The anti-malware vendor Kaspersky, which routinely analyzes software as part of its security research, has developed a method for tracing the sequence of events that happens when a set of programming instructions run. The idea is to analyze the behavior of third-party programs without having to click through the structure of source code and analyze it on a per-line basis, which can be time-consuming.
The patent was filed on December 19, 2008, but wasn't granted by the US Patent Office until March 30. "Identifiers of the trace tool, trace strings, and data fields and components of the diagnostic information are encoded using a coded binary language," says the patent abstract. "After monitoring execution of the program product, a trace report of the trace tool is translated for an intended recipient from the coded binary language into the human language, whereas an unauthorized access to the contents of the trace record is restricted."
Obfuscating specific source code information from the analysis process broadens the scope of potential software products that can be scanned in this way without contravening intellectual property laws, although this would not be a problem while scanning a known piece of malware to see how it operated.
According to the patent, technology can be applied to software, firmware, and hardware; to anything, in fact, comprising computer-executable instructions. The various steps of analysis can be implemented as a software modules, or optionally combined into a single module.
"When implemented in software, the computer program product may be stored on or transmitted using a computer-readable recording medium adapted for storing the computer-executable instructions or transferring the computer program product from one computer to another," the patent said.