| CPC G06F 21/52 (2013.01) [G06F 18/214 (2023.01); G06F 21/51 (2013.01); G06F 21/577 (2013.01); G06N 20/00 (2019.01)] | 18 Claims |
|
1. A method comprising:
detecting a call stack during a first deployment of an application in a first operating environment;
classifying the detected call stack as an unauthorized call stack based on a first score of the call stack using a classification scheme, wherein the first score is assigned during runtime of the first deployment of the application based in part on a determination that the first operating environment is unsecure;
detecting the call stack during a second deployment of the application in a second operating environment;
classifying the detected call stack as an authorized call stack based on a second score of the call stack using the classification scheme being greater than a threshold, wherein the second score is assigned during runtime of the second deployment of the application based in part on a determination that the second operating environment is secure; and
modifying a security policy based on the classification of the application as unauthorized during the first deployment of the application to authorized during the second deployment of the application, wherein access to the application is denied during the first deployment of the application but is granted during the second deployment of the application,
wherein an execution order of the call stack detected during the first deployment and the second deployment of the application is a condition for the call stack classification scheme to authorize or unauthorize the application.
|