CN111222141B - Automobile electronic control unit code vulnerability analysis method and system - Google Patents
Automobile electronic control unit code vulnerability analysis method and system Download PDFInfo
- Publication number
- CN111222141B CN111222141B CN201911407069.5A CN201911407069A CN111222141B CN 111222141 B CN111222141 B CN 111222141B CN 201911407069 A CN201911407069 A CN 201911407069A CN 111222141 B CN111222141 B CN 111222141B
- Authority
- CN
- China
- Prior art keywords
- syntax tree
- analysis
- vulnerability
- control unit
- bug
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
Abstract
The invention discloses a method and a system for analyzing bugs of automobile electric control unit codes, wherein corresponding bug analysis rules are set according to types of bugs to be analyzed, the automobile electric control unit codes to be detected are compiled after being subjected to head file directory marking, a symbol execution syntax tree and a program control flow diagram are generated, the symbol execution syntax tree is traversed according to the control flow diagram to access the symbol execution syntax tree for bug detection, and finally, bug detection results of all program blocks in the symbol execution syntax tree are summarized and arranged into bug analysis reports and output. The method and the device can realize automatic analysis and report generation of the automobile electronic control unit code bugs, improve the bug analysis efficiency and further ensure the safety of the automobile electronic control unit codes.
Description
Technical Field
The invention belongs to the technical field of automobile electric control units, and particularly relates to a method for analyzing code loopholes of an automobile electric control unit.
Background
With the popularization of intelligent networked automobiles, the number of vehicle-mounted electronic devices is more and more complex, the code amount is greatly increased due to the quantity of the rapidly increased electronic devices, and when the code scale on the automobile is quite large, it is not practical to simply review code bugs and confuse codes manually.
The automobile industry is different from the traditional internet industry, the software security has quite high standards and requirements, the code security problem can cause serious problems on automobiles, and the research on automobile code vulnerability analysis is less at present. Therefore, research on analysis rules and methods of automobile code bugs is helpful for the safe and healthy development of the automobile and software industries.
Although some open-source tools can realize code vulnerability analysis at present, the problems that parameters and commands need to be input manually and manual screening is carried out from analysis results still exist, and automatic analysis cannot be completed. Therefore, it is necessary to develop an automatic code vulnerability analysis method.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a method and a system for analyzing the code vulnerability of an automobile electric control unit, so that the automatic analysis and report generation of the code vulnerability of the automobile electric control unit are realized, the vulnerability analysis efficiency is improved, and the safety of the code of the automobile electric control unit is ensured.
In order to achieve the purpose, the method for analyzing the code loophole of the automobile electronic control unit comprises the following steps:
s1: setting a corresponding vulnerability analysis rule according to the type of the vulnerability to be analyzed;
s2: carrying out header file directory marking on the automobile electronic control unit code to be detected;
s3: compiling the source code to be detected according to the marked header file directory, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree;
s4: executing the syntax tree according to the symbols to generate a program control flow graph;
s5: traversing and accessing a symbol execution syntax tree according to a control flow graph, simulating the running of a program of an automobile electric control unit through symbol execution, matching a function in a program block of the symbol execution syntax tree with a corresponding function in an analysis rule, if the matching is passed, judging that a code corresponding to the program block has no leak, and if the matching is not passed, judging that the code corresponding to the program block has a leak, and recording the leak;
s6: and (4) summarizing and arranging the bug detection results of the program blocks obtained in the step (S5) into bug analysis reports and outputting the bug analysis reports.
The invention also provides a system for analyzing the code vulnerability of the automobile electronic control unit, which comprises an engineering management module, an analysis rule base module, a vulnerability analysis module and a report generation module, wherein the engineering management module comprises:
the engineering management module is used for importing codes of the automobile electric control units to be detected and marking head file directories of the codes;
the analysis rule base module is used for storing analysis rules corresponding to all vulnerability types of the automobile electronic control unit codes;
the vulnerability analysis module is used for reading corresponding analysis rules from the analysis rule base module according to the vulnerability types to be analyzed input by the user, and then carrying out vulnerability analysis according to the following steps:
1) compiling a source code to be detected, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree;
2) executing the syntax tree according to the symbols to generate a program control flow graph;
3) traversing and accessing a symbol execution syntax tree according to a control flow graph, simulating the running of a vehicle electronic control unit program through symbol execution, matching a function in a symbol execution syntax tree program block with a corresponding function in an analysis rule, if the matching is passed, judging that a code corresponding to the program block has no leak, if the matching is not passed, judging that the code corresponding to the program block has a leak, recording the leak, and sending the record to a report generation module;
and the report generation module is used for summarizing and sorting the received vulnerability detection results of the program blocks into vulnerability analysis reports and outputting the vulnerability analysis reports.
The method and the system for analyzing the bugs of the automobile electric control unit codes set corresponding bug analysis rules according to the types of bugs to be analyzed, compile the automobile electric control unit codes to be detected after head file directory marking is carried out, generate a symbol execution syntax tree and a program control flow diagram, traverse access to the symbol execution syntax tree according to the control flow diagram to carry out bug detection, and finally summarize and arrange bug detection results of all program blocks in the symbol execution syntax tree into bug analysis reports and output the bug analysis reports. The method and the device can realize automatic analysis and report generation of the automobile electronic control unit code bugs, improve the bug analysis efficiency and further ensure the safety of the automobile electronic control unit codes.
Drawings
FIG. 1 is a flowchart of an embodiment of a method for analyzing code vulnerabilities of an automotive electrical control unit according to the present invention;
FIG. 2 is an exemplary diagram of a symbol execution syntax tree;
FIG. 3 is a diagram showing an example of function matching in the present embodiment;
fig. 4 is a structural diagram of a specific embodiment of the system for analyzing the code vulnerability of the automobile electronic control unit according to the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided in order to better understand the present invention for those skilled in the art with reference to the accompanying drawings. It is to be expressly noted that in the following description, a detailed description of known functions and designs will be omitted when it may obscure the subject matter of the present invention.
Examples
Fig. 1 is a flowchart of an embodiment of a method for analyzing a code vulnerability of an automobile electronic control unit according to the present invention. As shown in fig. 1, the method for analyzing the code vulnerability of the automobile electronic control unit comprises the following specific steps:
s101: setting vulnerability analysis rules:
and setting a corresponding vulnerability analysis rule according to the type of the vulnerability to be analyzed. There are many vulnerabilities in automotive electrical control unit code, such as grammar standard detection rules of the computer security emergency response team (CERT), rules and standards available for automotive ECU code security vulnerabilities in the general vulnerability enumeration (CWE) and Open Web Application Security Project (OWASP), rules and standards for operation with respect to memory. The analysis rules of different vulnerabilities are different, so the analysis rules are set according to the types of vulnerabilities to be analyzed in practical application.
S102: marking a header file directory:
the method for marking the header file directory of the automobile electronic control unit code to be detected comprises the following specific steps: and scanning downwards from the code directory of the automobile electronic control unit to be detected step by step, and recording the directory if a header file is found. And when a third-party dependency library exists, adding a preset dependency library header file directory, thereby solving the problem of the dependency library in compiling.
S103: generating a symbolic execution syntax tree:
and compiling the source code to be detected according to the marked header file directory, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree.
The symbolic execution syntax tree is an abstract representation of the syntax structure of the source code, and represents the syntax structure of the programming language in a tree form, each node on the symbolic execution syntax tree is a program block, and represents a structure in the source code, which contains a program state, a value of a variable, a currently executed statement and a path condition satisfied by executing the statement. The symbolic execution syntax tree represents input data of a program using symbolic values, and converts an operation process of the program into a mathematical expression instruction by instruction or statement by statement. The symbolic execution syntax tree establishes a series of symbolic expressions with input data as variables for each path, and in the symbolic execution process, whenever a judgment and jump statement is encountered, the symbolic execution tool collects the path constraint of the current execution path into a constraint set of the path. The path constraint refers to the value of the branch condition related to the input symbol in the program branch instruction, and is a series of Boolean formulas without quantifier. The path constraint set is used to store the constraints collected on each program path, and is connected by and operation, and the reachability of the path can be obtained by solving the constraint set by using a constraint solver: if the result of the constraint solving has a solution, the path is reachable, otherwise, the path is unreachable, and under the ideal condition that the time and the computing resources are enough, symbolic execution can traverse all paths of the target program and judge the reachability of the paths. Fig. 2 is an exemplary diagram of a symbol execution syntax tree. As shown in fig. 2, the symbolic execution syntax tree represents specific values of variables by general symbolic values, and performs branch constraints by first-order logical expressions, thereby exhausting all paths that the code can take. Each chunk in the syntax tree is the largest unit of sequential execution of the program, i.e., contains no statements such as branches, etc., and the chunks are shown in fig. 2 as a-H.
As for the analysis method of the intermediate language, the analysis method comprises lexical analysis, syntactic analysis and semantic analysis, wherein the lexical analysis is to convert the source code to be detected into a series of signs and discard unimportant parts (such as blanks and comments) in the series of signs; the syntactic analysis is to analyze the symbol stream to form an abstract syntactic tree according to the rules of source program laws and regulations on the basis of lexical analysis; semantic analysis is the examination of the context-related nature of structurally correct source programs.
S104: generating a program control flow graph:
and generating a program control flow graph according to the symbol execution syntax tree. A control flow graph is a graph structure that is interconnected in basic units of program blocks to represent all possible program traversals during program execution. The nodes of the control flow graph are basic blocks within which the sequence of instructions always cannot jump from the first instruction to the last instruction in successive executions.
S105: and (3) carrying out vulnerability detection based on the symbol execution syntax tree:
traversing and accessing the symbol execution syntax tree according to the control flow graph, simulating the running of the automobile electric control unit program through symbol execution, matching the function in the symbol execution syntax tree program block with the corresponding function in the analysis rule, if the matching is passed, judging that the code corresponding to the program block has no leak, if the matching is not passed, judging that the code corresponding to the program block has a leak, and recording the leak. The specific method of function matching is as follows: firstly, finding the outermost class in the symbolic execution syntax tree, then inquiring a specified syntax tree program block by combining the node matching expression, and verifying whether the syntax tree program block works as expected. In the embodiment, an abstract syntax tree matching (AST processors) mechanism is adopted to complete function matching, the mechanism triggers a processing function by a callback mechanism after one matching occurs through a functional style and a code matching mode, and the method has the greatest advantage of providing a simple and convenient way to describe matching, is as short as a natural language and can often complete complex matching within a line of codes. The abstract syntax tree matching mechanism provides a Domain Specific Language (DSL) that can call programs in the parsing rules to match syntax tree nodes and access the C + + interfaces of these nodes that extract attributes (attributes), source file locations (source locations), or any other information provided at the syntax tree level to create predicates (predicates) on the syntax trees.
Fig. 3 is a diagram of an example of function matching in the present embodiment. As shown in fig. 3, the analysis rule of the vulnerability in this embodiment has uncertainty for the floating point number as the cycle count condition, so that the vulnerability can be detected by matching from the syntax tree in a path insensitive manner. The detection idea is as follows: firstly matching the for statement nodes, then matching the child nodes containing the floating point type, particularly paying attention to the matching of the loop condition statement part, and judging that a bug exists if a variable or a constant of the floating point type is detected.
S106: generating a vulnerability detection report:
and (5) summarizing and arranging the bug detection results of the program blocks obtained in the step (S105) into bug analysis reports and outputting the bug analysis reports. In the report of vulnerability analysis, besides the position of the program block, a processing suggestion can be given according to the type of the vulnerability, or the occurrence condition of the vulnerability is counted.
Based on the automobile electronic control unit code vulnerability analysis method, the invention also provides an automobile electronic control unit code vulnerability analysis system. Fig. 4 is a structural diagram of a specific embodiment of the system for analyzing the code vulnerability of the automobile electronic control unit according to the present invention. As shown in fig. 4, the system for analyzing bugs of the vehicle electrical control unit code of the present invention includes an engineering management module 401, an analysis rule base module 402, a bug analysis module 403, and a report generation module 404, which are described in detail below.
And the engineering management module 401 is used for importing the codes of the automobile electronic control units to be detected and marking the codes of the automobile electronic control units with header files.
And the analysis rule base module 402 is used for storing analysis rules corresponding to all vulnerability types of the automobile electronic control unit codes.
The vulnerability analysis module 403 is configured to read a corresponding analysis rule from the analysis rule base module 402 according to the vulnerability type to be analyzed, which is input by the user, and then perform vulnerability analysis according to the following steps:
1) compiling a source code to be detected, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree;
2) executing the syntax tree according to the symbols to generate a program control flow graph;
3) traversing and accessing the symbol execution syntax tree according to the control flow graph, simulating the running of the automobile electronic control unit program through symbol execution, matching the function in the symbol execution syntax tree program block with the corresponding function in the analysis rule, if the matching is passed, judging that the code corresponding to the program block has no leak, if the matching is not passed, judging that the code corresponding to the program block has a leak, recording the leak, and sending the record to the report generating module 404.
And a report generating module 404, configured to summarize the received bug detection results of each program block into a bug analysis report and output the bug analysis report.
Although illustrative embodiments of the present invention have been described above to facilitate the understanding of the present invention by those skilled in the art, it should be understood that the present invention is not limited to the scope of the embodiments, and various changes may be made apparent to those skilled in the art as long as they are within the spirit and scope of the present invention as defined and defined by the appended claims, and all matters of the invention which utilize the inventive concepts are protected.
Claims (3)
1. The method for analyzing the vulnerability of the automobile electronic control unit code is characterized by comprising the following steps of:
s1: setting a corresponding vulnerability analysis rule according to the type of the vulnerability to be analyzed;
s2: the method for marking the header file directory of the automobile electronic control unit code to be detected comprises the following specific steps: scanning downwards from the code directory of the automobile electronic control unit to be detected step by step, and recording the directory if a header file is found; when a third-party dependent library exists, adding a preset dependent library header file directory;
s3: compiling the source code to be detected according to the marked header file directory, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree;
s4: executing the syntax tree according to the symbols to generate a program control flow graph;
s5: traversing and accessing the symbol execution syntax tree according to the control flow graph, simulating the running of a program of an automobile electric control unit through symbol execution, and matching a function in a syntax tree program block with a corresponding function in an analysis rule, wherein the specific method comprises the following steps: firstly, finding the outermost class in a symbol execution syntax tree, then inquiring a specified syntax tree program block by combining a node matching expression, and verifying whether the syntax tree program block works as expected; if the matching is passed, judging that the code corresponding to the program block has no bug, and if the matching is not passed, judging that the code corresponding to the program block has a bug, and recording the bug;
s6: and (4) summarizing and arranging the bug detection results of the program blocks obtained in the step (S5) into bug analysis reports and outputting the bug analysis reports.
2. The method for analyzing the vulnerability of automobile ECU codes according to claim 1, wherein the function matching in the step S5 is implemented based on an abstract syntax tree matching mechanism.
3. The utility model provides an automatically controlled unit code vulnerability analysis system of car which characterized in that includes engineering management module, analysis rule base module, vulnerability analysis module and report generation module, wherein:
the engineering management module is used for importing codes of the automobile electric control units to be detected and marking head file directories of the codes, and the specific method comprises the following steps: scanning downwards from the code directory of the automobile electronic control unit to be detected step by step, and recording the directory if a header file is found; when a third-party dependent library exists, adding a preset dependent library header file directory;
the analysis rule base module is used for storing analysis rules corresponding to all vulnerability types of the automobile electronic control unit codes;
the vulnerability analysis module is used for reading corresponding analysis rules from the rule base module according to the vulnerability types to be analyzed input by the user, and then carrying out vulnerability analysis according to the following steps:
1) compiling a source code to be detected, generating an intermediate language, analyzing the intermediate language, and generating a symbol execution syntax tree;
2) executing the syntax tree according to the symbols to generate a program control flow graph;
3) traversing and accessing the symbol execution syntax tree according to the control flow graph, simulating the running of a program of an automobile electric control unit through symbol execution, and matching a function in a symbol execution syntax tree program block with a corresponding function in an analysis rule, wherein the specific method comprises the following steps: firstly, finding the outermost class in a symbol execution syntax tree, then inquiring a specified syntax tree program block by combining a node matching expression, and verifying whether the syntax tree program block works as expected; if the matching is passed, judging that the code corresponding to the program block has no bug, if the matching is not passed, judging that the code corresponding to the program block has a bug, recording the bug, and sending the record to a report generating module;
and the report generation module is used for summarizing and sorting the received vulnerability detection results of the program blocks into vulnerability analysis reports and outputting the vulnerability analysis reports.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911407069.5A CN111222141B (en) | 2019-12-31 | 2019-12-31 | Automobile electronic control unit code vulnerability analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911407069.5A CN111222141B (en) | 2019-12-31 | 2019-12-31 | Automobile electronic control unit code vulnerability analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111222141A CN111222141A (en) | 2020-06-02 |
| CN111222141B true CN111222141B (en) | 2021-10-19 |
Family
ID=70828017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911407069.5A Active CN111222141B (en) | 2019-12-31 | 2019-12-31 | Automobile electronic control unit code vulnerability analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111222141B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111723375A (en) * | 2020-06-09 | 2020-09-29 | 杭州孝道科技有限公司 | Software security vulnerability detection method based on runtime non-execution mode |
| CN111651773B (en) * | 2020-08-05 | 2020-11-06 | 成都无糖信息技术有限公司 | Automatic binary security vulnerability mining method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462981A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Detecting method and device for vulnerabilities |
| CN105912381A (en) * | 2016-04-27 | 2016-08-31 | 华中科技大学 | Compile-time code security detection method based on rule base |
| CN106709356A (en) * | 2016-12-07 | 2017-05-24 | 西安电子科技大学 | Static taint analysis and symbolic execution-based Android application vulnerability discovery method |
| CN110059006A (en) * | 2019-03-29 | 2019-07-26 | 北京创鑫旅程网络技术有限公司 | Code audit method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9454659B1 (en) * | 2014-08-15 | 2016-09-27 | Securisea, Inc. | Software vulnerabilities detection system and methods |
-
2019
- 2019-12-31 CN CN201911407069.5A patent/CN111222141B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462981A (en) * | 2013-09-12 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Detecting method and device for vulnerabilities |
| CN105912381A (en) * | 2016-04-27 | 2016-08-31 | 华中科技大学 | Compile-time code security detection method based on rule base |
| CN106709356A (en) * | 2016-12-07 | 2017-05-24 | 西安电子科技大学 | Static taint analysis and symbolic execution-based Android application vulnerability discovery method |
| CN110059006A (en) * | 2019-03-29 | 2019-07-26 | 北京创鑫旅程网络技术有限公司 | Code audit method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111222141A (en) | 2020-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112100054B (en) | Data management and control oriented program static analysis method and system | |
| US9122540B2 (en) | Transformation of computer programs and eliminating errors | |
| CN111859388B (en) | Multi-level mixed vulnerability automatic mining method | |
| Cho et al. | Blitz: Compositional bounded model checking for real-world programs | |
| CN110989997A (en) | Formal verification method based on theorem verification | |
| CN111222141B (en) | Automobile electronic control unit code vulnerability analysis method and system | |
| CN111694746A (en) | Flash defect fuzzy evaluation tool for compilation type language AS3 | |
| US20230050691A1 (en) | System for detecting malicious programmable logic controller code | |
| US20210089284A1 (en) | Method and system for using subroutine graphs for formal language processing | |
| CN108984416A (en) | Conflict hazard class method for distinguishing is relied in a kind of assessment Maven environment | |
| Santelices et al. | DUA-Forensics: a fine-grained dependence analysis and instrumentation framework based on Soot | |
| CN114911711A (en) | Code defect analysis method and device, electronic equipment and storage medium | |
| Régis-Gianas et al. | Morbig: A static parser for POSIX shell | |
| CN114036072B (en) | Method and system supporting automatic detection of program defects | |
| CN110347588B (en) | Software verification method, device, computer equipment and storage medium | |
| Dura et al. | JavaDL: automatically incrementalizing Java bug pattern detection | |
| Nair et al. | A static code analysis tool for control system software | |
| CN111309301A (en) | Program language conversion method, device and conversion equipment | |
| CN115310095A (en) | Block chain intelligent contract mixed formal verification method and system | |
| Gerasimov et al. | Reachability confirmation of statically detected defects using dynamic analysis | |
| CN114153447B (en) | Automatic AI training code generation method | |
| EP2535813B1 (en) | Method and device for generating an alert during an analysis of performance of a computer application | |
| CN114912110A (en) | Js code security detection method and system | |
| Biallas et al. | PtrTracker: Pragmatic pointer analysis | |
| CN112631944A (en) | Source code detection method and device based on abstract syntax tree and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |