| CPC H04L 63/20 (2013.01) [G06F 21/52 (2013.01); G06F 21/554 (2013.01); G06N 5/01 (2023.01); H04L 63/168 (2013.01); H04L 67/133 (2022.05); G06F 2221/033 (2013.01)] | 19 Claims |
|
1. A computer implemented method for dynamically enforcing a dynamic application programming interface (“API”) security policy at runtime, the method comprising:
detecting a running computer program making a call to an API;
identifying a data object used by the API, at runtime, the data object comprising a structure of data that is acted on by the API, wherein the structure of the data includes a plurality of fields;
assigning specific data labels to one or more of the plurality of fields of the data object used by the API, at runtime, the specific data labels consistently identifying data fields of specific types;
tracking a flow of execution initiated by the API, at runtime;
detecting, at runtime, an action in the tracked flow of execution that violates the dynamic API security policy, the dynamic API security policy including the specific data labels to consistently identify data fields of specific types; and
executing a security action at runtime, in response to detecting the violation of the dynamic API security policy,
wherein identifying the data object used by the API, at runtime, further comprises:
identifying, at runtime, at least one data object from a group consisting of: a value returned by the API, a data object read from and/or written to by reference by the API.
|