuscated by multiple transformations. For purposes of illustrating clear examples, source code snippets set forth in this section show JavaScript, but in other embodiments, the obfuscations described in this section are applicable to other scripting languages. The statements in this section may serve as a functional specification and/or design specification that a skilled programmer, software engineer, and/or computer engineer may use to implement an embodiment using any suitable programming development environment, programming language, digital logic, or other computer elements. This section may serve as an example of steps that may be used for implementing the claimed functions recited in the claims and are provided in sufficient detail such that one skilled in the art would know how to program a microprocessor or computer to perform the steps of the claims in any of various embodiments.
- 4.1. Unobtrusive Obfuscations
- Some obfuscation transformations do not alter the structure of a script. Examples include peephole obfuscations that can be applied to an individual statement without consideration of interdependencies that involve surrounding statements.
- 4.1.1. Numeric Expression Substitution
- An integer literal is a more human readable way to define a number. A less readable way is to define an expression that calculates the number when executed in
browser 135. The expression may include operators, literal operands, and symbolic operands. In an embodiment, obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of an integer literal. Obfuscation transformation logic 420 may find a snippet of JavaScript operations such as Original Snippet 7. -
Original Snippet 7: line 03:tries 6; line 04:skill = O; - When processing Original Snippet 7, obfuscation transformation logic 420 may apply a transformation that replaces integer literals “6” and “0” with an expression that uses a different literal to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 7. Implementations of obfuscation transformation logic 420 may use different literals and operators to compose the expression. -
Obfuscated Snippet 7: line 01:tries =2 * Number.MIN VALUE/ line 02: Number.MIN VALUE* 3; line 03:skill —”; - 4.1.2 Literal Deconstruction
- A string literal is a more human readable way to define a character string. A less readable way is to define a concatenation of substrings that assembles the character string when executed in
browser 135. According to literal deconstruction obfuscation, the obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of a string literal. the obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 8. - Original Snippet 8:
-
title=“Today's Important Headlines”; line 01 - When processing Original Snippet 8, the obfuscation transformation logic 420 may apply a transformation that decomposes the string literal into substrings that are concatenated to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 8. Implementations of the obfuscation transformation logic 420 may use different heuristics for deciding at which points to sever the string literal into substrings. For example the substrings may have identical or random lengths. An implementation may define substrings that each are composed of only vowels, only consonants, or only punctuation. For example no substring of Obfuscated Snippet 8 has both a vowel and a consonant. -
Obfuscated Snippet 8: line 01: title= “T”+“o”+“d”+“ay'”+ line 02: “s ”+“I”+“mp”+“o”+“rt”+“a”+ line 03: “nt H”+“ea”+“dl”+“i”+“n”+“e”+“s”; - String assembly by a concatenation operator is not the only way to perform literal deconstruction obfuscation. Passing an array of substrings to a join function may accomplish the same obfuscation in a different way. The join function may achieve greater obfuscation because it allows removal of a common character from the substrings. An implementation may scan a string literal to discover a most frequent character and then use that character as a separator with which to split the string literal into substrings that lack that character. The obfuscation transformation logic 420 may find a JavaScript operation such as Original Snippet 9.
- Original Snippet 9:
-
title=“Today's Important Headlines”; line 04 - When processing Original Snippet 9, the obfuscation transformation logic 420 may use an “a” character as a separator to split the string literal into substrings that are joined to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 9. -
Obfuscated Snippet 9: line 05: title= [“Tod”,“y's Import”, “nt He”, “dlines”].join(“a”); - 4.1.3 Visually Similar Identifiers
- A JavaScript identifier may be composed by selecting letters from hundreds of strange Unicode letters. A distinct and meaningful name is a more human readable way of declaring a variable. A less readable name is meaningless and similar to other variable names. In an embodiment, the obfuscation transformation logic 420 may scan the original JavaScript operations for occurrences of a variable name. The obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 10.
-
Original Snippet 10: line 06: subject= “This web page”; line 07: verb= “works”; line 08: sentence= subject+ verb+“.”; - When processing Original Snippet 10, the obfuscation transformation logic 420 may use visually similar names to rename variables to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 10. Implementations of the obfuscation transformation logic 420 may generate a variable name by repetition of a few base letters. Repetition reduces readability because a human has difficulty distinguishing between two variable names composed of the same repeating letter, but repeated different amounts. Occurrences of a base letter may modified by adding a diacritic. Diacritics reduce readability because they are unfamiliar and visually subtle. Diacritics may be drawn from multiple natural languages to ensure unfamiliarity. - 4.2. Obfuscation Transformations that Generate Functions
- Obfuscation is an example of logic refactoring. Many refactorings are accomplished by introducing a function. The obfuscation transformation logic 420 may define a function that is not defined in original JavaScript operations. The obfuscation transformation logic 420 may also invoke the function. The definition and invocation of the function may occur in adjacent statements or may be separated by other statements to decrease human readability. The name of the function may be similar to the name of another function to decrease human readability.
- 4.2.1. Code Extraction
- Directly in line is a more human readable way to use an expression. A less readable way is to extract the expression into a function and invoke the function to achieve the same result when executed in
browser 135. According to code extraction obfuscation, the obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of an expression. The obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 11. - Original Snippet 11:
-
perimeter=2*(width+height); line 12 - When processing Original Snippet 11, the obfuscation transformation logic 420 may extract the right hand side of the equation into a function and then invoke the function to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 11. Although the definition and invocation of the function are shown on adjacent lines, adjacency is not required and may be avoided to hide the function definition. An implementation may also rely on automatic declaration hoisting within a JavaScript scope to further hide the function declaration. Depending on the placement of the function definition, the signature of the function may need arguments for variables used in the extracted expression. -
Obfuscated Snippet 11: line 13: function foo( ) { line 14: return 2 * (width+ height); } line 15: perimeter= foo( ); - 4.2.2. Code Injection
- Directly in line is a more human readable way to use an expression. A less readable way is to inject new expressions and/or functions that modify one or more original objects such that the multiple modifications achieve the same result when executed in
browser 135. According to code injection obfuscation, the obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of an expression to modify with injected code. For example, the obfuscation transformation logic 420 may apply encryption functionality to an original JavaScript expression, then define and invoke a function that decrypts the previously encrypted JavaScript expression. The obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 12. - Original Snippet 12:
-
perimeter=2*(width+height); line 16 - When processing Original Snippet 12, the obfuscation transformation logic 420 may add an additional encryption function call after the Original Snippet 12, and then define and invoke an additional function that decrypts the encrypted Original Snippet 12, as shown in Obfuscated Snippet 12.
-
Obfuscated Snippet 12: line 17: perimeter = 2 * (width + height) ; line 18: encrypt(perimeter); line 19: function foo(var) { line 20: return decrypt(var); } line 21: foo(perimeter); - 4.2.3. Immediately-Invoked Function Expression
- A literal is a more human readable way to use a value. A less readable way is to define a closure that returns the value when invoked in
browser 135. According to immediately-invoked function expression obfuscation, the obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of a literal. The literal may be number, a string, or an object. The obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 13. - Original Snippet 13:
-
age=9; line 22 - When processing Original Snippet 13, the obfuscation transformation logic 420 may define a JavaScript immediately-invoked function expression to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 13. - Obfuscated Snippet 13:
-
age=(function( ){return 9;}( )); line 23 - 4.2.4. Recursive Function Injection
- An integer literal is a more human readable way to define a number. A less readable way is to define a recursive function that when invoked with particular argument values may achieve the same result when executed in
browser 135. According to recursive function injection obfuscation, the obfuscation transformation logic 420 may scan original JavaScript operations for occurrences of an integer literal. The obfuscation transformation logic 420 may find a snippet of JavaScript such as Original Snippet 14. - Original Snippet 14:
-
age=9; line 24 - When processing Original Snippet 14, the obfuscation transformation logic 420 may define a recursive function having a counter parameter and an accumulator parameter to achieve the same result when executed in
browser 135. Such a transformation yields Obfuscated Snippet 14. When invoked with particular values for the counter and the accumulator, the function may recursively decrement the counter until zero. Each recursive invocation of the function may adjust the accumulator by a specific amount. Although the definition and invocation of the recursive function are shown on adjacent lines, adjacency is not required and may be avoided to hide the function definition. -
Obfuscated Snippet 14: line 25: function recurs(counter,accumulator) { line 26: if (O==counter) return accumulator; line 27: return recurs(counter−1,accumulator+2); } line 28: age= recurs(6,−3); - 5.0. Implementation Mechanisms-Hardware Overview
- According to one embodiment, the techniques described herein are implemented by one or more special-purpose computing devices. The special-purpose computing devices may be hard-wired to perform the techniques, or may include digital electronic devices such as one or more application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs) that are persistently programmed to perform the techniques, or may include one or more general purpose hardware processors programmed to perform the techniques pursuant to program instructions in firmware, memory, other storage, or a combination. Such special-purpose computing devices may also combine custom hard-wired logic, ASICs, or FPGAs with custom programming to accomplish the techniques. The special-purpose computing devices may be desktop computer systems, portable computer systems, handheld devices, networking devices or any other device that incorporates hard-wired and/or program logic to implement the techniques.
- For example,
FIG. 5 is a block diagram that illustrates a computer system 500 upon which an embodiment of the invention may be implemented. Computer system 500 includes abus 502 or other communication mechanism for communicating information, and ahardware processor 504 coupled withbus 502 for processing information.Hardware processor 504 may be, for example, a general purpose microprocessor. - Computer system 500 also includes a
main memory 506, such as a random access memory (RAM) or other dynamic storage device, coupled tobus 502 for storing information and instructions to be executed byprocessor 504.Main memory 506 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed byprocessor 504. Such instructions, when stored in non-transitory storage media accessible toprocessor 504, render computer system 500 into a special-purpose machine that is customized to perform the operations specified in the instructions. - Computer system 500 further includes a read only memory (ROM) 508 or other static storage device coupled to
bus 502 for storing static information and instructions forprocessor 504. Astorage device 510, such as a magnetic disk or optical disk, is provided and coupled tobus 502 for storing information and instructions. - Computer system 500 may be coupled via
bus 502 to adisplay 512, such as a cathode ray tube (CRT), for displaying information to a computer user. Aninput device 514, including alphanumeric and other keys, is coupled tobus 502 for communicating information and command selections toprocessor 504. Another type of user input device iscursor control 516, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections toprocessor 504 and for controlling cursor movement ondisplay 512. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane. - Computer system 500 may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computer system causes or programs computer system 500 to be a special-purpose machine. According to one embodiment, the techniques herein are performed by computer system 500 in response to
processor 504 executing one or more sequences of one or more instructions contained inmain memory 506. Such instructions may be read intomain memory 506 from another storage medium, such asstorage device 510. Execution of the sequences of instructions contained inmain memory 506 causesprocessor 504 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions. - The term “storage media” as used herein refers to any non-transitory media that store data and/or instructions that cause a machine to operation in a specific fashion. Such storage media may comprise non-volatile media and/or volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as
storage device 510. Volatile media includes dynamic memory, such asmain memory 506. Common forms of storage media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, any other memory chip or cartridge. - Storage media is distinct from but may be used in conjunction with transmission media. Transmission media participates in transferring information between storage media. For example, transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise
bus 502. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications. - Various forms of media may be involved in carrying one or more sequences of one or more instructions to
processor 504 for execution. For example, the instructions may initially be carried on a magnetic disk or solid state drive of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 500 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data onbus 502.Bus 502 carries the data tomain memory 506, from whichprocessor 504 retrieves and executes the instructions. The instructions received bymain memory 506 may optionally be stored onstorage device 510 either before or after execution byprocessor 504. - Computer system 500 also includes a
communication interface 518 coupled tobus 502.Communication interface 518 provides a two-way data communication coupling to anetwork link 520 that is connected to alocal network 522. For example,communication interface 518 may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example,communication interface 518 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation,communication interface 518 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information. - Network link 520 typically provides data communication through one or more networks to other data devices. For example,
network link 520 may provide a connection throughlocal network 522 to ahost computer 524 or to data equipment operated by an Internet Service Provider (ISP) 526.ISP 526 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 528.Local network 522 andInternet 528 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals onnetwork link 520 and throughcommunication interface 518, which carry the digital data to and from computer system 500, are example forms of transmission media. - Computer system 500 can send messages and receive data, including program code, through the network(s),
network link 520 andcommunication interface 518. In the Internet example, aserver 530 might transmit a requested code for an application program throughInternet 528,ISP 526,local network 522 andcommunication interface 518. - The received code may be executed by
processor 504 as it is received, and/or stored instorage device 510, or other non-volatile storage for later execution. - 6.0. Other Aspects of Disclosure
- In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense. The sole and exclusive indicator of the scope of the invention, and what is intended by the applicants to be the scope of the invention, is the literal and equivalent scope of the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction.
Claims (15)
1. A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a client computer, and comprising:
using an intermediary computer that is topologically interposed between the server computer and the client computer:
intercepting a first set of source code instructions from the server computer that are configured to achieve an expected result when executed by a web browser on a client computer;
within the first set of source code instructions, identifying first party operations that include at least operations on objects and the objects referenced by the first set of source code instructions;
identifying a first set of operations within the first party operations, that are configured to define values for one or more objects based on one or more constants;
generating a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer;
transforming the first party operations into transformed first party operations by substituting the first set of operations with the second set of operations;
generating a second set of source code instructions that are based on the first set of source code instructions and the transformed first party operations;
sending the second set of source code instructions to the client computer.
2. The computer implemented method of claim 1 , wherein generating a second set of operations comprises implementing one or more obfuscation transformations to the first set of operations to generate the second set of operations.
3. The computer implemented method of claim 2 , wherein generating a second set of operations further comprises inserting additional functions that are executed as an IIFE.
4. A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a client computer, and comprising:
using an intermediary computer that is topologically interposed between the server computer and the client computer:
intercepting a first set of instructions from the server computer that define one or more objects and a set of original operations that operate on the one or more objects;
identifying a subset of original operations from the set of original operations within the first set of instructions to be extracted from the set of original operations;
generating a set of additional operations, where the set of additional operations is based at least in part on the subset of original operations and the one or more objects;
transforming the set of original operations to produce a set of transformed operations that are based at least in part on the set of additional operations;
generating a second set of instructions that define the set of additional operations and the set of transformed operations;
sending the second set of instructions to the client computer.
5. The method of claim 4 , further comprising generating the second set of instructions which define the set of original operations.
6. The method of claim 4 , wherein the set of additional operations includes one or more supervisor operations, which when executed, cause interception of a call to an operation on the client computer.
7. The method of claim 6 , wherein the call to the operation is a base operation that is defined by a runtime environment, and wherein the one or more supervisor operations, which when executed in the runtime environment on the client computer, cause:
sending, to the intermediary computer, a set of telemetry data indicating that the call to the base operation was made;
performing the base operation;
receiving, from the client computer, the set of telemetry data;
storing, in a database, the set of telemetry data which indicates that the call to the base operation was made.
8. The method of claim 7 , wherein generating the set of additional operations further comprises:
applying one or more obfuscation transformations to the subset of original operations, to produce a set of obfuscated transformed operations;
wherein the subset of original operations is configured to achieve an expected result when executed by the client computer;
wherein the set of obfuscated transformed operations is configured to achieve the expected result as the subset of original operations when executed by the client computer;
wherein generating the set of additional operations includes the set of obfuscated transformed operations.
9. The method of claim 8 , wherein the subset of original operations comprise a literal text string;
wherein the set of obfuscated transformed operations comprise a statement defining a closure having a body that is configured to return the literal text string when executed by the client computer and invocation of the closure, and which is configured to achieve the expected result when executed by the client computer.
10. The method of claim 9 , wherein the statement comprises a JavaScript immediately-invoked function expression.
11. The method of claim 7 , wherein the set of original operations comprise a first assignment expression that is configured to assign a first value to a variable;
wherein the set of transformed operations include the first assignment expression that is configured to assign the first value to the variable and a first modification expression configured to modify the first value of the variable to a second value;
wherein the set of additional operations include a second modification expression configured to modify the second value of the variable to the first value.
12. The method of claim 11 , wherein the a first modification expression is configured to apply encryption to the first value of the variable; and
wherein the a second modification expression is configured to apply decryption to the second value of the variable.
13. The method of claim 7 , wherein the set of original operations comprise a first assignment expression configured to assign a first value to a first variable;
wherein the first value is a combined value of a second value from a second variable and a third value from a third variable, where the second variable and third variable are defined in the set of original operations;
wherein the set of transformed operations comprise the first assignment expression configured to assign the first value to the first variable;
wherein the first value is the combined value of the second value from the second variable and the third value from the third variable;
wherein the set of additional operations comprise defining the second variable and third variable.
14. The method of claim 7 , wherein the set of original operations comprise a first assignment expression configured to assign a first value to a first variable;
wherein the set of additional operations comprise the first assignment expression configured to assign a first function to the first variable;
wherein the first function is a specific library function, where the specific library function is part of a library that is supported by the set of original operations.
15. The method of claim 7 further comprising:
intercepting from the client computer, a request that includes one or more modified object identifiers;
transforming the request, based on the one or more modified object identifiers to produce a modified request, wherein the modified request is the request that would have been received by the client computer had the client computer received the first set of instructions;
sending the modified request to the server computer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/236,522 US20190245833A1 (en) | 2016-03-14 | 2018-12-30 | Intercepting and injecting calls into operations and objects |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/069,667 US10216488B1 (en) | 2016-03-14 | 2016-03-14 | Intercepting and injecting calls into operations and objects |
US16/236,522 US20190245833A1 (en) | 2016-03-14 | 2018-12-30 | Intercepting and injecting calls into operations and objects |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/069,667 Continuation US10216488B1 (en) | 2016-03-14 | 2016-03-14 | Intercepting and injecting calls into operations and objects |
Publications (1)
Publication Number | Publication Date |
---|---|
US20190245833A1 true US20190245833A1 (en) | 2019-08-08 |
Family
ID=65410955
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/069,667 Active US10216488B1 (en) | 2016-03-14 | 2016-03-14 | Intercepting and injecting calls into operations and objects |
US16/236,522 Abandoned US20190245833A1 (en) | 2016-03-14 | 2018-12-30 | Intercepting and injecting calls into operations and objects |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/069,667 Active US10216488B1 (en) | 2016-03-14 | 2016-03-14 | Intercepting and injecting calls into operations and objects |
Country Status (1)
Country | Link |
---|---|
US (2) | US10216488B1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10834101B2 (en) | 2016-03-09 | 2020-11-10 | Shape Security, Inc. | Applying bytecode obfuscation techniques to programs written in an interpreted language |
US11349816B2 (en) | 2016-12-02 | 2022-05-31 | F5, Inc. | Obfuscating source code sent, from a server computer, to a browser on a client computer |
US11741197B1 (en) | 2019-10-15 | 2023-08-29 | Shape Security, Inc. | Obfuscating programs using different instruction set architectures |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9858440B1 (en) * | 2014-05-23 | 2018-01-02 | Shape Security, Inc. | Encoding of sensitive data |
US10846356B2 (en) * | 2018-06-13 | 2020-11-24 | At&T Intellectual Property I, L.P. | Scalable whittled proxy execution for low-latency web over cellular networks |
US11074069B2 (en) | 2019-06-06 | 2021-07-27 | International Business Machines Corporation | Replaying interactions with transactional and database environments with re-arrangement |
US10929126B2 (en) | 2019-06-06 | 2021-02-23 | International Business Machines Corporation | Intercepting and replaying interactions with transactional and database environments |
US10915426B2 (en) * | 2019-06-06 | 2021-02-09 | International Business Machines Corporation | Intercepting and recording calls to a module in real-time |
US11016762B2 (en) | 2019-06-06 | 2021-05-25 | International Business Machines Corporation | Determining caller of a module in real-time |
US11036619B2 (en) | 2019-06-06 | 2021-06-15 | International Business Machines Corporation | Bypassing execution of a module in real-time |
US11405363B2 (en) | 2019-06-26 | 2022-08-02 | Microsoft Technology Licensing, Llc | File upload control for client-side applications in proxy solutions |
US11308259B2 (en) * | 2020-03-09 | 2022-04-19 | Servicenow, Inc. | Web element retargeting |
US11748460B2 (en) * | 2020-04-27 | 2023-09-05 | Imperva, Inc. | Procedural code generation for challenge code |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050183072A1 (en) * | 1999-07-29 | 2005-08-18 | Intertrust Technologies Corporation | Software self-defense systems and methods |
US8954583B1 (en) * | 2014-01-20 | 2015-02-10 | Shape Security, Inc. | Intercepting and supervising calls to transformed operations and objects |
US20150088969A1 (en) * | 2013-09-20 | 2015-03-26 | Yottaa Inc. | Systems and methods for managing loading priority or sequencing of fragments of a web object |
US20160314301A1 (en) * | 2015-04-21 | 2016-10-27 | Martin Johns | Cooperative Static and Dynamic Analysis of Web Application Code for Finding Security Vulnerabilities |
Family Cites Families (78)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0988591A1 (en) | 1997-06-09 | 2000-03-29 | Intertrust, Incorporated | Obfuscation techniques for enhancing software security |
US20050114705A1 (en) | 1997-12-11 | 2005-05-26 | Eran Reshef | Method and system for discriminating a human action from a computerized action |
US6606663B1 (en) | 1998-09-29 | 2003-08-12 | Openwave Systems Inc. | Method and apparatus for caching credentials in proxy servers for wireless user agents |
US7058699B1 (en) * | 2000-06-16 | 2006-06-06 | Yahoo! Inc. | System and methods for implementing code translations that enable persistent client-server communication via a proxy |
US6938170B1 (en) | 2000-07-17 | 2005-08-30 | International Business Machines Corporation | System and method for preventing automated crawler access to web-based data sources using a dynamic data transcoding scheme |
US6996841B2 (en) | 2001-04-19 | 2006-02-07 | Microsoft Corporation | Negotiating secure connections through a proxy server |
US7010779B2 (en) | 2001-08-16 | 2006-03-07 | Knowledge Dynamics, Inc. | Parser, code generator, and data calculation and transformation engine for spreadsheet calculations |
US20030217287A1 (en) | 2002-05-16 | 2003-11-20 | Ilya Kruglenko | Secure desktop environment for unsophisticated computer users |
US8510571B1 (en) | 2003-03-24 | 2013-08-13 | Hoi Chang | System and method for inserting security mechanisms into a software program |
US8473620B2 (en) | 2003-04-14 | 2013-06-25 | Riverbed Technology, Inc. | Interception of a cloud-based communication connection |
US20050108562A1 (en) | 2003-06-18 | 2005-05-19 | Khazan Roger I. | Technique for detecting executable malicious code using a combination of static and dynamic analyses |
US8015301B2 (en) | 2003-09-30 | 2011-09-06 | Novell, Inc. | Policy and attribute based access to a resource |
US8806187B1 (en) * | 2009-12-03 | 2014-08-12 | Google Inc. | Protecting browser-viewed content from piracy |
US20050182958A1 (en) | 2004-02-17 | 2005-08-18 | Duc Pham | Secure, real-time application execution control system and methods |
US8307291B2 (en) | 2004-08-11 | 2012-11-06 | American Express Travel Related Services Company, Inc. | Web page security system and method |
US7480385B2 (en) | 2004-11-05 | 2009-01-20 | Cable Television Laboratories, Inc. | Hierarchical encryption key system for securing digital media |
US7634572B2 (en) | 2004-12-22 | 2009-12-15 | Slipstream Data Inc. | Browser-plugin based method for advanced HTTPS data processing |
US7587616B2 (en) | 2005-02-25 | 2009-09-08 | Microsoft Corporation | System and method of iterative code obfuscation |
US7707223B2 (en) | 2005-04-28 | 2010-04-27 | Cisco Technology, Inc. | Client-side java content transformation |
US7584364B2 (en) | 2005-05-09 | 2009-09-01 | Microsoft Corporation | Overlapped code obfuscation |
US8800042B2 (en) | 2005-05-16 | 2014-08-05 | Hewlett-Packard Development Company, L.P. | Secure web application development and execution environment |
US20090119504A1 (en) | 2005-08-10 | 2009-05-07 | Riverbed Technology, Inc. | Intercepting and split-terminating authenticated communication connections |
JP4918544B2 (en) * | 2005-10-28 | 2012-04-18 | パナソニック株式会社 | Obfuscation evaluation method, obfuscation evaluation apparatus, obfuscation evaluation program, storage medium, and integrated circuit |
US8375120B2 (en) | 2005-11-23 | 2013-02-12 | Trend Micro Incorporated | Domain name system security network |
EP1982288A2 (en) | 2006-01-26 | 2008-10-22 | Imprivata, Inc. | Systems and methods for multi-factor authentication |
US8132242B1 (en) | 2006-02-13 | 2012-03-06 | Juniper Networks, Inc. | Automated authentication of software applications using a limited-use token |
US7797421B1 (en) | 2006-12-15 | 2010-09-14 | Amazon Technologies, Inc. | Method and system for determining and notifying users of undesirable network content |
US20080222736A1 (en) | 2007-03-07 | 2008-09-11 | Trusteer Ltd. | Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks |
US7895653B2 (en) | 2007-05-31 | 2011-02-22 | International Business Machines Corporation | Internet robot detection for network distributable markup |
US20090007243A1 (en) | 2007-06-27 | 2009-01-01 | Trusteer Ltd. | Method for rendering password theft ineffective |
US8495358B2 (en) | 2007-09-07 | 2013-07-23 | Dis-Ent, Llc | Software based multi-channel polymorphic data obfuscation |
US20090132813A1 (en) | 2007-11-08 | 2009-05-21 | Suridx, Inc. | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones |
US8260845B1 (en) | 2007-11-21 | 2012-09-04 | Appcelerator, Inc. | System and method for auto-generating JavaScript proxies and meta-proxies |
US8347396B2 (en) | 2007-11-30 | 2013-01-01 | International Business Machines Corporation | Protect sensitive content for human-only consumption |
US20090241174A1 (en) | 2008-02-19 | 2009-09-24 | Guru Rajan | Handling Human Detection for Devices Connected Over a Network |
US9317255B2 (en) | 2008-03-28 | 2016-04-19 | Microsoft Technology Licensing, LCC | Automatic code transformation with state transformer monads |
KR101027928B1 (en) | 2008-07-23 | 2011-04-12 | 한국전자통신연구원 | Apparatus and Method for detecting obfuscated web page |
AU2009288767B2 (en) | 2008-09-08 | 2015-08-06 | Salesforce.Com, Inc. | An appliance, system, method and corresponding software components for encrypting and processing data |
CN102217225B (en) | 2008-10-03 | 2014-04-02 | 杰出网络公司 | Content delivery network encryption |
US8020193B2 (en) | 2008-10-20 | 2011-09-13 | International Business Machines Corporation | Systems and methods for protecting web based applications from cross site request forgery attacks |
US8621578B1 (en) | 2008-12-10 | 2013-12-31 | Confident Technologies, Inc. | Methods and systems for protecting website forms from automated access |
US9336191B2 (en) | 2009-05-05 | 2016-05-10 | Suboti, Llc | System, method and computer readable medium for recording authoring events with web page content |
US11102325B2 (en) | 2009-10-23 | 2021-08-24 | Moov Corporation | Configurable and dynamic transformation of web content |
US8539224B2 (en) | 2009-11-05 | 2013-09-17 | International Business Machines Corporation | Obscuring form data through obfuscation |
US10102301B2 (en) * | 2010-04-01 | 2018-10-16 | Cloudflare, Inc. | Internet-based proxy security services |
US8739150B2 (en) | 2010-05-28 | 2014-05-27 | Smartshift Gmbh | Systems and methods for dynamically replacing code objects via conditional pattern templates |
US8788577B2 (en) | 2010-06-22 | 2014-07-22 | Akamai Technologies, Inc. | Method and system for automated analysis and transformation of web pages |
US20120124372A1 (en) | 2010-10-13 | 2012-05-17 | Akamai Technologies, Inc. | Protecting Websites and Website Users By Obscuring URLs |
US8631091B2 (en) | 2010-10-15 | 2014-01-14 | Northeastern University | Content distribution network using a web browser and locally stored content to directly exchange content between users |
US20120311715A1 (en) | 2011-05-30 | 2012-12-06 | Yaron Tal | System and method for protecting a website from hacking attacks |
US8700991B1 (en) | 2011-07-19 | 2014-04-15 | Amazon Technologies, Inc. | Protecting content presented in a web browser |
US9465799B2 (en) | 2011-10-10 | 2016-10-11 | Red Hat, Inc. | Server-side internationalization and localization of web applications using a scripting language |
WO2013091709A1 (en) | 2011-12-22 | 2013-06-27 | Fundació Privada Barcelona Digital Centre Tecnologic | Method and apparatus for real-time dynamic transformation of the code of a web document |
IL217279A0 (en) | 2011-12-29 | 2012-02-29 | Israel Ragutski | Method and system for ensuring authenticity of ip data served by a service provider |
US10049168B2 (en) | 2012-01-31 | 2018-08-14 | Openwave Mobility, Inc. | Systems and methods for modifying webpage data |
WO2013172898A2 (en) | 2012-02-21 | 2013-11-21 | Logos Technologies, Llc | System for detecting, analyzing, and controlling infiltration of computer and network systems |
US20140089786A1 (en) | 2012-06-01 | 2014-03-27 | Atiq Hashmi | Automated Processor For Web Content To Mobile-Optimized Content Transformation |
US20140130182A1 (en) | 2012-11-02 | 2014-05-08 | Genesismedia Llc | Controlled Grant Of Access To Media Content |
US8806627B1 (en) | 2012-12-17 | 2014-08-12 | Emc Corporation | Content randomization for thwarting malicious software attacks |
US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
US20140223290A1 (en) | 2013-02-01 | 2014-08-07 | Qualcomm Incorporated | Creating a transposed document defined by transposed markup language including transposed text |
US9338143B2 (en) | 2013-03-15 | 2016-05-10 | Shape Security, Inc. | Stateless web content anti-automation |
CA2930335C (en) | 2013-11-14 | 2023-10-10 | Pleasant Solutions Inc. | System and method for credentialed access to a remote server |
US9294502B1 (en) | 2013-12-06 | 2016-03-22 | Radware, Ltd. | Method and system for detection of malicious bots |
US9241004B1 (en) | 2014-03-11 | 2016-01-19 | Trend Micro Incorporated | Alteration of web documents for protection against web-injection attacks |
US9544329B2 (en) | 2014-03-18 | 2017-01-10 | Shape Security, Inc. | Client/server security by an intermediary executing instructions received from a server and rendering client application instructions |
US9858440B1 (en) | 2014-05-23 | 2018-01-02 | Shape Security, Inc. | Encoding of sensitive data |
US9083739B1 (en) | 2014-05-29 | 2015-07-14 | Shape Security, Inc. | Client/server authentication using dynamic credentials |
US9210171B1 (en) | 2014-05-29 | 2015-12-08 | Shape Security, Inc. | Selectively protecting valid links to pages of a web site |
US9438625B1 (en) | 2014-09-09 | 2016-09-06 | Shape Security, Inc. | Mitigating scripted attacks using dynamic polymorphism |
US9800602B2 (en) | 2014-09-30 | 2017-10-24 | Shape Security, Inc. | Automated hardening of web page content |
US9529994B2 (en) | 2014-11-24 | 2016-12-27 | Shape Security, Inc. | Call stack integrity check on client/server systems |
US9582666B1 (en) * | 2015-05-07 | 2017-02-28 | Shape Security, Inc. | Computer system for improved security of server computers interacting with client computers |
US9986058B2 (en) | 2015-05-21 | 2018-05-29 | Shape Security, Inc. | Security systems for mitigating attacks from a headless browser executing on a client computer |
WO2017007705A1 (en) | 2015-07-06 | 2017-01-12 | Shape Security, Inc. | Asymmetrical challenges for web security |
US10230718B2 (en) | 2015-07-07 | 2019-03-12 | Shape Security, Inc. | Split serving of computer code |
EP3440542B1 (en) | 2016-03-09 | 2021-04-28 | Shape Security, Inc. | Applying bytecode obfuscation techniques to programs written in an interpreted language |
WO2018102767A1 (en) | 2016-12-02 | 2018-06-07 | Shape Security, Inc. | Obfuscating source code sent, from a server computer, to a browser on a client computer |
-
2016
- 2016-03-14 US US15/069,667 patent/US10216488B1/en active Active
-
2018
- 2018-12-30 US US16/236,522 patent/US20190245833A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050183072A1 (en) * | 1999-07-29 | 2005-08-18 | Intertrust Technologies Corporation | Software self-defense systems and methods |
US20150088969A1 (en) * | 2013-09-20 | 2015-03-26 | Yottaa Inc. | Systems and methods for managing loading priority or sequencing of fragments of a web object |
US8954583B1 (en) * | 2014-01-20 | 2015-02-10 | Shape Security, Inc. | Intercepting and supervising calls to transformed operations and objects |
US20160314301A1 (en) * | 2015-04-21 | 2016-10-27 | Martin Johns | Cooperative Static and Dynamic Analysis of Web Application Code for Finding Security Vulnerabilities |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10834101B2 (en) | 2016-03-09 | 2020-11-10 | Shape Security, Inc. | Applying bytecode obfuscation techniques to programs written in an interpreted language |
US11349816B2 (en) | 2016-12-02 | 2022-05-31 | F5, Inc. | Obfuscating source code sent, from a server computer, to a browser on a client computer |
US11741197B1 (en) | 2019-10-15 | 2023-08-29 | Shape Security, Inc. | Obfuscating programs using different instruction set architectures |
Also Published As
Publication number | Publication date |
---|---|
US10216488B1 (en) | 2019-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20190245833A1 (en) | Intercepting and injecting calls into operations and objects | |
US10652275B2 (en) | Management of calls to transformed operations and objects | |
EP3440542B1 (en) | Applying bytecode obfuscation techniques to programs written in an interpreted language | |
US10798202B2 (en) | Security systems for mitigating attacks from a headless browser executing on a client computer | |
US10855696B2 (en) | Variable runtime transpilation | |
US9582666B1 (en) | Computer system for improved security of server computers interacting with client computers | |
US9438625B1 (en) | Mitigating scripted attacks using dynamic polymorphism | |
US20180309729A1 (en) | Client/server security by an intermediary rendering modified in-memory objects | |
US9411958B2 (en) | Polymorphic treatment of data entered at clients | |
US20150271188A1 (en) | Client/server security by an intermediary executing instructions received from a server and rendering client application instructions | |
Tirronen | Stopping injection attacks with code and structured data | |
Abreu | Morphing Web Pages to Preclude Web Page Tampering Threats |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SHAPE SECURITY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:OVERSON, JARROD;YANG, SIYING;REEL/FRAME:047873/0981 Effective date: 20160311 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |