CN113626823A - Reachability analysis-based inter-component interaction threat detection method and device - Google Patents
Reachability analysis-based inter-component interaction threat detection method and device Download PDFInfo
- Publication number
- CN113626823A CN113626823A CN202110726263.0A CN202110726263A CN113626823A CN 113626823 A CN113626823 A CN 113626823A CN 202110726263 A CN202110726263 A CN 202110726263A CN 113626823 A CN113626823 A CN 113626823A
- Authority
- CN
- China
- Prior art keywords
- function
- main application
- dependency
- calling
- point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a reachability analysis-based inter-component interactive threat detection method and device, which comprises the steps of constructing a main application class hierarchy chart, a main application call chart, a main application inter-process control flow chart, a main application system dependency chart, a dependent component class hierarchy chart and a dependent component system dependency chart based on corresponding intermediate representation codes of a main application and a dependent component in a software system; and judging whether the vulnerability in a certain component can be triggered through interaction between the components or not by utilizing the accessibility of the vulnerability path and the controllability of external input. The invention is not limited to analyzing a certain kind of bugs, but realizes a universal threat detection effect by identifying input points and interactive interfaces, reachability of bug paths and external input controllability analysis, and the result has strong verifiability and reproducibility.
Description
Technical Field
The invention relates to the field of program analysis, in particular to a method and a device for detecting interactive threats among components based on reachability analysis, wherein the reachability analysis comprises input reachability analysis and path reachability analysis.
Background
The huge value of big data makes it one of the key targets of the current network attack. However, the big data processing program and the big data platform on which the big data processing program is based generally attach importance to high availability and high expansibility of services, and security is not fully considered, so that security risk exists in the big data processing process. The vulnerability types in the big data processing program are not based on the traditional vulnerability, but are mostly logic defects or security threats introduced by interaction among components, and are difficult to detect, reproduce, analyze and locate due to frequent interaction, various types and complex triggering conditions. Although the traditional vulnerability mining technology represented by the fuzzy test can effectively discover vulnerabilities in key basic software such as an operating system kernel, a protocol, an open source library and the like, the traditional vulnerability mining technology does not adapt to security threats introduced by interaction among components in a big data processing program, and lacks the threat detection capability of a corresponding scene.
Program analysis refers to the automated process of a computer program to confirm or discover its characteristics, such as performance, security, etc. The application program analysis scene comprises compiling optimization, defect detection, fault location and the like, and can be used for discovering defects which affect the safety of the program, such as buffer overflow, reuse after release, empty pointer dereferencing and the like. Therefore, program analysis is also the current mainstream vulnerability mining means, and particularly, tools for traditional vulnerabilities, such as memory corruption vulnerabilities and conditional competition vulnerabilities, are in the endlessly. However, these tools have insufficient capability of detecting and confirming vulnerabilities that need cross-component triggering, which makes it difficult to detect and locate security threats due to inter-component interactions in complex software systems such as large data applications. Such bugs frequently occur in the above-mentioned complex software systems, affecting the security of the system and the user. There is therefore a need for a technique for detecting threats of interaction between components that complements the deficiencies of existing tools.
Disclosure of Invention
The invention discloses a reachability analysis-based inter-component interaction threat detection method and device, aiming at the problem that frequently occurring inter-component interaction threats in complex software systems such as big data applications are difficult to detect and position by the existing method. The method analyzes intermediate representation codes obtained by disassembling source codes, byte codes or binary codes, judges whether a vulnerability in a certain component can be triggered through interaction among the components or not based on accessibility of a vulnerability path and external input controllability, wherein the vulnerability comprises a disclosed vulnerability which is not repaired in the component, and uses other technical means (such as fuzzy test, static detection and the like) and manual auditing of newly discovered suspected vulnerabilities.
The technical content of the invention comprises:
a reachability analysis-based inter-component interaction threat detection method comprises the following steps:
1) collecting bugs to form a bug set, and disassembling or performing intermediate translation on codes of main applications and dependent components in the software system to be analyzed to obtain intermediate representation codes;
2) respectively constructing a main application class hierarchy diagram, a main application call diagram, a main application inter-process control flow diagram, a main application system dependency diagram, a dependent component class hierarchy diagram and a dependent component system dependency diagram according to the intermediate representation codes;
3) analyzing by using the master application class hierarchy chart and the master application call chart to obtain a plurality of candidate external input points;
4) analyzing a control flow diagram in the main application process, retrieving on a main application class hierarchical diagram according to an obtained function prototype of a called function, inquiring the called function which cannot be referenced by the type on the main application class hierarchical diagram, and putting the called function into a calling instruction set, wherein the function prototype comprises: type reference, function name, number of parameters, and type of parameters;
5) matching each calling function in the calling instruction set with a function in the dependent component class hierarchy chart, taking the successfully matched calling function as an interactive interface between the components, and putting an interactive interface calling point into a calling point set;
6) acquiring an interactive interface calling point with a data dependency relationship with a candidate external input point by using a main application system dependency graph, and taking the interactive interface calling point with the dependency relationship as a controllable interactive interface calling point;
7) and identifying controllable interaction interface calling points with data dependency relation with each vulnerability in the vulnerability set by using a dependency component system dependency graph to obtain an inter-component interaction threat detection result.
Further, the code of the master application and the dependent components includes: source code, bytecode, or binary code.
Furthermore, each node in the main application class hierarchy diagram or the dependent component class hierarchy diagram represents a class in the object-oriented language, and the edge represents the inheritance relationship of the class; each node in the main application call graph represents a function, and the edges represent function call relations; each node in the control flow graph in the main application process represents a basic block in the function, and the edge represents the control flow transfer relation; each function in the main application system dependency graph represents a main application program dependency graph, each function in the dependency component system dependency graph represents a dependency component program dependency graph, each node in the main application program dependency graph or the dependency component program dependency graph is a statement in a program, and an edge represents a data dependency relationship.
Further, candidate external input points are found by:
1) traversing all functions in the main application class hierarchical diagram;
2) when any function is a main function and the predecessor nodes can not be inquired on the call graph, the main function is considered as a candidate external input point.
Further, a function prototype of the called function is obtained by:
1) performing iterative traversal in a depth-first order from a root node of the control flow graph in the main application process;
2) and for each traversed node, acquiring a function prototype of the called function by identifying instructions of all calling types on the intermediate representation.
Further, matching is performed by:
1) for each calling function in the calling instruction set, inquiring whether the type declaration of the interface exists on the dependent component class hierarchy diagram;
2) if the type statement exists, function names, parameter quantity and parameter types in the corresponding function prototypes are searched on the dependent component class hierarchical diagram;
3) and if the corresponding function name, the parameter quantity and the parameter type exist, the matching is successful.
Further, there is an interactive interface call point of data dependency relationship by:
1) making a first backward data flow slice from an interactive interface calling point in a dependency graph of a main application system;
2) if the use point of a certain statement in the first backward data stream slice comprises a candidate external input point, the candidate external input point has a dependency relationship with the interactive interface calling point.
Further, identifying controllable interactive interface call points having data dependency relationship with each vulnerability in the vulnerability set by the following steps:
1) on a dependent component system dependency graph where each vulnerability is located, taking all nodes in a vulnerability path set of each vulnerability as starting points, and performing second backward data flow slicing;
2) and if the second backward data stream slice comprises a function body of a called interface at the calling point of the controllable interactive interface, the vulnerability has a data dependency relationship with the calling point of the controllable interactive interface.
Further, the inter-component interaction threat detection result comprises: and the identified controllable interactive interface call point and corresponding candidate external input points and vulnerabilities.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when executed.
An electronic device comprising a memory and a processor, wherein the memory stores a program that performs the above described method.
Compared with the prior art, the invention has the advantages and positive effects as follows:
the method is oriented to the frequently-occurring interaction threats among the components in complex software systems such as big data application and the like, and has obvious advantages compared with the prior art. On one hand, because the interaction types are many and frequent, the existing dynamic detection technologies such as fuzzy test and the like are difficult to obtain higher code coverage rate, and because the threat triggering path is deeper and the input condition is complex, the triggering and monitoring capabilities for the threat are insufficient. On the other hand, the existing static detection technology is good at analyzing traditional vulnerabilities such as memory corruption vulnerabilities and the like, but lacks customized processing of interactive threats among components. The invention is not limited to analyzing a certain kind of bugs, but realizes a universal threat detection effect by identifying input points and interactive interfaces, reachability of bug paths and external input controllability analysis, and the result has strong verifiability and reproducibility.
Drawings
FIG. 1 is an exemplary diagram of the method of the present invention.
Detailed Description
In order to make the technical solution of the present invention better understood, the technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the drawings of the specification.
The method mainly analyzes controllability of external input and reachability of a vulnerability path. Inputs to the method include the set of vulnerabilities vuls (including published vulnerabilities and newly discovered suspected vulnerabilities within the collected components), and the code of the host application and other dependent components. Each element in the vulnerability set corresponds to complete information of a disclosed or suspected vulnerability, and comprises a vulnerability path, a dependency component where the vulnerability is located, vulnerability description and the like. The output of the method comprises a triple list result formed by a vulnerability code position vul, an inter-component interaction calling point callsite and an external input position input. The method is specifically divided into 7 steps, as shown in fig. 1, and the detailed method is as follows:
1. firstly, disassembling or intermediately translating source codes, byte codes or binary codes of main applications and other dependent components in a software system to be analyzed into intermediate representation codes, and mainly aiming at obtaining an expression form which is easy to analyze the semantics of the intermediate representation codes. Taking the big data warehouse Hive as an example, the main application is Hive, and other dependent components include Hadoop platform base components HDFS, Yarn, MapReduce and the like, and analyzing their Jar packages (byte codes) and obtaining the form of the intermediate representation code WALA-IR of WALA. WALA-IR represents instructions in a syntax close to bytecode but in a register transfer language based on Static Single Assignment (SSA) and organizes the instructions in a basic block control flow graph.
2. On the intermediate representation code, a class hierarchy chart CHG, a call chart CG, an inter-process control flow chart iCFG and a system dependency chart SDG of a main application are constructed, and then a class hierarchy chart CHG and a system dependency chart SDG of other dependent components are constructed (the SDG only considers data dependence) to be used as the objects of subsequent analysis. Each node in the CHG represents a class in the object-oriented language, and the edges represent the inheritance relationship of the class; each node of the CG represents a function, and the edges represent function call relations; each node in the iCFG represents a basic block in a function, and edges represent control flow transfer relations including inter-process and intra-process; the SDG is an extension of a Program Dependency Graph (PDG), each function is represented as one PDG, each node in the PDG is a statement in the program, and the edges represent data dependency relations.
3. Analyzing on the class hierarchy diagram of the main application, traversing all functions in the class, and identifying a predecessor node as a possible external input point input if a certain function is a main function and the predecessor node is not queried on the call graph of the main application (i.e. never as a called function).
4. Analyzing the inter-process control flow diagram of the main application, performing iterative traversal from the root node of the diagram in a depth priority order, identifying all instructions of calling types on the intermediate representation for each traversed node, and acquiring a function prototype of a called function, wherein the function prototype comprises information such as type reference, function name, parameter quantity, parameter type and the like. The class hierarchy diagram of the main application is inquired about the type reference of the called function, if the inquiry is not received, the interface in one other component, namely the inter-component interaction interface, is considered to be possibly called, and the calling instruction is put into the calling instruction set call _ insts.
5. And (3) taking the call instruction from the call instruction set call _ insts, firstly inquiring whether the type statement of the interface exists on the class hierarchy chart of the dependent component for each called function which is possibly an interactive interface between the components, then searching whether the corresponding function prototype exists or not, wherein the function prototype comprises function name, parameter quantity, parameter type and the like, confirming the function as an interactive interface between the components if the function type statement exists, and finally putting the call point information of the interactive interface into a call point set callsites.
6. For each interactive interface calling point callsite in the calling point set callsites, it is determined whether data dependency exists between an external input point input and the calling point callsite in the main application, and whether the input of the interactive interface calling point is controllable is determined. Specifically, slicing backward data flow is performed from a calling point callsite in a system dependency graph of the main application, and if a use point of a certain statement in a slicing result contains a certain external input point input, it is indicated that a data dependency relationship exists, that is, the interaction interface calling point is identified as controllable.
7. Analyzing all vulnerabilities in the vulnerability set vuls for each identified controllable interactive interface call point callsite: and on a system dependency graph of a component where the vulnerability vuls are located, taking all nodes in the vulnerability path set of the vuls as starting points, slicing backward data streams, and judging whether a slicing result contains a function body of a called interface at a calling point, if so, indicating that data dependency exists and verifying the reachability of the vulnerability path. Finally, the interactive threat among the assemblies with controllable input and reachable paths is identified, and the triple of the vulnerability vul, the input point input and the interactive calling point callsite is put into a result list result.
The execution of the above steps is described below by way of an example.
In the scenario of a big data warehouse Hive, the main application is Hive, and the dependent component is a Hadoop platform (HDFS, yann, MapReduce), and the like. As shown in fig. 1, a process of interactive security threat detection is described by taking a disclosed vulnerability CVE-2014-3627 in the yann component as an example. The input of the method is a jar package containing a set vuls and Hive and Hadoop vulnerability versions of CVE-2014-3627 vulnerability information. By input point identification, we identify the entry function of the query execution class ExecDriver as an external input position. Through the identification of the interactive interface, a possible calling point of the interactive interface is found, and is positioned in an execute function of an Executor class, and an addCheCaucheArchive interface of a DistributedCACHE class is called. Then, the corresponding function body is identified in the dependent component and confirmed as an interactive interface calling point. For the calling point, the main function parameter of the ExecDriver class is used as a taint source, and the input controllability can be judged through the analysis method. And the vulnerability path of the vulnerability CVE-2014-3627 of the Yann comprises an addcache interface of a Distributedcache type, the path accessibility can be judged through the analysis method, the triggering feasibility of the CVE-2014-3627 is finally verified, and the security threat caused by interaction among the components is identified.
When Hive processes connection query, the default is that a Mapjoin physical query algorithm is selected for connection operation between the large table and the small table. The algorithm, when executed, uploads a small table into the distributed cache. If Hive is deployed on a Hadoop version containing a vulnerability, the vulnerability CVE-2014-3627 may be triggered when a well-constructed query is sent, and the security of a user on the Hadoop platform is affected by executing Hive query.
Aiming at the frequently occurring interaction threats among components in complex software systems such as big data application and the like, compared with the existing dynamic and static analysis technology, the main advantages of the invention are shown in the table 1:
TABLE 1
The above examples are provided only for the purpose of describing the present invention, and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalent substitutions and modifications can be made without departing from the spirit and principles of the invention, and are intended to be within the scope of the invention.
Claims (10)
1. A reachability analysis-based inter-component interaction threat detection method comprises the following steps:
1) collecting bugs to form a bug set, and disassembling or performing intermediate translation on codes of main applications and dependent components in the software system to be analyzed to obtain intermediate representation codes;
2) respectively constructing a main application class hierarchy diagram, a main application call diagram, a main application inter-process control flow diagram, a main application system dependency diagram, a dependent component class hierarchy diagram and a dependent component system dependency diagram according to the intermediate representation codes;
3) analyzing by using the master application class hierarchy chart and the master application call chart to obtain a plurality of candidate external input points;
4) analyzing a control flow diagram in the main application process, retrieving on a main application class hierarchical diagram according to an obtained function prototype of a called function, inquiring the called function which cannot be referenced by the type on the main application class hierarchical diagram, and putting the called function into a calling instruction set, wherein the function prototype comprises: type reference, function name, number of parameters, and type of parameters;
5) matching each calling function in the calling instruction set with a function in the dependent component class hierarchy chart, taking the successfully matched calling function as an interactive interface between the components, and putting an interactive interface calling point into a calling point set;
6) acquiring an interactive interface calling point with a data dependency relationship with a candidate external input point by using a main application system dependency graph, and taking the interactive interface calling point with the dependency relationship as a controllable interactive interface calling point;
7) and identifying controllable interaction interface calling points with data dependency relation with each vulnerability in the vulnerability set by using a dependency component system dependency graph to obtain an inter-component interaction threat detection result.
2. The method of claim 1, wherein the code of the master application and dependent components comprises: source code, bytecode, or binary code.
3. The method of claim 1, wherein each node in the master application class hierarchy diagram or the dependent component class hierarchy diagram represents a class in an object-oriented language, and the edges represent inheritance relationships of the class; each node in the main application call graph represents a function, and the edges represent function call relations; each node in the control flow graph in the main application process represents a basic block in the function, and the edge represents the control flow transfer relation; each function in the main application system dependency graph represents a main application program dependency graph, each function in the dependency component system dependency graph represents a dependency component program dependency graph, each node in the main application program dependency graph or the dependency component program dependency graph is a statement in a program, and an edge represents a data dependency relationship.
4. The method of claim 1, wherein candidate external input points are found by:
1) traversing all functions in the main application class hierarchical diagram;
2) when any function is a main function and the predecessor nodes cannot be queried on the main application call graph, the main function is considered as a candidate external input point.
5. The method of claim 1, wherein a function prototype of the called function is obtained by:
1) performing iterative traversal in a depth-first order from a root node of the control flow graph in the main application process;
2) and for each traversed node, acquiring a function prototype of the called function by identifying instructions of all calling types on the intermediate representation.
6. The method of claim 1, wherein matching is performed by:
1) for each calling function in the calling instruction set, inquiring whether the type declaration of the interface exists on the dependent component class hierarchy diagram;
2) if the type statement exists, function names, parameter quantity and parameter types in the corresponding function prototypes are searched on the dependent component class hierarchical diagram;
3) and if the corresponding function name, the parameter quantity and the parameter type exist, the matching is successful.
7. The method of claim 1, wherein there is an interactive interface call site for data dependencies by:
1) making a first backward data flow slice from an interactive interface calling point in a dependency graph of a main application system;
2) if the use point of a certain statement in the first backward data stream slice comprises a candidate external input point, the candidate external input point has a dependency relationship with the interactive interface calling point.
8. The method of claim 1, wherein controllable interactive interface call points for which data dependencies exist with vulnerabilities in a set of vulnerabilities are identified by:
1) on a dependent component system dependency graph where each vulnerability is located, taking all nodes in a vulnerability path set of each vulnerability as starting points, and performing second backward data flow slicing;
2) and if the second backward data stream slice comprises a function body of a called interface at the calling point of the controllable interactive interface, the vulnerability has a data dependency relationship with the calling point of the controllable interactive interface.
9. The method of claim 1, wherein inter-component interaction threat detection results comprise: and the identified controllable interactive interface call point and corresponding candidate external input points and vulnerabilities.
10. An electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the method according to any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110726263.0A CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110726263.0A CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113626823A true CN113626823A (en) | 2021-11-09 |
| CN113626823B CN113626823B (en) | 2023-06-27 |
Family
ID=78378517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110726263.0A Active CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113626823B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277069A (en) * | 2022-06-17 | 2022-11-01 | 江苏通付盾信息安全技术有限公司 | Application software network security detection platform and method |
| CN116738436A (en) * | 2023-06-11 | 2023-09-12 | 苏州棱镜七彩信息科技有限公司 | Vulnerability reachability analysis method, vulnerability reachability analysis system, computer equipment and vulnerability processor |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090328223A1 (en) * | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Evaluating the effectiveness of a threat model |
| CN107038380A (en) * | 2017-04-14 | 2017-08-11 | 华中科技大学 | A kind of leak detection method and system based on performance of program tree |
| CN107832619A (en) * | 2017-10-10 | 2018-03-23 | 电子科技大学 | Vulnerability of application program automatic excavating system and method under Android platform |
| CN109857917A (en) * | 2018-12-21 | 2019-06-07 | 中国科学院信息工程研究所 | Towards the security knowledge map construction method and system for threatening information |
| CN111400719A (en) * | 2020-03-12 | 2020-07-10 | 中国科学院信息工程研究所 | Firmware vulnerability distinguishing method and system based on open source component version identification |
| CN112671807A (en) * | 2021-03-15 | 2021-04-16 | 中国电子信息产业集团有限公司第六研究所 | Threat processing method, threat processing device, electronic equipment and computer readable storage medium |
| CN112699377A (en) * | 2020-12-30 | 2021-04-23 | 哈尔滨工业大学 | Function-level code vulnerability detection method based on slice attribute graph representation learning |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
-
2021
- 2021-06-29 CN CN202110726263.0A patent/CN113626823B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090328223A1 (en) * | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Evaluating the effectiveness of a threat model |
| CN107038380A (en) * | 2017-04-14 | 2017-08-11 | 华中科技大学 | A kind of leak detection method and system based on performance of program tree |
| CN107832619A (en) * | 2017-10-10 | 2018-03-23 | 电子科技大学 | Vulnerability of application program automatic excavating system and method under Android platform |
| CN109857917A (en) * | 2018-12-21 | 2019-06-07 | 中国科学院信息工程研究所 | Towards the security knowledge map construction method and system for threatening information |
| CN111400719A (en) * | 2020-03-12 | 2020-07-10 | 中国科学院信息工程研究所 | Firmware vulnerability distinguishing method and system based on open source component version identification |
| CN112699377A (en) * | 2020-12-30 | 2021-04-23 | 哈尔滨工业大学 | Function-level code vulnerability detection method based on slice attribute graph representation learning |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
| CN112671807A (en) * | 2021-03-15 | 2021-04-16 | 中国电子信息产业集团有限公司第六研究所 | Threat processing method, threat processing device, electronic equipment and computer readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| SHWETA BHANDARI等: "Android inter-app communication threats and detection techniques" * |
| 王嘉捷;刘建鑫;马宇飞;邵帅;张普含;: "WebView组件漏洞自动化检测与验证方法" * |
| 袁子牧等: "知识、探索与状态平面组织的软件漏洞分析架构研究" * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277069A (en) * | 2022-06-17 | 2022-11-01 | 江苏通付盾信息安全技术有限公司 | Application software network security detection platform and method |
| CN116738436A (en) * | 2023-06-11 | 2023-09-12 | 苏州棱镜七彩信息科技有限公司 | Vulnerability reachability analysis method, vulnerability reachability analysis system, computer equipment and vulnerability processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113626823B (en) | 2023-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12032691B2 (en) | Behavioral threat detection engine | |
| Rabkin et al. | Static extraction of program configuration options | |
| US8286149B2 (en) | Apparatus for and method of implementing feedback directed dependency analysis of software applications | |
| US8516443B2 (en) | Context-sensitive analysis framework using value flows | |
| US8166464B2 (en) | Analysis and detection of soft hang responsiveness program errors | |
| US11080394B2 (en) | Behavioral threat detection virtual machine | |
| CN104636256A (en) | Memory access abnormity detecting method and memory access abnormity detecting device | |
| CN113419960B (en) | Seed generation method and system for kernel fuzzy test of trusted operating system | |
| CN113626823B (en) | Method and device for detecting interaction threat among components based on reachability analysis | |
| CN112035359A (en) | Program testing method, program testing device, electronic equipment and storage medium | |
| CN114968807A (en) | Code detection method and device, electronic equipment and readable storage medium | |
| He et al. | Accelerating object-sensitive pointer analysis by exploiting object containment and reachability | |
| CN115705250A (en) | Monitoring stack usage to optimize programs | |
| CN116305131B (en) | Static confusion removing method and system for script | |
| He et al. | Selecting context-sensitivity modularly for accelerating object-sensitive pointer analysis | |
| Arteca et al. | Learning how to listen: Automatically finding bug patterns in event-driven javascript apis | |
| KR102411383B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| CN115705294B (en) | Method, device, electronic equipment and medium for acquiring function call information | |
| CN113553593B (en) | Semantic analysis-based method and system for mining loopholes of firmware kernel of Internet of things | |
| CN114691197A (en) | Code analysis method and device, electronic equipment and storage medium | |
| Sas et al. | Automatic detection of sources and sinks in arbitrary java libraries | |
| Andrzejak et al. | Confguru-A system for fully automated debugging of configuration errors | |
| CN113296834B (en) | Android closed source service type information extraction method based on reverse engineering | |
| CN109308256A (en) | A kind of java dynamically analyzing of program method, equipment and storage medium | |
| CN116775040B (en) | Pile inserting method for realizing code vaccine and application testing method based on code vaccine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |