Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Simulation of an application
US9846774B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9846774-B2 |
| Application number | US-201514752911-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 27, 2015 |
| Priority date | Jun 27, 2015 |
| Publication date | Dec 19, 2017 |
| Grant date | Dec 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.
First claim
Opening claim text (preview).
What is claimed is: 1. At least one non-transitory machine-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to: run an application in a sandbox environment, wherein the application includes a plurality of function calls; log parameters for each function call of the application during run time in the sandbox environment, wherein the logged parameters include each function call, input parameters for each function call, and output parameters for each function call; store the logged parameters in an emulation table; and use the logged parameters in a simulation environment to simulate execution of a function call of the plurality of function calls, wherein simulating execution of the function call comprises simulating the function call without having to run the function call by: determining from the emulation table whether a current simulation environment parameter set for the function call matches logged input parameters for the function call; and in response to determining the current simulation environment parameter set matches logged input parameters, returning the logged output parameters for the function call. 2. The at least one non-transitory machine-readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to: assess overall logging data and determine prevalent combinations of input to output parameter mappings for each function call. 3. The at least one non-transitory machine-readable medium of claim 2 , further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to: remove at least one parameter that does not influence an output of at least one of the function calls. 4. The at least one non-transitory machine-readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to: communicate the emulation table to an electronic device. 5. An apparatus comprising: a network emulation module configured to: run an application in a sandbox environment, wherein the application includes a plurality of function calls; log parameters for each function call of the application during run time in the sandbox environment, wherein the logged parameters include each function call, input parameters for each function call, and output parameters for each function call; store the logged parameters in an emulation table; and use the logged parameters in a simulation environment to simulate execution of a function call of the plurality of function calls, wherein simulating execution of the function call comprises simulating the function call without having to run the function call by: determining from the emulation table whether a current simulation environment parameter set for the function call matches logged input parameters for the function call; and in response to determining the current simulation environment parameter set matches logged input parameters, returning the logged output parameters for the function call. 6. The apparatus of claim 5 , wherein the network emulation module is further configured to: assess overall logging data and determine prevalent combinations of input to output parameter mappings for each function call. 7. The apparatus of claim 5 , wherein the network emulation module is further configured to: prune out parameters that do not influence an output of each function call. 8. The apparatus of claim 7 , wherein the network emulation module is further configured to: communicate the emulation table to an electronic device. 9. A method comprising: identifying an application on an electronic device, wherein the application includes a plurality of function calls; running the application in a sandbox environment; logging parameters for each function call of the application during run time in the sandbox environment, wherein the logged parameters include each function call, input parameters for each function call, and output parameters for each function call; storing the logged parameters in an emulation table; and simulating an execution of the application using the emulation table, wherein simulating execution of the application comprises simulating a function call of the plurality of function calls without having to run the function call by: determining from the emulation table whether a current simulation environment parameter set for the function call matches logged input parameters for the function call; and in response to determining the current simulation environment parameter set matches logged input parameters, returning the logged output parameters for the function call. 10. The method of claim 9 , further comprising: analyzing the simulation of the execution of the application for the presence of malware. 11. The method of claim 9 , wherein simulating the execution of the application using the emulation table is performed on the electronic device. 12. A system for the simulation of an application, the system comprising: a network emulation module configured to: run an application in a sandbox environment, wherein the application includes a plurality of function calls; log parameters for each function call of the application during run time in the sandbox environment, wherein the logged parameters include each function call, input parameters for each function call, and output parameters for each function call; store the logged parameters in an emulation table; and use the logged parameters in a simulation environment to simulate execution of a function call of the plurality of function calls, wherein simulating execution of the function call comprises simulating the function call without having to run the function call by: determining from the emulation table whether a current simulation environment parameter set for the function call matches logged input parameters for the function call; and in response to determining the current simulation environment parameter set matches logged input parameters, returning the logged output parameters for the function call.
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Test or assess software · CPC title
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9846774B2 cover?
- Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate…
- Who is the assignee on this patent?
- Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).