CN113918950A - Sandbox construction method based on simulation execution - Google Patents
Sandbox construction method based on simulation execution Download PDFInfo
- Publication number
- CN113918950A CN113918950A CN202111519534.1A CN202111519534A CN113918950A CN 113918950 A CN113918950 A CN 113918950A CN 202111519534 A CN202111519534 A CN 202111519534A CN 113918950 A CN113918950 A CN 113918950A
- Authority
- CN
- China
- Prior art keywords
- sandbox
- simulation
- system api
- sample
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a sandbox construction method based on simulation execution, belongs to the technical field of internet security, and aims to solve the problem of insufficient analysis capability of risk behaviors of virus samples in the existing sandbox technology.
Description
Technical Field
The invention belongs to the technical field of internet security, and particularly relates to a sandbox construction method based on simulation execution.
Background
The malicious code analysis domain is always in the frontier position of the security domain, where a very important automated analysis tool is the sandbox. The sandbox executes untested or untrusted codes and programs in an isolated environment, strictly limits the access rights of the test programs, prevents the system from being damaged, analyzes the rough behavior of the programs through the execution sequence of system API and the parameters transmitted by the system API, and then generates reports. The automated analysis work realized by the sandbox technology facilitates the detection of malicious programs by many manufacturers.
Most of the existing sandboxes are isolated from the environment by using a virtual machine technology, and each test sample runs in the virtual machine, so that original system resources cannot be damaged. In the sandbox behavior analysis process, a calling sequence is obtained in a mode of intercepting a system API by modifying a code segment instruction, and when a program calls a certain system API, the calling and parameters transmitted by the calling are recorded.
The prior art has the following technical problems:
1. part of malicious programs can detect whether the running environment of the malicious programs is in the virtual machine environment or not and change own behaviors according to the detection result, so that the sandbox is difficult to analyze the real malicious behaviors when processing the sample with the anti-virtual machine technology.
2. For a user-mode sandbox, the operation of modifying the instruction is difficult to intercept the system call at the bottom layer, namely the syscall instruction is directly used; secondly, the number of system APIs is huge, the parameter types are complex, and the system APIs are difficult to implement completely, so that omission may be generated, and malicious code authors can implement the same function by using rare or special APIs to avoid sandbox detection.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a sandbox construction method based on simulation execution, which aims to: the method comprises the steps of simulating the execution environment of various system platforms by machine instructions capable of executing various processor architectures, isolating the environment in a redirection and authority control mode, processing relevant parameters when simulating a system API, recording an instruction execution sequence, providing a debugging interface, and finally analyzing the risk behaviors of a sample.
In order to achieve the purpose, the invention adopts the technical scheme that: the sandbox building method based on simulation execution is provided and comprises the following steps:
s1: firstly, obtaining a sample, analyzing the sample in a static analysis mode, obtaining file information of the sample, setting a redirected temporary resource space according to a configuration file of a sandbox, and setting a simulation environment of a simulation system platform according to the file information;
s2: an execution environment for a simulation system platform, comprising: the CPU simulator is used for simulating a global descriptor table and initializing a segment register; simulating an executable file loader; simulating a system data structure; simulating system API call, simulating and realizing a call process in a strictly limited mode, and outputting a log; and simulating to take over the system API.
S3, calling the sample through the taking over system API, loading and executing the sample;
and S4, analyzing the basic behaviors of the samples through the output log of the system API, further analyzing the risk behaviors through a heuristic method, and finally storing the analysis result into a local relational database.
Preferably, the file information in S1 of the present invention specifically includes: file format, CPU instruction set architecture, operating system platform, function export table, function import table, string list table, and hash value.
Preferably, the setting of the simulation environment in S1 of the present invention is specifically: initializing a CPU simulator according to the CPU instruction set architecture information; setting a simulation system environment according to an operating system platform; the method of loading and executing the file is determined according to the file format.
Preferably, the implementation manner of simulating the system API call in S2 of the present invention is: and directly calling a system API by the sandbox, returning a result and outputting a log.
Preferably, the implementation manner of simulating the system API call in S2 of the present invention is: and calling the system API again through strict limitation of the permission of the sandbox, returning a result and finally outputting the log.
Preferably, the implementation manner of simulating the system API call in S2 of the present invention is: and the functions of the system API are completely realized again in the sandbox, and the log is output.
Preferably, the taking over of the call of the system API to the sample in S3 of the present invention includes: a cross-module call through a call instruction, or a system call through a syscall instruction.
Preferably, the present invention S3 is configured with a debugger to interrupt or initiate simulated execution at any instruction location and dynamic trace of instructions during execution of the sample.
Preferably, the basic behaviors of the sample in S4 of the present invention include: process tree, file operation, registry operation, network operation, and creation service. The risk behaviors include: code injection, resource release, keyboard recording, startup item modification, environment variable modification, plan task creation, anti-debugging technology and anti-virtual machine technology.
Preferably, the heuristic method in S4 of the present invention specifically is: and under the judgment rule, judging the risk behavior according to the combination mode of the system API calling sequence and the instruction context thereof.
Compared with the prior art, the technical scheme of the invention has the following advantages/beneficial effects:
1. the invention simulates the execution environment of various architectures and platforms without installing the system environment corresponding to the sample in advance.
2. The environment isolation of the invention is based on simulation execution and redirection, and avoids the trouble of anti-virtual machine technology.
3. According to the invention, the sandbox is required to simulate the system API in advance to carry out system call, so that no report leakage exists, and the sample cannot bypass the sandbox to take over through the system call of a lower layer. Once the system API called by the sample is not implemented, the sandbox may report an error, requiring the user to add an implementation of the API as desired, or to select a default implementation.
4. Besides automatic analysis, the invention can add a debugger on a program point or start dynamic tracking to acquire an instruction execution sequence so as to assist accurate manual analysis.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a schematic structural diagram of a sandbox construction method based on simulation execution according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention. Thus, the detailed description of the embodiments of the present invention provided below is not intended to limit the scope of the invention as claimed, but is merely representative of selected embodiments of the invention.
Example 1:
as shown in fig. 1, the present invention provides a sandbox construction method based on simulation execution, which includes:
s1: firstly, obtaining a sample, analyzing the sample in a static analysis mode, and obtaining file information of the sample, wherein the file information specifically comprises: file format, CPU instruction set architecture, operating system platform, function export table, function import table, string list table, and hash value. And setting the redirected temporary resource space according to a configuration file of the sandbox, wherein the configuration file comprises a file root directory and a registry key. Setting a simulation environment of the simulation system platform according to the file information;
the simulation environment set in the S1 of the present invention specifically is: initializing a CPU simulator according to the CPU instruction set architecture information; setting a simulation system environment according to an operating system platform; the method of loading and executing the file is determined according to the file format.
In particular, the file format is divided into executable files and machine instruction sequences. And for the executable file, acquiring related information of the instruction set architecture and the system platform by analyzing the file header information of the executable file. For the machine instruction sequence, judging according to the characteristics, for example, if the instructions such as "moveax, fs: [30h ]" or "movrax, gs: [60h ]" appear, the machine instruction sequence belongs to the Windows platform; if a large number of int 80h instructions appear, the system belongs to the Linux platform.
When the redirected temporary resource space is set, the configuration file of the sandbox is preferentially read, and the directory position, the registry key, the access authority and other information are described in the configuration file. And if the configuration file is empty, using default configuration to randomly generate a temporary working environment.
S2: simulating the execution environment of the system platform and initializing the CPU simulator. Setting a global descriptor table and initializing segment register values. Simulation realizes executable file loading. The simulation implementation executes the associated data structure. And simulating system API call, simulating and realizing a call process in a strictly limited mode, and outputting a call log.
As shown in FIG. 1, the execution environment of the simulation system platform of the present invention includes a simulation loader, a simulation system data structure, a simulation CPU architecture module and a simulation system API module.
The CPU simulator uses a Unicorn engine that supports simulated execution of a variety of instruction set architectures and provides a hook interface. In particular, to improve performance, simulation execution is implemented using the C-code library of the Unicorn engine.
In the simulation of the global descriptor table, flat mode is used for the segment registers cs, ss, ds, es, whereas the segment registers fs and gs require a special assignment of the segment start address.
For a 32-bit Windows system, a thread environment fast (TEB) structure needs to be simulated at the position pointed by the fs register; for a 64-bit Windows system, a thread context express (TEB) structure needs to be simulated at the location pointed to by the gs register.
For Linux systems, it is necessary to emulate a Thread Local Storage (TLS) structure at the locations pointed by the fs register and the gs register.
When simulating a PE file loader, if the PE file is an executable file ending after the.exe suffix, the PE file is chained into a linked list (Ldr) of loaded modules in a Process Environment Block (PEB) to serve as a first module, all modules on which an import table depends are loaded, and finally an execution instruction is simulated from an entry point of the module.
When simulating a PE file loader, if the PE file is a dynamic tracking link library file ending with a.dll as suffix, it is chained to the end in Ldr, all modules on which its import table depends are reloaded, and its export function DllMain is executed.
For the Windows environment, two modules, namely ntdll and kernel32.dll, are loaded in advance; for the Linux environment, the module does not need to be loaded in advance.
For the simulation of the system API, there are three simulation modes: (1) directly calling a system API by the sandbox, returning a result and outputting a log; (2) calling the system API again through the sandbox strict limit authority, returning a result and outputting a log; (3) and the functions of the system API are completely realized again in the sandbox, and the log is output.
The simulation of the first system API calls the system API directly from the sandbox, and this system API does not access system resources, but only directly accesses the current virtual address space to perform functions, such as a string copy operation like "lstrcpyA" or a memory copy operation like "memcpy".
The simulation of the second system API calls the system API after the sandbox strictly limits the authority, and the system API needs to access system resources and is limited by a Windows security access model.
The restriction rules are as follows: (a) setting the integrity level of a security token of a new process as untrusted for a system API for creating the process, and calling the system API to start the process; meanwhile, a sandbox environment is started to load and analyze the mapping file of the new process; (b) setting the access authority of the temporary resource space in the S1 to enable the process with integrity level to access; (c) for file operations and registry operations, the operation path is redirected to a temporary resource space while emulating the associated system API.
The simulation of the API of the third system belongs to complete simulation, and all functions are realized by sandbox. The method comprises the following steps: (a) a system API required for simulating an execution environment, such as LoadLibrary, GetProcAddess; (b) simulating to execute a system API which cannot be called, such as a system API related to debugger operation; (c) the system API that does not need the system to perform the actual function, for example, for network operation, the real network behavior should not be realized, and only the system API call sequence and parameter data are output.
For the simulation of the debugger, a hook interface provided by a Unicorn engine is used, after secondary development, a program take-over point is preset, in the simulation execution process, when the take-over point is encountered, an interrupt is generated, and the simulated debugger takes over the execution of the debugged instruction sequence. Specifically, the approach to simulating a debugger is to (1) treat software breakpoints as program points taken over by the debugger; (2) treating the single step stepping as simulating to execute one instruction; (3) the single step has two conditions, regarding a non-call instruction as single step in, regarding a call instruction, setting a breakpoint for the next instruction of the call instruction, and then performing simulation; (4) the simulated debugger exists in the sandbox as a thread and interacts with the terminal. (5) When a program point starts the dynamic tracking function, the debugger takes over the execution of all instructions after the program point starts, and outputs the changes of the register and the memory.
S3, calling the sample through the taking over system API, loading and executing the sample; during execution of a sample, simulated execution, and dynamic tracing of instructions, may be interrupted or initiated by the debugger at any instruction location.
The step of taking over the calling of the system API to the sample in the S3 of the invention comprises the following steps: a cross-module call through a call instruction, or a system call through a syscall instruction.
For the call instruction, firstly, whether the call instruction belongs to the condition a is judged, and if the call instruction belongs to the condition a, the sandbox makes simulation API call.
And the process of judging the condition a is to check the operand numerical value of each call instruction, judge whether the operand numerical value belongs to the external module, if so, further judge whether the external module belongs to the Windows environment subsystem, and if so, judge that the condition a is the condition a.
For the syscall instruction, firstly, the corresponding information of the current system version in the system call number is acquired, and then the sandbox carries out simulation system call according to the correct mapping relation.
And S4, analyzing the basic behaviors of the samples through the output log of the system API, further analyzing the risk behaviors through a heuristic method, and finally storing the analysis result into a local relational database.
The basic behaviors of the sample in S4 of the present invention include: process tree, file operation, registry operation, network operation, and creation service. These behaviors are determined according to a single key API, e.g., if called by the CreateProcess series function, a node is added to the process tree; the ReadFile and WriteFile functions respectively correspond to file reading operation and file writing operation; the RegQueryValueEx and RegSetValueEx functions respectively correspond to query operation and write operation of registry key values;
the heuristic method specifically comprises the following steps: and under the judgment rule, judging the risk behavior according to the combination mode of the system API calling sequence and the instruction context thereof. The heuristic approach is based on a feature analysis of the prior art. For example, for code injection, if functions such as VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread appear consecutively in the system API call sequence, it can be determined to have the risk behavior of far thread injection.
The resulting risk behaviors that can be analyzed include: code injection, resource release, keyboard recording, startup item modification, environment variable modification, plan task creation, anti-debugging technology and anti-virtual machine technology.
The above is only a preferred embodiment of the present invention, and it should be noted that the above preferred embodiment should not be considered as limiting the present invention, and the protection scope of the present invention should be subject to the scope defined by the claims. It will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the spirit and scope of the invention, and these modifications and adaptations should be considered within the scope of the invention.
Claims (10)
1. A sandbox building method based on simulation execution is characterized by comprising the following steps:
s1: firstly, obtaining a sample, analyzing the sample in a static analysis mode, obtaining file information of the sample, setting a redirected temporary resource space according to a configuration file of a sandbox, and setting a simulation environment of a simulation system platform according to the file information;
s2: an execution environment for a simulation system platform, comprising: the CPU simulator is used for simulating a global descriptor table and initializing a segment register; simulating an executable file loader; simulating a system data structure; simulating system API call, simulating and realizing a call process in a strictly limited mode, and outputting a log; simulating a takeover system API;
s3, calling the sample through the taking over system API, loading and executing the sample;
and S4, analyzing the basic behaviors of the samples through the output log of the system API, further analyzing the risk behaviors through a heuristic method, and finally storing the analysis result into a local relational database.
2. The sandbox building method based on simulation execution as claimed in claim 1, wherein the file information in S1 specifically includes: file format, CPU instruction set architecture, operating system platform, function export table, function import table, string list table, and hash value.
3. The sandbox building method based on simulation execution as claimed in claim 1, wherein the setting of the simulation environment in S1 specifically includes: initializing a CPU simulator according to the CPU instruction set architecture information; setting a simulation system environment according to an operating system platform; the method of loading and executing the file is determined according to the file format.
4. The sandbox building method based on simulation execution of claim 1, wherein the simulation system API call in S2 is implemented by: and directly calling a system API by the sandbox, returning a result and outputting a log.
5. The sandbox building method based on simulation execution of claim 1, wherein the simulation system API call in S2 is implemented by: and calling the system API again through strict limitation of the permission of the sandbox, returning a result and finally outputting the log.
6. The sandbox building method based on simulation execution of claim 1, wherein the simulation system API call in S2 is implemented by: and the functions of the system API are completely realized again in the sandbox, and the log is output.
7. The method of claim 1, wherein the step of taking over the calling of the system API to the sample in S3 comprises: a cross-module call through a call instruction, or a system call through a syscall instruction.
8. The sandbox building method according to claim 1, wherein during execution of the sample, S3 provides a debugger for interrupting or starting simulation execution at any instruction position and dynamic tracing of the instruction.
9. The method of claim 1, wherein the basic behavior of the sample in S4 comprises: process tree, file operation, registry operation, network operation, and service creation; the risk behaviors include: code injection, resource release, keyboard recording, startup item modification, environment variable modification, plan task creation, anti-debugging technology and anti-virtual machine technology.
10. The simulation-execution-based sandbox building method according to claim 1, wherein the heuristic method in S4 specifically is: and under the judgment rule, judging the risk behavior according to the combination mode of the system API calling sequence and the instruction context thereof.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111519534.1A CN113918950A (en) | 2021-12-14 | 2021-12-14 | Sandbox construction method based on simulation execution |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111519534.1A CN113918950A (en) | 2021-12-14 | 2021-12-14 | Sandbox construction method based on simulation execution |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113918950A true CN113918950A (en) | 2022-01-11 |
Family
ID=79249163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111519534.1A Pending CN113918950A (en) | 2021-12-14 | 2021-12-14 | Sandbox construction method based on simulation execution |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918950A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
| CN103440457A (en) * | 2013-08-20 | 2013-12-11 | 上海交通大学 | Binary program analytic system based on process simulation |
| CN104036193A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Local cross-domain vulnerability detection method and device for application program |
| CN105893228A (en) * | 2009-12-15 | 2016-08-24 | 迈克菲股份有限公司 | Systems and methods for behavioral sandboxing |
| CN105975858A (en) * | 2015-12-08 | 2016-09-28 | 武汉安天信息技术有限责任公司 | Method and system for malicious code detection based on virtual technology in Android system |
| CN112861138A (en) * | 2019-11-28 | 2021-05-28 | 国民技术股份有限公司 | Software security analysis method and analysis device, electronic device, and storage medium |
| CN113378182A (en) * | 2021-07-13 | 2021-09-10 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting privilege escalation vulnerability |
-
2021
- 2021-12-14 CN CN202111519534.1A patent/CN113918950A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893228A (en) * | 2009-12-15 | 2016-08-24 | 迈克菲股份有限公司 | Systems and methods for behavioral sandboxing |
| CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
| CN103440457A (en) * | 2013-08-20 | 2013-12-11 | 上海交通大学 | Binary program analytic system based on process simulation |
| CN104036193A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Local cross-domain vulnerability detection method and device for application program |
| CN105975858A (en) * | 2015-12-08 | 2016-09-28 | 武汉安天信息技术有限责任公司 | Method and system for malicious code detection based on virtual technology in Android system |
| CN112861138A (en) * | 2019-11-28 | 2021-05-28 | 国民技术股份有限公司 | Software security analysis method and analysis device, electronic device, and storage medium |
| CN113378182A (en) * | 2021-07-13 | 2021-09-10 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting privilege escalation vulnerability |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8930912B2 (en) | Method and system for performing software verification | |
| Huang et al. | Crax: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations | |
| Godefroid | Micro execution | |
| US20100095281A1 (en) | Internal Function Debugger | |
| Martignoni et al. | Testing system virtual machines | |
| Huang et al. | Software crash analysis for automatic exploit generation on binary programs | |
| US20050108562A1 (en) | Technique for detecting executable malicious code using a combination of static and dynamic analyses | |
| Lopez et al. | A survey on function and system call hooking approaches | |
| WO2021057057A1 (en) | Target-code coverage testing method, system, and medium of operating system-level program | |
| Bazhaniuk et al. | Symbolic Execution for {BIOS} Security | |
| Ghosh et al. | An approach to testing COTS software for robustness to operating system exceptions and errors | |
| Patrick-Evans et al. | {POTUS}: Probing {Off-The-Shelf}{USB} Drivers with Symbolic Fault Injection | |
| Cloosters et al. | {SGXFuzz}: Efficiently synthesizing nested structures for {SGX} enclave fuzzing | |
| Jeong et al. | Fifa: A kernel-level fault injection framework for arm-based embedded linux system | |
| CN113760770A (en) | Anti-debugging method and system based on automatic static resource detection | |
| Zaidenberg et al. | Detecting kernel vulnerabilities during the development phase | |
| Yang et al. | Uefi firmware fuzzing with simics virtual platform | |
| Jianming et al. | PVDF: An automatic patch-based vulnerability description and fuzzing method | |
| Shen et al. | Tardis: Coverage-guided embedded operating system fuzzing | |
| Ren et al. | A dynamic taint analysis framework based on entity equipment | |
| CN113918950A (en) | Sandbox construction method based on simulation execution | |
| CN113378182B (en) | Method, device, equipment and medium for detecting right-raising loopholes | |
| Yan et al. | Fast PokeEMU: Scaling generated instruction tests using aggregation and state chaining | |
| Wang et al. | Detecting data races in interrupt-driven programs based on static analysis and dynamic simulation | |
| Hermann et al. | Getting to know you: Towards a capability model for java |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220111 |
|
| RJ01 | Rejection of invention patent application after publication |