DESC:RESERVATION OF RIGHTS
[0001] A portion of the disclosure of this patent document contains material, which is subject to intellectual property rights such as but are not limited to, copyright, design, trademark, integrated circuit (IC) layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (hereinafter referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.

FIELD OF INVENTION
[0002] The present disclosure generally relates to systems and methods for managing permission gaps while installing various operating system applications. More particularly, the present disclosure relates to a system and a method for minimizing application specific permission gaps.

BACKGROUND OF INVENTION
[0003] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0004] Operating systems use a well-defined permission-based security model that restricts an ingress of third-party applications to install and run on any given device irrespective of the operating system being used. The permission-based security models and their operations are widely blamed for their strict control of applications and the permissions granted to them during the course of development. Management of the security models is under the control of developers, marketers, and end-users. All the permissions are declared explicitly during the course of development, but unfortunately, not all the permissions granted are being used. The common practice is, every user has to accept and provide his authority for the permissions which are accepted blindly to be invoked and activated without any prior knowledge. These kinds of situations lead to security breaches, and hence, compromise the system. Unused permissions create permission gaps and may lead to an intruder attack during the installation.
[0005] The permission-based security model may include a set of permissions associated with each application that allows accessing certain resources. Further, permissions are explicitly accepted by users during the installation process and checked at runtime when resources are requested. The permission-based security model entails intrinsic risks and may lead to security breaches. For instance, not all users may be able to cleverly reject powerful permissions at installation time resulting in situations where the applications are granted with more permissions than they actually need. Hence, a “permission gap” malware may leverage these unused permissions for achieving their malicious goals which can be achieved through many ways, for instance, using code injection or return-oriented programming. Malwares may include files containing Trojans, viruses, and worms. Hence, the developer has to make sure that the data written onto an external storage is valid and free from all the vulnerabilities in every possible way. Hence, a robust system may be required to shield against the security breaches that are likely to occur through the permission gaps.
[0006] Conventional systems incorporate security architecture models with a strategy for determining a required permission set and detect a presence of the permission gap using a static analysis theory. The security architecture models extract a byte-code from the framework using a table that maps every method of an application programming interface (API) to a given set of permissions and methods that need to be executed.
[0007] There is, therefore, a need in the art to provide a system and a method that can mitigate the problems associated with the prior arts.

OBJECTS OF THE INVENTION
[0008] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are listed herein below.
[0009] It is an object of the present disclosure to provide a system and a method that enhances the security of application by defying a permission gap present in any application.
[0010] It is an object of the present disclosure to provide a system and a method that minimizes an effect due to the permission gap in permission-based software using automation, models, and queries.
[0011] It is an object of the present disclosure to provide a system and a method that is utilized on various operating systems, thereby maximizing an area of usage.
[0012] It is an object of the present disclosure to provide a system and a method that enhances the framework for storing data on a mobile computing device.
[0013] It is an object of the present disclosure to provide a system and a method that refines a framework under development until the required security measures are incorporated to secure user’s data.
[0014] It is an object of the present disclosure to provide a system and a method that modifies the framework until all the security measures are implemented and further converts the framework into a plugin/library for generating production code for various applications.
[0015] It is yet another object of the present disclosure to minimize the effect of permission-gaps in application software using Automation, Models, and Queries.

SUMMARY
[0016] This section is provided to introduce certain objects and aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0017] In an aspect, the present disclosure relates to a system for minimizing application specific permission gaps. The system may include a processor and a memory operatively coupled to the processor that stores instructions to be executed by the processor. The processor may receive a request from one or more users via a computing device. The one or more users may operate the computing device and may be connected to the processor via a network. The request may be based on accessibility of an unprocessed base framework without permission gaps. The processor may generate one or more queries for the unprocessed base framework using one or more security measures. The processor may generate a model based on the one or more queries and verify the generated model. The processor may determine if the one or more security measures are incorporated into the generated model. In response to a positive determination and verification, the processor may implement the one or more security measures on the generated model. The processor may generate a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.
[0018] In an embodiment, the one or more security may include at least one of a pre-existing security measure and a custom security measure.
[0019] In an embodiment, the processor may generate the model based on the one or more queries using a temporal logic mechanism.
[0020] In an embodiment, the processor may verify the generated model using an automated model checking tool.
[0021] In an embodiment, the processor may analyze the generated model, and update the automated model checking tool based on the analysis.
[0022] In an embodiment, in response to a negative determination, the processor may modify the unprocessed base framework and reiterate a process of generating the one or more queries using one or more security measures.
[0023] In an embodiment, the processor may convert the processed base framework with the permission gaps into a required plugin based on an application.
[0024] In an embodiment, the processor may customize the one or more queries based on the unprocessed base framework without the permission gaps.
[0025] In an aspect, the present disclosure relates to a method for minimizing application specific permission gaps. The method may include receiving, by a processor associated with a system, a request from one or more users. The request may be based on accessibility of an unprocessed base framework without permission gaps. The method may include generating, by the processor, one or more queries for the unprocessed base framework using one or more security measures. The method may include generating, by the processor, a model based on the one or more queries and verifying the generated model. The method may include determining, by the processor, if the one or more security measures are incorporated into the generated model. The method may include, in response to a positive determination and verification, implementing, by the processor, the one or more security measures on the generated model. The method may include generating, by the processor, a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.
[0026] In an embodiment, the method may include generating, by the processor, the model based on the one or more queries using a temporal logic mechanism.
[0027] In an embodiment, the method may include verifying, by the processor, the generated model using an automated model checking tool.
[0028] In an embodiment, the method may include, in response to a negative determination and verification, modifying, by the processor, the unprocessed base framework and reiterating, by the processor, the generation of the one or more queries using the one or more security measures.
[0029] In an embodiment, the method may include converting, by the processor, the processed base framework with the permission gaps into a required plugin based on an application.
[0030] In an embodiment, the method may include customizing, by the processor, the one or more queries based on the unprocessed base framework without the permission gaps.
[0031] In an aspect, a user equipment (UE) for minimizing application specific permission gaps may include one or more processors communicatively coupled to a processor associated with a system. The one or more processors may be coupled with a memory. The memory may store instructions to be executed by the one or more processors that may cause the one or more processors to transmit a request to the processor via a network. The request may be based on accessibility of an unprocessed base framework without permission gaps. The processor may be configured to receive the request from the UE. The processor may generate one or more queries for the unprocessed base framework using one or more security measures. The processor may generate a model based on the one or more queries and verify the generated model. The processor may determine if the one or more security measures are incorporated into the generated model. The processor may, in response to a positive determination and verification, implement the one or more security measures on the generated model. The processor may generate a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.

BRIEF DESCRIPTION OF DRAWINGS
[0032] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes the disclosure of electrical components, electronic components, or circuitry commonly used to implement such components.
[0033] FIG. 1 illustrates an exemplary network architecture (100) of a proposed system (108), in accordance with an embodiment of the present disclosure.
[0034] FIG. 2 illustrates an exemplary block diagram (200) of the proposed system (108), in accordance with an embodiment of the present disclosure.
[0035] FIG. 3 illustrates an exemplary flow diagram (300) for implementing the proposed system (108), in accordance with an embodiment of the present disclosure.
[0036] FIG. 4 illustrates an exemplary flow diagram (400) for implementing a model generator, in accordance with an embodiment of the present disclosure.
[0037] FIGs. 5A-5B illustrate exemplary state diagrams (500-1, 500-2) of the proposed system (108), in accordance with embodiments of the present disclosure.
[0038] FIG. 6 illustrates an exemplary computer system (600) in which or with which the embodiments of the present disclosure may be implemented.
[0039] The foregoing shall be more apparent from the following more detailed description of the disclosure.

DETAILED DESCRIPTION
[0040] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.
[0041] The ensuing description provides exemplary embodiments only and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0042] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail to avoid obscuring the embodiments.
[0043] Also, it is noted that individual embodiments may be described as a process that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling function or the main function.
[0044] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising” as an open transition word without precluding any additional or other elements.
[0045] Reference throughout this specification to “one embodiment” or “an embodiment” or “an instance” or “one instance” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0046] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms “a”, “an”, and “the” are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items.
[0047] The various embodiments throughout the disclosure will be explained in more detail with reference to FIGs. 1-6.
[0048] FIG. 1 illustrates an exemplary network architecture (100) of a proposed system (108), in accordance with an embodiment of the present disclosure.
[0049] As illustrated in FIG. 1, the network architecture (100) may include a system (108). The system (108) may be connected to one or more computing devices (104-1, 104-2…104-N) via a network (106). The one or more computing devices (104-1, 104-2…104-N) may be interchangeably specified as a user equipment (UE) (104) and be operated by one or more users (102-1, 102-2...102-N). Further, the one or more users (102-1, 102-2…102-N) may be interchangeably referred as a user (102) or users (102).
[0050] In an embodiment, the computing devices (104) may include, but not be limited to, a mobile, a laptop, etc. Further, the computing devices (104) may include a smartphone, virtual reality (VR) devices, augmented reality (AR) devices, a general-purpose computer, desktop, personal digital assistant, tablet computer, and a mainframe computer. Additionally, input devices for receiving input from the user (102) such as a touch pad, touch-enabled screen, electronic pen, and the like may be used. A person of ordinary skill in the art will appreciate that the computing devices (104) may not be restricted to the mentioned devices and various other devices may be used.
[0051] In an embodiment, the network (106) may include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The network (106) may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof.
[0052] In an embodiment, the system (108) may receive a request from the one or more users (102) via the computing device (104). The request may be based on accessibility of an unprocessed base framework without permission gaps. The system (108) may process a framework with the permission gaps without any security measures. Depending on the type of framework under consideration and its purpose, standard security measures may be implemented, which may act as a base for a query generator implemented by the system (108).
[0053] In an embodiment, the system (108) may generate one or more queries for the unprocessed base framework using one or more security measures. Further, the system (108) may generate a model based on the one or more queries and verify the generated model. The system (108) may generate the model based on the one or more queries using a temporal logic mechanism.
[0054] In an embodiment, the system (108) may determine if the one or more security measures are incorporated into the generated model. The one or more security measures may include, but not limited to, a pre-existing security measure and a custom security measure.
[0055] In an embodiment, the system (108) may, in response to a positive determination and verification, implement the one or more security measures on the generated model. The system (108) may verify the generated model using an automated model checking tool. The processor may update the automated model checking tool based on analyzing the generated model.
[0056] In an embodiment, the system (108) may receive the unprocessed framework as an input with the permission gap. The system (108) may also determine if the permission gap exists or not using a byte code extraction mechanism. Further, the system (108) may aid developers by providing information regarding loopholes in the generated code that may cause security breaches. The system (108) may include universal rules that may prevent a security breach for a particular permission gap. Further, custom rules may also be included in the system (108) to make the processed framework suitable for deployment. The system (108) may use universal and custom rules and generate the model. The generated model may be used as an input to the automated model checking tool comprising of formal methods as a core mechanism. The system (108) may run the framework, while the automated model checking tool may generate a report to determine if the processed framework may be used or discarded. The process may be repeated until the processed framework is refined and suitable for use.
[0057] In an embodiment, the system (108) may, in response to a negative determination, modify the unprocessed base framework and the system (108) may reiterate a process of generating the one or more queries using the one or more security measures.
[0058] In an embodiment, the system (108) may convert the processed base framework with the permission gaps into a required plugin based on an application. Further, in an embodiment, the system (108) may customize the one or more queries based on the unprocessed base framework without the permission gaps.
[0059] In an embodiment, the system (108) may incorporate a state diagram with the automated model checking tool for analyzing the generated model. The state diagram may describe the behaviour of the system (108). Further, the state diagram may include a finite number of states, representing the condition of the system (108) at finite instances of time.
[0060] Although FIG. 1 shows exemplary components of the network architecture (100), in other embodiments, the network architecture (100) may include fewer components, different components, differently arranged components, or additional functional components than depicted in FIG. 1. Additionally, or alternatively, one or more components of the network architecture (100) may perform functions described as being performed by one or more other components of the network architecture (100).
[0061] FIG. 2 illustrates an exemplary block diagram (200) of a proposed system (108), in accordance with an embodiment of the present disclosure.
[0062] Referring to FIG. 2, the system (108) may comprise one or more processor(s) (202) that may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) (202) may be configured to fetch and execute computer-readable instructions stored in a memory (204) of the system (108). The memory (204) may be configured to store one or more computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory (204) may comprise any non-transitory storage device including, for example, volatile memory such as random-access memory (RAM), or non-volatile memory such as erasable programmable read only memory (EPROM), flash memory, and the like.
[0063] In an embodiment, the system (108) may include an interface(s) (206). The interface(s) (206) may comprise a variety of interfaces, for example, interfaces for data input and output (I/O) devices, storage devices, and the like. The interface(s) (206) may also provide a communication pathway for one or more components of the system (108). Examples of such components include, but are not limited to, processing engine(s) (208) and a database (210), where the processing engine(s) (208) may include, but not be limited to, a data parameter engine (212) and a data analyzing engine (214).
[0064] In an embodiment, the processing engine(s) (208) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) (208). In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) (208) may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) (208) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) (208). In such examples, the system (108) may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system (108) and the processing resource. In other examples, the processing engine(s) (208) may be implemented by electronic circuitry.
[0065] In an embodiment, the processor (202) may receive a request via the data parameter engine (212). The request may be received from one or more users (102) via a computing device (104). The request may be based on accessibility of an unprocessed base framework without permission gaps. The processor (202) may store the received request in the database (210).
[0066] In an embodiment, the processor (202) may generate one or more queries for the unprocessed base framework using one or more security measures. Further, the processor (202) may generate a model based on the one or more queries and verify the generated model. The processor (202) may generate the model based on the one or more queries using a temporal logic mechanism. In an embodiment, the one or more queries may include standard security measures implemented by the processor (202) based on the unprocessed base framework. Further, the temporal logic mechanism may include rules and symbolism for representing and reasoning used by the processor (202).
[0067] In an embodiment, the processor (202) may determine if the one or more security measures are incorporated into the generated model. The one or more security measures may include, but not limited to, a pre-existing security measure and a custom security measure.
[0068] In an embodiment, the processor (202) may, in response to a positive determination and verification, implement the one or more security measures on the generated model. The processor (202) may verify the generated model using an automated model checking tool. The processor (202) may analyze the generated model and update the automated model checking tool based on the analysis. Further, the processor (202) may process the generated model via the data analyzing engine (214).
[0069] In an embodiment, the processor (202) may, in response to a negative determination, modify the unprocessed base framework and the processor (202) may reiterate a process the generation of the one or more queries using the one or more security measures.
[0070] In an embodiment, the processor (202) may convert the processed base framework with the permission gaps into a required plugin based on an application. Further, in an embodiment, the processor (202) may customize the one or more queries based on the unprocessed base framework without the permission gaps.
[0071] Although FIG. 2 shows exemplary components of the system (108), in other embodiments, the system (108) may include fewer components, different components, differently arranged components, or additional functional components than depicted in FIG. 2. Additionally, or alternatively, one or more components of the system (108) may perform functions described as being performed by one or more other components of the system (108).
[0072] FIG. 3 illustrates an exemplary flow diagram (300) for implementing the proposed system (108), in accordance with an embodiment of the present disclosure.
[0073] In an embodiment, the system (108) may incorporate a query and model generating technique to generate the processed base framework with permission gaps. The initial state may include the unprocessed base framework without permission gaps (302). The unprocessed base framework (302) may further lack the one or more security measures. Based on the type of framework that is provided as an input, the system (108) may generate the one or more queries (304) from either the existing standard security measures or from the customized security measures department. Further, the system (108) may incorporate additional or new control measurements provided by a development team based on the standards. For instance, the most common security concern for an application is whether the data saved on the UE (104) is accessible to other applications. Further, data may be saved on the UE (104) using an internal storage, an external storage, and a content provider.
[0074] Referring to FIG. 3, the following steps may be implemented by the system (108).
[0075] At step 302: The system (108) may receive the unprocessed based framework with permission gaps. The unprocessed based framework may lack proper security measurements.
[0076] At step 304: The system (108) may generate queries for the underlying base framework using multiple existing security measures or using custom security measures.
[0077] At step 306: The system (108) may generate models from the queries using the temporal logic mechanism.
[0078] At step 308: The system (108) may use the automated model checking tool for verifying and validating the generated models. The system (108) may further generate a report.
[0079] At step 310: The system (108) may process the report generated from the automated model checking tool to determine if all the security measures have been taken or not. The system (108) may generate models from the queries using the temporal logic mechanism.
[0080] At step 312: Based on a negative determination from step 310, the system (108) may modify the base framework based on the report and process the base framework again. Further, the system (108) may continue with step 304.
[0081] At step 314: Based on a positive determination from step 310, the system (108) may convert the processed standard base framework into an application required plugin.
[0082] At step 316: The system (108) may generate the processed base framework with permission gaps and proper security measurements.
[0083] FIG. 4 illustrates an exemplary flow diagram (400) for implementing a model generator, in accordance with an embodiment of the present disclosure.
[0084] As illustrated in FIG. 4, the model generator may incorporate various steps to generate the processed framework. Once the unprocessed framework under consideration is sent to the system (108) as an input, the system (108) may process the framework to identify and convert all the standard queries into standard models. The base for generating the queries may depend on the type of framework under development. Further, the system (108) may include a technique that is flexible enough to add as many custom queries required depending on the requirements. Higher number of queries may promote a more robust and error prone framework. Once the queries are generated by the system (108), the queries may be fed to the automated model checking tool for processing. A model may be generated with the help of the processed queries.
[0085] As illustrated in FIG. 4, the following steps may be utilized by the system (108) for implementing the model generation.
[0086] At step 402: The system (108) may use the processed base framework for storing data on the user’s phone/UE (104).
[0087] At step 404: The system (108) may determine the type of storage.
[0088] At step 406: The system (108) may store the processed base framework into an internal storage of the UE (104). The processed base framework may be stored in a readable, writable format, where all the files may be encrypted using a security library.
[0089] At step 408: The system (108) may store the processed base framework on a content provider. Further, the content provider may set appropriate rules for the data in a manifest file. The content provider may limit the permission to single or distinct while exposing data. The content provider may set appropriate protection type to the data in the manifest file. The content provider may access parameterized query methods to access the data.
[0090] At step 410: The system (108) may store the processed base framework in an external storage. The external storage may consider a security library to encrypt the files. Further, the external storage may perform input validation.
[0091] FIG. 5A illustrates an exemplary state diagram (500-1) of the proposed system (108), in accordance with an embodiment of the present disclosure.
[0092] As illustrated in FIG. 5A, the generated model may be converted to the state diagram by the system (108) while generating the processed based framework. The state diagram may have an entry and an exit point. Each node in the state diagram may act as an individual decision maker and based on a type, the respective nodes may be executed. The node of each type of storage (internal storage, content provider, external storage) may include certain pre-checked conditions or functions. These functions may be executed at each node and the results may be compared with the standard expected results.
[0093] In an embodiment, for each type of storage, a real time check may be executed which may update a global variable. Based on the final value of an INTERNAL_STORAGE_STATE, an EXTERNAL_STORAGE_STATE and a CONTENT_PROVIDER_STATE, a final decision may be made which may help to determine if the processed framework is ready for production code or if the processed framework needs changes.
[0094] As illustrated in FIG. 5A, the following steps may be used by the system (108) while converting the generated model into a state diagram.
[0095] At step 502: An entry point for the state diagram may be defined.
[0096] At step 504: A frame work type may be categorized as type 1 and type 2 by the system (108).
[0097] At step 506: The system (108) may verify if security measures are followed for the type 1 framework type. Based on a negative determination, (TYPE1=BAD), the process may be terminated.
[0098] At step 508: The system (108) may verify if security measures are followed for the type 2 framework type. Based on a negative determination, (TYPE2=BAD), the process may be terminated.
[0099] At step 510: Based on a positive determination observed from step 506 and step 508, (TYPE1=GOOD, TYPE2=GOOD), the system (108) may exit or terminate.
[00100] FIG. 5B illustrates an exemplary state diagram (500-2) of the proposed system (108), in accordance with an embodiment of the present disclosure.
[00101] As illustrated in FIG. 5B, the following steps may be incorporated.
[00102] At step 512: An entry point may be provided into the basic automation tool.
[00103] At step 514: The storage type may be determined by the system (108).
[00104] At step 516: Based on the internal storage type, the system (108) may further determine if the internal storage state is BAD. Based on the BAD state of the internal storage type, the writable and readable modes of the internal storage type may be disabled or set to FALSE. Based on the internal storage type and the BAD state of the internal storage type, the system (108) may exit or terminate.
[00105] At step 518: Based on the external storage type, the system (108) may further determine if conditions such as an input validation and a file encryption may be TRUE. Based on the external storage type and the conditions met, the system (108) may exit or terminate.
[00106] At step 520: Based on the storage provided by the content provider, the system (108) may further determine if the content provider state is BAD and further determine if the states, IS_EXPORTED = BAD, PERMISSION_LEVEL = SINGLE, PROTECTION_LEVEL = SIGNATURE, and IS_PARAMETRIZED_QUERY= TRUE are met. Based on the content provider state and the conditions met, the system (108) may exit or terminate.
[00107] At step 522: Based on a positive determination observed from steps 516, 518, and 520 where the conditions INTERNAL_STORAGE_STATE = GOOD, EXTERNAL_STORAGE_STATE = GOOD, and CONTENT_PROVIDER_STATE = GOOD are met, the system (108) may exit or terminate. This step may indicate the storage of the processed base framework using the storage type (internal storage, external storage, or the content provider storage).
[00108] FIG. 6 illustrates an exemplary computer system (600) in which or with which embodiments of the present disclosure may be implemented.
[00109] As shown in FIG. 6, the computer system (600) may include an external storage device (610), a bus (620), a main memory (630), a read-only memory (640), a mass storage device (650), a communication port(s) (660), and a processor (670). A person skilled in the art will appreciate that the computer system (600) may include more than one processor and communication ports. The processor (670) may include various modules associated with embodiments of the present disclosure. The communication port(s) (660) may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication ports(s) (660) may be chosen depending on a network, such as a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system (600) connects.
[00110] In an embodiment, the main memory (630) may be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory (640) may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chip for storing static information e.g., start-up or basic input/output system (BIOS) instructions for the processor (670). The mass storage device (650) may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces).
[00111] In an embodiment, the bus (620) may communicatively couple the processor(s) (670) with the other memory, storage, and communication blocks. The bus (620) may be, e.g. a Peripheral Component Interconnect PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), universal serial bus (USB), or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor (670) to the computer system (600).
[00112] In another embodiment, operator and administrative interfaces, e.g., a display, keyboard, and cursor control device may also be coupled to the bus (620) to support direct operator interaction with the computer system (600). Other operator and administrative interfaces can be provided through network connections connected through the communication port(s) (660). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system (600) limit the scope of the present disclosure.
[00113] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the disclosure and not as a limitation.

ADVANTAGES OF THE INVENTION
[00114] The present disclosure provides a system and a method that enhances the security of application by defying a permission gap present in any application.
[00115] The present disclosure provides a system and a method that minimizes an effect due to the permission gap in permission-based software using automation, models, and queries.
[00116] The present disclosure provides a system and a method that is utilized on various operating systems, thereby maximizing an area of usage.
[00117] The present disclosure provides a system and a method that enhances the framework for storing data on a mobile computing device. The present disclosure provides a system and a method that refines a framework under development until the required security measures are incorporated to secure user’s data.
[00118] The present disclosure provides a system and a method that modifies the framework until all the security measures are implemented and further converts the framework into a plugin/library for generating production code for various applications.
[00119] The present disclosure provides a system and a method that minimizes the effect of permission gaps in application software using Automation, Models, and Queries.
,CLAIMS:1. A system (108) for minimizing application specific permission gaps, the system (108) comprising:
a processor (202); and
a memory (204) operatively coupled with the processor (202), wherein said memory (204) stores instructions, which when executed by the processor (202), cause the processor (202) to:
receive a request from one or more users (102) via a computing device (104), wherein the one or more users (102) operate the computing device (104) and are connected to the processor (202) via a network (106), and wherein the request is based on accessibility of an unprocessed base framework without permission gaps;
generate one or more queries for the unprocessed base framework using one or more security measures;
generate a model based on the one or more queries and verify the generated model;
determine if the one or more security measures are incorporated into the generated model;
in response to a positive determination and verification, implement the one or more security measures on the generated model; and
generate a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.

2. The system (108) as claimed in claim 1, wherein the one or more security measures comprise at least one of: a pre-existing security measure and a custom security measure.

3. The system (108) as claimed in claim 1, wherein the processor (202) is to generate the model based on the one or more queries using a temporal logic mechanism.

4. The system (108) as claimed in claim 1, wherein the processor (202) is to verify the generated model using an automated model checking tool.

5. The system (108) as claimed in claim 4, wherein the processor (202) is to analyze the generated model, and update the automated model checking tool based on the analysis.

6. The system (108) as claimed in claim 1, wherein, in response to a negative determination, the processor (202) is to modify the unprocessed base framework, and reiterate the generation of the one or more queries using the one or more security measures.

7. The system (108) as claimed in claim 1, wherein the processor (202) is to convert the processed base framework with the permission gaps into a required plugin based on an application.

8. The system (108) as claimed in claim 1, wherein the processor (202) is to customize the one or more queries based on the unprocessed base framework without the permission gaps.

9. A method for minimizing application specific permission gaps, the method comprising:
receiving, by a processor (202) associated with a system (108), a request from one or more users (102) based on accessibility of an unprocessed base framework without permission gaps;
generating, by the processor (202), one or more queries for the unprocessed base framework using one or more security measures;
generating, by the processor (202), a model based on the one or more queries and verifying the generated model;
determining, by the processor (202), if the one or more security measures are incorporated into the generated model;
in response to a positive determination and verification, implementing, by the processor (202), the one or more security measures on the generated model; and
generating, by the processor (202), a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.

10. The method as claimed in claim 9, comprising generating, by the processor (202), the model based on the one or more queries using a temporal logic mechanism.

11. The method as claimed in claim 9, comprising verifying, by the processor (202), the generated model using an automated model checking tool.

12. The method as claimed in claim 9, comprising in response to a negative determination and verification, modifying, by the processor (202), the unprocessed base framework, and reiterating, by the processor (202), the generation of the one or more queries using the one or more security measures.

13. The method as claimed in claim 9, comprising converting, by the processor (202), the processed base framework with the permission gaps into a required plugin based on an application.

14. The method as claimed in claim 9, comprising customizing, by the processor (202), the one or more queries based on the unprocessed base framework without the permission gaps.

15. A user equipment (UE) (104) for minimizing application specific permission gaps , the UE (104) comprising:
one or more processors communicatively coupled to a processor (202) associated with a system (108), wherein the one or more processors are coupled with a memory, and wherein said memory stores instructions, which when executed by the one or more processors, cause the one or more processors to:
transmit a request to the processor (202) via a network (106), wherein the request is based on accessibility of an unprocessed base framework without permission gaps;
wherein the processor (202) is configured to:
receive the request from the UE (104);
generate one or more queries for the unprocessed base framework using one or more security measures;
generate a model based on the one or more queries and verify the generated model;
determine if the one or more security measures are incorporated into the generated model;
in response to a positive determination and verification, implement the one or more security measures on the generated model; and
generate a processed base framework with the permission gaps based on the implementation of the one or more security measures on the generated model.