CN102929614A - Adjustable object program characteristic extracting method for detecting loophole - Google Patents
Adjustable object program characteristic extracting method for detecting loophole Download PDFInfo
- Publication number
- CN102929614A CN102929614A CN2012103915427A CN201210391542A CN102929614A CN 102929614 A CN102929614 A CN 102929614A CN 2012103915427 A CN2012103915427 A CN 2012103915427A CN 201210391542 A CN201210391542 A CN 201210391542A CN 102929614 A CN102929614 A CN 102929614A
- Authority
- CN
- China
- Prior art keywords
- function
- program
- statement
- turn
- variable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000001514 detection method Methods 0.000 claims abstract description 35
- 230000008569 process Effects 0.000 claims abstract description 34
- 230000006870 function Effects 0.000 claims description 89
- 238000000605 extraction Methods 0.000 claims description 28
- 239000000284 extract Substances 0.000 claims description 16
- 230000000875 corresponding effect Effects 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 12
- 230000009471 action Effects 0.000 claims description 9
- 230000010354 integration Effects 0.000 claims description 6
- 241000208340 Araliaceae Species 0.000 claims description 4
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims description 4
- 235000003140 Panax quinquefolius Nutrition 0.000 claims description 4
- 235000008434 ginseng Nutrition 0.000 claims description 4
- 230000008520 organization Effects 0.000 claims description 4
- 230000006399 behavior Effects 0.000 claims description 3
- 230000002596 correlated effect Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides an adjustable object program characteristic extracting method for detecting a loophole. The method comprises the following steps of: 1) loading a flow into a loophole model and establishing a data structure of the loophole model; 2) loading a program and carrying out state characteristic analyzing and extracting to abstract a software code complied through gcc (GNU compiler collection), constructing a program state characteristic sequence (for loophole detection) of an adjustable object; and (3) adding the loophole model into an internal memory from a database to be used as a reference evidence in a process of analyzing the program. In the processes of loading the program and carrying out the state characteristic analyzing, a necessary program state sequence is extracted according to information of related operation of the loophole model to finish abstracting and modeling of a program to be detected to obtain a program state characteristic related to the loophole, namely, the state characteristic sequence of the adjustable object; the loophole model is formed by integrating the related operation of the loophole; and the adjustable object is a variable required to be analyzed and detected and referring to the related operation of the loophole in the program, and an input variable and an output variable can be the adjustable objects.
Description
Technical field
The present invention relates to technical field of software engineering, especially relate to the detection method to software.
Background technology
Hiding security breaches are vulnerable to cause damage software because existing, and its security threat has ever-increasing trend.By software code is carried out Hole Detection, the security breaches of finding and eliminating in the software are one of important means that reduce security threat, reduction security risk.It is a kind of representative code leak detection method that vulnerability model detects.For this reason, we propose a kind of adjustable object program status flag extracting method for Hole Detection, carry out the state abstraction modeling, set up the program state characteristic model that is used for Hole Detection for treating the trace routine code.
Present vulnerability model software vulnerability detection method exists rechecking in testing process, check the shortcomings such as focal point is not concentrated, not accurate enough, and the speed of detection and the accuracy deficiency that seems affects the applicability of detection method.
Summary of the invention
The present invention seeks to, a kind of program state feature extracting method for Hole Detection is proposed, the method avoids adopting the detection order of original method simulator program execution flow process, only extract with vulnerability model and detect relevant adjustable object program status flag, emphasis is to the detection of the emphasis state that may have potential leak, the speed and the accuracy that detect to improve software vulnerability.
For realizing described purpose of the present invention, the technical scheme that the present invention proposes is that a kind of for software vulnerability detection, adjustable object program feature extracting method, its step comprises:
1) vulnerability model is written into flow process, sets up the data structure of vulnerability model;
2) program is written into and flow process is extracted in the status flag analysis, the software code through the gcc compiling is carried out abstract, is configured to program state characteristic sequence Hole Detection, adjustable object.
With vulnerability model graftabl from database, so that when routine analyzer, as the reference foundation.Program is written into and the status flag analytic process, according to the program state sequence of information extraction necessity of vulnerability model associative operation, finishes the abstract modeling to program, obtains the relevant program state feature of leak, namely adjustable object the status flag sequence.
Vulnerability model is made of the set of leak associative operation.Control and display causes the action that state changes, and each operation has the attributes such as set of operation number, action, feature, input variable and output variable.The action of operation refers to concrete program behavior; The feature of operation has generation, shifts, refreshes and uses equivalent.Adjustable object refers to need analysis that leak associative operation in the program is related and the variable of detection, and input variable and output variable all are adjustable objects.The set of operation is stored in the table in the database: i.e. operative relationship table.For making things convenient for the model Check processing, in internal memory, set up the performance variable relation table of being retrieved by operational motion.The corresponding chained list of each operational motion, the node of chained list is an input/output relation, the relation of an output variable of expression and its input variable.
Program is written into status flag and extracts flow process, and program state characteristic information relevant with Vuln Status in the programmed control flow graph, namely the status switch of program regulated variable extracts, and organizes take function as unit; Each group of functions is made into several by the sequence of operational states chained list of adjustable object indexing.
The invention has the beneficial effects as follows, the target that realization detects towards the software vulnerability model based on vulnerability model, there are a large amount of repeated works for present software vulnerability detection method, inspection and concern target are too wide in range, affect detection speed, and the inaccurate problem of state analysis, state model based on software vulnerability, utilize control flow graph and data-flow analysis technology, centered by the outside adjustable object of emphasis, extract the program state feature relevant with the state model of software vulnerability, software code is carried out abstract modeling, can be used for it is carried out the leak Static Detection, to judge vulnerability model existing in code.The present invention avoids adopting the detection order of original method simulator program execution flow process, only extract with vulnerability model and detect relevant adjustable object program status flag, emphasis improves speed and accuracy that software vulnerability detects greatly to the detection of the emphasis state that may have potential leak.
Description of drawings
Fig. 1 is used for the program state feature extraction synoptic diagram that vulnerability model detects;
Fig. 2 is that vulnerability model is written into process flow diagram;
Fig. 3 is that program is written into status flag extraction process flow diagram;
Fig. 4 is that the function program status flag extracts process flow diagram;
Fig. 5 is the statement state extraction process process flow diagram of statement block;
Fig. 6 is function call statement processing flow chart.
Embodiment
The inventive method workflow such as Fig. 1-shown in Figure 6.
Figure 1 shows that one-piece construction and principle of work that this method is implemented.The purpose of this method is that related operation is treated trace routine and carried out state analysis and filtration according to vulnerability model, obtains the program state feature relevant with Hole Detection.For improving processing speed, need to be with vulnerability model graftabl from database, so that when routine analyzer, as the reference foundation.Program is written into and the status flag analytic process, according to the program state sequence of information extraction necessity of vulnerability model associative operation, finishes the abstract modeling to program, obtains the relevant program state feature of leak, namely adjustable object the status flag sequence.
Fig. 2 represents that vulnerability model is written into flow process.Vulnerability model is made of the set of leak associative operation.Control and display causes the action that state changes, and each operation has the attributes such as set of operation number, action, feature, input variable and output variable.The action of operation refers to concrete program behavior.The feature of operation has generation, shifts, refreshes and uses equivalent.Adjustable object refers to need analysis that leak associative operation in the program is related and the variable of detection, and input variable and output variable all are adjustable objects.The set of operation is stored in the table in the database: the operative relationship table.For making things convenient for the model Check processing, in internal memory, set up the performance variable relation table of being retrieved by operational motion.The corresponding chained list of each operational motion, the node of chained list is an input/output relation, the relation of an output variable of expression and its input variable.Concrete steps are as follows.
Step 20 is initial states; Step 21 is got the record of an operative relationship head successively in the operative relationship table of database; Step 22 judges whether to get the record of an operative relationship head, turns step 23 if get, otherwise turns step 27; Step 23 creates the performance variable relation table gauge outfit of this operational motion, according to the output variable number, creates the output variable pointer chain; Step 24 is got the record of the output variable relation of this operation successively in the database manipulation relation table; Step 25 judges whether to get the record of the output variable relation of this operation; Turn step 26 if get, otherwise turn step 21; Step 26 creates an input/output relation node, and output variable and its input variable of node is set with the content that reads; Judge whether corresponding this node of output variable pointed is to turn step 27, otherwise turns step 24.Step 27 is done state, and the performance variable relation table is set up and finished.
Fig. 3 representation program is written into status flag and extracts flow process.Program state characteristic information relevant with Vuln Status in the programmed control flow graph, namely the status switch of the adjustable object of program extracts, and organizes take function as unit.Each group of functions is made into several by the sequence of operational states chained list of adjustable object indexing.Each node of status switch chained list represents the variable state of an adjustable object relevant with Vuln Status.Make on the one hand function be reduced to the correlated variables set that Hole Detection is paid close attention to, on the other hand, filter and remove the variable state irrelevant with Hole Detection, and make its serializing, be convenient to Check processing.
The program state feature extraction is processed and is begun to carry out from the main function, and its flow process is as follows.Step 31 is initial states.Step 32 is initialization process: the access flag that all functions are set is OFF (value is 0); Putting the extraction process function is function main, and the adjustable object set of function call is empty.Step 33 pair extraction process function carries out the function program status flag and extracts.Treatment scheme is seen Fig. 4.The program state feature that step 34 storage is extracted is to disk.With the program state feature of whole functions, comprise that adjustable object set and sequence of operational states thereof write disk and preserve.Step 35 is done state.At this moment, the sequence of operational states of all functions has been set up and has been finished, and can be used as the usefulness of procedure operation status switch analysis.
Fig. 4 is that the function program status flag extracts process flow diagram, and expression is carried out the process that the function program status flag extracts to processing function.Step 40 is initial states.Step 41 is taken out in the programmed control flow graph and is processed function and construct its data structure.Step 41a judges that the access flag of processing function is ON (value is 1).Then to turn step 4f; Otherwise turn step 42.Step 42 function is processed initialization: create the statement block chained list gauge outfit (this moment, gauge outfit also was chained list table tail) of this function, and sequence of operational states chained list gauge outfit.Be each adjustable object in the adjustable object set of the input of function (being primary object), set up sequence of operational states (initially without node) and the relation integration (being initialized as sky) of primary object.The current statement block of step 43 statement block chained list moves once backward, and makes when carrying out first current statement block point to a statement block of function.Step 44 judges whether statement block is empty.Be then to turn step 4d, otherwise turn step 45.Step 45 is carried out the analysis state extraction process of current statement block, and treatment scheme is seen Fig. 5.Step 46 is judged the follow-up whether sequential organization of current statement block.Be then to turn step 47, otherwise turn step 48.Step 47 is taken out next follow-up statement block of sequential organization and is put into statement block chained list table tail, and follow-up statement block tagging DONE(value is 1).If follow-up statement block is mark DONE, no longer put into.Turn step 4d.Step 48 is judged the follow-up whether if structure of current statement block.Be then to turn step 49, otherwise turn step 4a.Step 49 pair conditional expression extracts variables collection (be called and refresh variables collection).To take out the if statement be true and be the follow-up statement block of fictitious time, and will refresh variables collection and add and be linked to follow-up statement block, puts into successively statement block chained list table tail, follow-up statement block tagging DONE.If follow-up statement block is mark DONE, no longer put into.Turn step 4d.Step 4a judges the follow-up whether switch structure of current statement block.Be then to turn step 4b, otherwise turn step 4d.The statement block that step 4b takes out in the switch branch statement is put into statement block chained list table tail, the follow-up statement block tagging DONE of branch.If follow-up statement block is mark DONE, no longer put into.Step 4c judges whether that to the switch branch statement that takes out all statement blocks all are disposed.Be then to turn step 4d, otherwise turn step 4b.Step 4d judges whether last-of-chain (this moment, the sequence of operational states chained list of function built up) of the current statement block of statement block chained list.Be then to turn step 4e, otherwise turn step 43.Step 4e creates the performance variable relation table gauge outfit of this operational motion, creates the output variable pointer chain.Step 4e1 obtains and transmits that function shape ginseng is output variable in the variable, obtains then step 4e2, otherwise step 4e3.Step 4e2 creates an output variable and concerns node, with the output variable state this node is set, and corresponding this node of output variable pointed, turns step 4e1.The access flag of step 4e3 set handling function is ON (value is 1).Step 4f is that function is processed done state.At this moment, the adjustable object set of extraction process function and sequence of operational states chained list thereof have been set up and have been finished.
Fig. 5 represents the statement mode of operation extraction process flow process of a statement block.Step 50 is initial states.The statement that step 51 takes out this statement block in turn is current statement.Step 52 judges whether to get.Turn step 53 if get, otherwise turn step 5e.Step 53 is looked into the performance variable relation table, judges whether this statement is to produce operation (statement is the generation that is characterized as that operates in the performance variable relation table and operate).Be then to turn step 53a, otherwise turn step 55.The output variable that step 53a should operate is the new adjustable object that produces (for primary object).Judge that the new primary object that produces is whether in the adjustable object set in this locality.Be then to turn step 55, otherwise turn step 54.Step 54 joins this primary object in the local adjustable object set of function; Set up the sequence of operational states of this primary object, the first node input and output item of sequence of operational states is all oneself, is operating as the operation of this statement; Set up the relation integration of this primary object, and be initialized as sky.Turn step 55.Step 55 judges whether this statement operation is Vuln Status associative operation (statement is the non-generation that is characterized as that operates in the performance variable relation table and operate).Be then to turn step 56, otherwise turn step 59.Step 56 is looked into the performance variable relation table according to this statement operation, obtains successively an output variable, is step 56a then, otherwise turns step 59.Step 56a looks into the variables collection that refreshes whether the input variable of judging output variable belongs to statement block, is step 56 then, otherwise turns step 57.Step 57 judges that output variable is whether in the adjustable object set in this locality.Be then to turn step 58a, otherwise turn step 58.Step 58 joins this output variable in the local adjustable object set of function; Set up the sequence of operational states of this adjustable object, concern according to output variable the first node of setting operation status switch to be operating as the operation of this statement.Find the affiliated primary object of input variable, add output variable in the relation integration of primary object.Turn step 56.Step 58a concerns according to output variable, sets up and arrange corresponding input/output relation node, and is linked to the sequence of operational states of this adjustable object.Turn step 56.Step 59 judges whether this statement is function call.Be then to turn step 5a, otherwise turn step 5b.Step 5a function call statement is processed, and treatment scheme is seen Fig. 6, turns step 5b.Step 5b turns step 51.Step 5e is done state, and a statement block processing finishes.
Fig. 6 is function call statement treatment scheme, the process of representative function call statement mode of operation extraction process.Be step 5a function call statement treatment scheme: step 60 is initial states.If step 60a judge to process whether the access flag of function is ON, step 60b then, otherwise step 61; Step 60b looks into the performance variable relation table, gets the input/output relation set; Upgrade successively the state of output variable, set up and arrange corresponding sequence of operational states node, and be linked to the sequence of operational states of output variable; Turn step 69; Step 61 function call is inputted adjustable object set and is initialized as sky; The parameter that step 62 order is got call function; Step 63 judges whether to get, if do not get, then turns step 67; Step 64 is judged parameter whether in adjustable object set, if not, then turn step 62, be then to turn step 65; The step 65 shape ginseng that this adjustable object is corresponding joins function call and inputs adjustable object set; Turn step 62; Step 67 is put the extraction process function and is the function that is called, and inputting adjustable object set is the adjustable object set of function call; Step 68 pair extraction process function carries out the program state feature extraction, and treatment scheme sees that the function program status flag extracts flow process (referring to Fig. 4), turns step 69; Step 69 is done states, and the function call processing finishes.
Claims (6)
1. adjustable object program feature extracting method that is used for Hole Detection is characterized in that comprising that step is as follows:
1) vulnerability model is written into flow process, sets up the data structure of vulnerability model;
2) program is written into and flow process is extracted in the status flag analysis, the software code through the gcc compiling is carried out abstract, is configured to program state characteristic sequence Hole Detection, adjustable object;
With vulnerability model graftabl from database, when routine analyzer, as the reference foundation.Program is written into and the status flag analytic process, according to the program state sequence of information extraction necessity of vulnerability model associative operation, finishes the abstract modeling for the treatment of measuring program, obtains the relevant program state feature of leak, namely adjustable object the status flag sequence;
Vulnerability model is made of the set of leak associative operation; Control and display causes the action that state changes, and each operation has the attributes such as set of operation number, action, feature, input variable and output variable; The action of operation refers to concrete program behavior; The feature of operation has generation, shifts, refreshes and uses equivalent.Adjustable object refers to need analysis that leak associative operation in the program is related and the variable of detection, and input variable and output variable all are adjustable objects; The set of operation is stored in the table in the database: i.e. operative relationship table.
2. the adjustable object program feature extracting method for Hole Detection according to claim 1 is characterized in that setting up the performance variable relation table of being retrieved by operational motion for making things convenient for the model Check processing in internal memory.The corresponding chained list of each operational motion, the node of chained list is an input/output relation, the relation of an output variable of expression and its input variable; Idiographic flow: step 20 is initial states; Step 21 is got the record of an operative relationship head successively in the operative relationship table of database; Step 22 judges whether to get the record of an operative relationship head, turns step 23 if get, otherwise turns step 27; Step 23 creates the performance variable relation table gauge outfit of this operational motion, according to the output variable number, creates the output variable pointer chain; Step 24 is got the record of the output variable relation of this operation successively in the database manipulation relation table; Step 25 judges whether to get the record of the output variable relation of this operation; Turn step 26 if get, otherwise turn step 21; Step 26 creates an input/output relation node, and output variable and its input variable of node is set with the content that reads; Judge whether corresponding this node of output variable pointed is to turn step 27, otherwise turns step 24.Step 27 is done state, and the performance variable relation table is set up and finished.
3. the adjustable object program feature extracting method for Hole Detection according to claim 1 and 2, it is characterized in that program is written into and status flag extraction flow process, program state characteristic information relevant with Vuln Status in the programmed control flow graph, the status switch that is the adjustable object of program extracts, and organizes take function as unit; Each group of functions is made into several by the sequence of operational states chained list of adjustable object indexing; Each node of status switch chained list represents the variable state of an adjustable object relevant with Vuln Status.Make on the one hand function be reduced to the correlated variables set that Hole Detection is paid close attention to, on the other hand, filter and remove the variable state irrelevant with Hole Detection, and make its serializing, be convenient to Check processing.
4. according to claim 1 or 3 described adjustable object program feature extracting methods for Hole Detection, it is characterized in that the program state feature extraction is processed and begin to carry out from the main function that its flow process is as follows: step 31 is initial states.Step 32 is initialization process: the access flag that all functions are set is that OFF, value are 0; Putting the extraction process function is function main, and the adjustable object set of function call is empty; Step 33 pair extraction process function carries out the function program status flag and extracts; The program state feature that step 34 storage is extracted is to disk.With the program state feature of whole functions, comprise that adjustable object set and sequence of operational states thereof write disk and preserve; Step 35 is done state; At this moment, the sequence of operational states of all functions has been set up and has been finished, as the usefulness of procedure operation status switch analysis.
5. the adjustable object program feature extracting method for Hole Detection according to claim 4 is characterized in that step 33 pair extraction process function carries out the function program status flag and extracts flow process: the process that expression is carried out the extraction of function program status flag to the processing function; Step 40 initial state.Step 41 is taken out in the programmed control flow graph and is processed function and construct its data structure; Step 41a judges that the access flag of processing function is that ON, value are 1, is then to turn step 4f, otherwise turns step 42; Step 42 function is processed initialization: statement block chained list gauge outfit, this moment gauge outfit that creates this function also is chained list table tail, and sequence of operational states chained list gauge outfit, for each adjustable object, adjustable object in the adjustable object set of the input of function are primary object, set up the sequence of operational states of primary object, when initial without node, set up primary object relation integration, be initialized as sky; The current statement block of step 43 statement block chained list moves once backward, and makes when carrying out first current statement block point to a statement block of function; Step 44 judges that whether statement block is empty, is then to turn step 4d, otherwise turns step 45; Step 45 is carried out the analysis state extraction process of current statement block; Step 46 is judged the follow-up whether sequential organization of current statement block, is then to turn step 47, otherwise turns step 48; Step 47 is taken out next follow-up statement block of sequential organization and is put into statement block chained list table tail, and follow-up statement block tagging DONE, value are 1; If follow-up statement block is mark DONE, no longer put into.Turn step 4d.Step 48 is judged the follow-up whether if structure of current statement block.Be then to turn step 49, otherwise turn step 4a; Step 49 pair conditional expression extracts variables collection, is called and refreshes variables collection; To take out the if statement be true and be the follow-up statement block of fictitious time, and will refresh variables collection and add and be linked to follow-up statement block, puts into successively statement block chained list table tail, follow-up statement block tagging DONE.If follow-up statement block is mark DONE, no longer put into.Turn step 4d.Step 4a judges the follow-up whether switch structure of current statement block.Be then to turn step 4b, otherwise turn step 4d.The statement block that step 4b takes out in the switch branch statement is put into statement block chained list table tail, the follow-up statement block tagging DONE of branch.If follow-up statement block is mark DONE, no longer put into; Step 4c judges whether that to the switch branch statement that takes out all statement blocks all are disposed.Be then to turn step 4d, otherwise turn step 4b; Step 4d judges whether last-of-chain (this moment, the sequence of operational states chained list of function built up) of the current statement block of statement block chained list, is then to turn step 4e, otherwise turns step 43; Step 4e creates the performance variable relation table gauge outfit of this operational motion, creates the output variable pointer chain; Step 4e1 obtains and transmits that function shape ginseng is output variable in the variable, obtains then step 4e2, otherwise step 4e3; Step 4e2 creates an output variable and concerns node, with the output variable state this node is set, and corresponding this node of output variable pointed, turns step 4e1; The access flag of step 4e3 set handling function is that ON, value are 1; Step 4f is that function is processed done state; At this moment, the adjustable object set of extraction process function and sequence of operational states chained list thereof have been set up and have been finished.
6. the adjustable object program feature extracting method for Hole Detection according to claim 5 is characterized in that step 45 carries out the concrete steps of the analysis state extraction process flow process of current statement block: step 50 initial state.The statement that step 51 takes out this statement block in turn is current statement; Step 52 judges whether to get, and turns step 53 if get, otherwise turns step 5e; Step 53 is looked into the performance variable relation table, judges whether this statement is that generation operation, statement are that the generation that is characterized as that operates in the performance variable relation table and operate operates; Be then to turn step 53a, otherwise turn step 55; The output variable that step 53a should operate is the new adjustable object that produces, is primary object; Judge that the new primary object that produces is whether in the adjustable object set in this locality; Be then to turn step 55, otherwise turn step 54; Step 54 joins this primary object in the local adjustable object set of function; Set up the sequence of operational states of this primary object, the first node input and output item of sequence of operational states is all oneself, is operating as the operation of this statement; Set up the relation integration of this primary object, and be initialized as sky; Step 55 judges whether this statement operation is the Vuln Status associative operation, and statement is the non-generation that is characterized as that operates in the performance variable relation table and operate, and is then to turn step 56, otherwise turns step 59; Step 56 is looked into the performance variable relation table according to this statement operation, judges whether to obtain successively an output variable, is step 56a then, otherwise turns step 59; Step 56a judges that whether the input variable of output variable belongs to the variables collection that refreshes of statement block, is then to turn step 56, otherwise turns step 57; Step 57 judges that output variable whether in the adjustable object set in this locality, is then to turn step 58a, otherwise turns step 58; Step 58 joins this output variable in the local adjustable object set of function; Set up the sequence of operational states of this adjustable object, concern according to output variable the first node of setting operation status switch to be operating as the operation of this statement; Find the affiliated primary object of input variable, add output variable in the relation integration of primary object, turn step 56; Step 58a concerns according to output variable, sets up and arrange corresponding input/output relation node, and is linked to the sequence of operational states of this adjustable object, turns step 56; Step 59 judges whether this statement is function call, is then to turn step 5a, otherwise turns step 5b; Step 5a function call statement is processed; Step 5b turns step 51; Step 5e is done state, and a statement block processing finishes.Step 5a function call statement treatment scheme: step 60 is initial states.If step 60a judge to process whether the access flag of function is ON, step 60b then, otherwise step 61; Step 60b looks into the performance variable relation table, gets the input/output relation set; Upgrade successively the state of output variable, set up and arrange corresponding sequence of operational states node, and be linked to the sequence of operational states of output variable; Turn step 69; Step 61 function call is inputted adjustable object set and is initialized as sky; The parameter that step 62 order is got call function; Step 63 judges whether to get, if do not get, then turns step 67; Step 64 is judged parameter whether in adjustable object set, if not, then turn step 62, be then to turn step 65; The step 65 shape ginseng that this adjustable object is corresponding joins function call and inputs adjustable object set; Turn step 62; Step 67 is put the extraction process function and is the function that is called, and inputting adjustable object set is the adjustable object set of function call; Step 68 pair extraction process function carries out the program state feature extraction, and treatment scheme sees that the function program status flag extracts flow process, turns step 69; Step 69 is done states, and the function call processing finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103915427A CN102929614A (en) | 2012-10-16 | 2012-10-16 | Adjustable object program characteristic extracting method for detecting loophole |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103915427A CN102929614A (en) | 2012-10-16 | 2012-10-16 | Adjustable object program characteristic extracting method for detecting loophole |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102929614A true CN102929614A (en) | 2013-02-13 |
Family
ID=47644427
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103915427A Pending CN102929614A (en) | 2012-10-16 | 2012-10-16 | Adjustable object program characteristic extracting method for detecting loophole |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102929614A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324890A (en) * | 2013-07-03 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | Method and device for detecting vulnerable local files of links |
| CN106874767A (en) * | 2015-12-14 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of detection method of bug, terminal and server |
| CN107392029A (en) * | 2017-07-28 | 2017-11-24 | 中国人民解放军63928部队 | A kind of Vulnerability Model construction method based on Chemical Abstract Machine |
| CN107864676A (en) * | 2015-08-11 | 2018-03-30 | 赛门铁克公司 | System and method for detecting unknown leak in calculating process |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930401A (en) * | 2010-09-20 | 2010-12-29 | 南京大学 | Detection object-based software vulnerability model detection method |
| CN101937395A (en) * | 2010-09-20 | 2011-01-05 | 南京大学 | Detected object program feature extraction method for vulnerability detection |
-
2012
- 2012-10-16 CN CN2012103915427A patent/CN102929614A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930401A (en) * | 2010-09-20 | 2010-12-29 | 南京大学 | Detection object-based software vulnerability model detection method |
| CN101937395A (en) * | 2010-09-20 | 2011-01-05 | 南京大学 | Detected object program feature extraction method for vulnerability detection |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324890A (en) * | 2013-07-03 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | Method and device for detecting vulnerable local files of links |
| CN103324890B (en) * | 2013-07-03 | 2018-12-21 | 百度在线网络技术(北京)有限公司 | The detection method and device that local file includes loophole are carried out to link |
| CN107864676A (en) * | 2015-08-11 | 2018-03-30 | 赛门铁克公司 | System and method for detecting unknown leak in calculating process |
| CN106874767A (en) * | 2015-12-14 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of detection method of bug, terminal and server |
| CN106874767B (en) * | 2015-12-14 | 2019-10-01 | 阿里巴巴集团控股有限公司 | A kind of detection method of program bug, terminal and server |
| CN107392029A (en) * | 2017-07-28 | 2017-11-24 | 中国人民解放军63928部队 | A kind of Vulnerability Model construction method based on Chemical Abstract Machine |
| CN107392029B (en) * | 2017-07-28 | 2020-07-07 | 中国人民解放军63928部队 | Vulnerability model construction method based on chemical abstract machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tann et al. | Towards safer smart contracts: A sequence learning approach to detecting security threats | |
| CN105184160A (en) | API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform | |
| CN100451988C (en) | Method and system for realizing unit test | |
| CN106326107B (en) | Non-intrusion type embedded software abnormal based on simulated environment handles verification method | |
| CN101388055B (en) | Program operation characteristic extracting method for detecting vulnerability model | |
| CN104766015B (en) | A kind of buffer-overflow vulnerability dynamic testing method based on function call | |
| CN101714118A (en) | Detector for binary-code buffer-zone overflow bugs, and detection method thereof | |
| CN112989363B (en) | Vulnerability positioning method and device, electronic equipment and storage medium | |
| CN102929614A (en) | Adjustable object program characteristic extracting method for detecting loophole | |
| CN109918296A (en) | Automatic software test method and device | |
| CN111931179A (en) | Cloud malicious program detection system and method based on deep learning | |
| CN112527674A (en) | Safety evaluation method, device, equipment and storage medium of AI (Artificial Intelligence) framework | |
| CN116361810A (en) | Intelligent contract vulnerability detection method based on symbol execution | |
| CN101937395B (en) | Detected object program feature extraction method for vulnerability detection | |
| CN114626069A (en) | Threat modeling method and device | |
| CN110162474B (en) | Intelligent contract reentry vulnerability detection method based on abstract syntax tree | |
| Stephan et al. | Identifying instances of model design patterns and antipatterns using model clone detection | |
| CN101930401B (en) | Detection object-based software vulnerability model detection method | |
| CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
| CN110309656B (en) | Implicit type conversion security detection method | |
| CN110457208B (en) | Symbol execution guiding method, device, equipment and computer readable storage medium | |
| CN116521231A (en) | Reference model for SPARC V8 instruction set dynamic simulation verification | |
| CN111143851B (en) | Detection method and system suitable for kernel object address leakage of operating system | |
| CN114647845A (en) | Detection and identification method and device for malicious sample delay codes | |
| CN113688916A (en) | Feature data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130213 |