CN111967013A - C/C + + patch existence detection method based on patch summary comparison - Google Patents
C/C + + patch existence detection method based on patch summary comparison Download PDFInfo
- Publication number
- CN111967013A CN111967013A CN202010666867.6A CN202010666867A CN111967013A CN 111967013 A CN111967013 A CN 111967013A CN 202010666867 A CN202010666867 A CN 202010666867A CN 111967013 A CN111967013 A CN 111967013A
- Authority
- CN
- China
- Prior art keywords
- patch
- path
- similarity
- binary file
- abstract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention belongs to the technical field of binary vulnerability analysis, and particularly relates to a C/C + + patch existence detection method based on patch abstract comparison. The method comprises the following specific steps: (1) determining an anchor node in a control flow graph of a patch related function of a target C/C + + binary file, and determining a potential patch related path in the target binary file; (2) extracting the path abstract in the target binary file by using the anchor node, and respectively comparing the path abstract with the path abstract of the reference binary file before/after the patch to obtain the similarity of a single patch path; (3) and comprehensively judging the existence state of the patch file according to the comparison result of the path abstracts controlled by all the anchor nodes. The invention utilizes the semantic information of the patch to detect the existence of the patch, and provides a reliable and accurate patch detection method for vulnerability analysis personnel.
Description
Technical Field
The invention belongs to the technical field of binary vulnerability analysis, and particularly relates to a C/C + + patch existence detection method based on patch abstract comparison.
Background
With the popularity of open-source software, a large number of open-source C/C + + projects are widely used in closed-source software. For example, each device vendor borrows an open source kernel and customizes a private kernel, and various business software often references third party library code and makes some appropriate modifications. While the open source code brings convenience, the bugs in the open source software are also propagated to the closed source software. Open-source software can publish security patches in time, but closed-source developers often cannot apply the latest security patches in time or even ignore the latest security patches completely. In this case, patch presence detection on closed source C/C + + binaries can help security analysts evaluate the security of the binary.
The existing detection methods capable of judging the state of a patch are mainly divided into two types: the first is attack sample testing, which first constructs or collects poc (proof of concept) of a specific bug, then inputs it to a target binary program for dynamic execution, and observes whether the target program can trigger the corresponding bug. The second method uses the characteristic signature of the patch for matching, and firstly extracts the precise signature of the patch code segment in the binary program, and then searches whether the binary file to be tested contains the corresponding binary signature.
However, closed-source binaries tend to have some custom modifications to open-source code, and may use a variety of different compilation options to build the binary, which presents significant challenges to both approaches. First, existing PoC is usually only for some binary programs of specific versions, and when dynamic testing needs to be performed on another customized binary program or another version of program, existing PoC often cannot cause the program to trigger a corresponding bug, but this does not represent that the bug has been fixed. On the other hand, customized modifications or different compilation configurations tend to change the signature of the features of the code around the patch, resulting in an inability to reliably detect the presence of the patch by using the patch signature to exactly match whether the same signature is present in the customized binary.
Based on the above analysis, it is necessary to invent a more robust and reliable patch presence detection technique for C/C + + binary programs.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a method for detecting the existence of a C/C + + binary patch based on patch summary comparison. The invention utilizes semantic abstract information on the path related to the patch to detect the existence of the patch, and has strong robustness.
The core idea of the invention is to determine the patch status based on semantic similarity. The invention respectively calculates the similarity degree of the target binary program and the reference binary files before/after patch patching, and considers that the patch state of the target binary program is more similar to the reference binary file which is more similar to the target binary program. This comparison method is very resistant to customized modifications in the target binary program, since such modifications will affect the pre/post patch reference binary file versions to the same extent. Secondly, the invention utilizes the fine-grained semantic information of the patch related area to carry out similarity comparison. Even if the code near the patch is changed in a customized way, the semantic information is still preserved to a large extent. Finally, the invention carefully selects the region affected by the patch in the target binary file to ensure that the irrelevant codes are minimized while the relevant codes of the patch are maximally covered, thereby reducing the detection noise. To better bring out the work of the present invention, this section first introduces the definitions of the data structures of the control flow anchor node, the path digest, and the patch digest in the patch digest:
the control flow anchor node is based on some Post broker (Post broker) of the patch basic block, which can control the relevant path of the patch context.
The path abstract represents semantic information on a relevant path of the patch context, and is composed of three elements, namely: the patch comprises a path constraint set, a memory state set and a function calling sequence, wherein the elements can robustly represent the context definition of the patch and do not change along with the customization of code or the change of a compiling environment.
The patch digest is a set of patch-related path digests controlled by the anchor node, and can represent semantic information of all patch basic blocks in the patch file. The invention compares the patch abstract of the target binary file with the patch abstract of the reference binary file before/after the patch so as to detect the existence of the patch.
The technical scheme of the invention is as follows:
the invention provides a C/C + + patch existence detection method based on patch abstract comparison, which comprises the following specific steps of:
1) determining an anchor node in a control flow graph of a patch related function of the target C/C + binary file, thereby determining a potential patch related path in the target binary file;
2) extracting path abstract information related to patches in the target binary file by using the anchor node, and comparing the extracted path abstract information with the path abstract information related to the patches of the pre-patch/post-patch reference binary file to obtain the similarity of a single patch path;
3) and comprehensively judging the existence state of the patch file according to the comparison result of the path abstracts controlled by all the anchor nodes.
Compared with the prior art, the invention has the beneficial effects that:
the C/C + + binary patch existence detection method based on patch summary comparison can determine the existence state of the patch through semantic comparison, and the comparison integrates the path summary comparison results of all patch lines in the patch file, so that fine-grained detection of the patch is realized. Because the comparison is implemented according to the context semantics of the patch, the customized modification of the target binary file and the change of the compiling environment can be resisted, and an accurate patch existence detection result is provided for a security analyst.
Drawings
FIG. 1 is a block diagram of a patch detection system based on a comparison of a summary of patches.
FIG. 2 is an exemplary diagram of locating an anchor node through the same function call.
FIG. 3 is an exemplary diagram of a target binary path summary.
FIG. 4 is a comparison graph of a set of path digests for a single anchor node.
Detailed Description
The technical scheme of the invention is explained in detail in the following by combining the drawings and the embodiment.
The overall architecture diagram of the C/C + + patch existence detection method based on patch summary comparison is shown in figure 1. The method comprises the following steps: the system comprises an anchor node positioning module, a path abstract comparison module and a patch abstract comparison module. The execution flow of the invention is as follows:
1) the anchor node locating module is used for determining an anchor node in a control flow graph of a patch related function of the target binary file, so as to determine a potential patch related path in the target binary file.
2) The path abstract comparison module respectively compares the similarity between the path abstract of the target binary file and the path abstract of the pre-patch/post-patch reference binary file by using a proper algorithm.
3) And the patch abstract comparison module calculates the similarity between the path abstract set dominated by all anchor nodes in the target binary file and the reference binary file path abstract set before/after the patch so as to integrally judge the existence condition of the patch.
The individual modules are described further below:
1. anchor node location
And the anchor node positioning module is used for determining the most matched anchor node in the target C/C + + binary file without the debugging information. The anchor node is used for cutting off redundant paths behind patch basic blocks possibly existing in the target C/C + + binary file so as to reserve complete context semantics of the patch and simultaneously abandon semantic information irrelevant to the patch. Firstly, the method is determined in a reference binary system before/after the patch, each patch basic block corresponds to an anchor node, and a patch related path is also determined through the anchor node, namely a path set from a function inlet where the patch is located to the anchor node.
In order to compare the path digest of the target binary file with the path digest of the reference binary file before/after the patch, the position of the anchor node in the target binary file needs to be determined first so as to generate a patch-related path in the target binary file.
Locating an anchor node in a target binary file: since the patch basic block in the target binary is unknown, its anchor node needs to be approximately obtained. The anchor node is essentially a basic block in the control flow diagram, and the invention selects a basic block similar to the anchor node of the reference binary before/after the patch in the control flow diagram of the target binary as the anchor node in the target binary. The positioning principle is as follows:
1) the termination types of the basic blocks are the same, namely the instructions of signed/unsigned conditional jump, unconditional jump, function call and return are the same. Since these termination instruction types are determined by semantic information, independent of the compilation environment and customization.
2) The number of global memory accesses in the basic block is the same. Likewise, the semantic information of the access representation of the global memory is not changed due to the customization and compilation environment.
Through the two matching principles, the method can find unique correspondence in the target binary file for most anchor nodes. If a plurality of candidate nodes exist, the invention selects the node with the maximum similarity in the calculation of the path summary comparison module. When no proper anchor node is found, the invention directly selects the outlet of the function where the patch is located as the anchor node of the target binary file.
As shown in fig. 2, the node marked with yellow is an anchor node in the reference binary system before/after the patch, the anchor node determines the relevant path before/after the patch, and the anchor node calls a funcA (), so that in the control flow diagram of the target binary system, a matched anchor node is determined by the present invention through the same funcA function name.
2. Route summary comparison
After the anchor node set of the target binary system is determined, the method and the device can obtain the patch related path in the target binary system. The module compares the summary information of the patch related path of the target binary system with the summary information of the patch related path of the reference binary system before/after the patch respectively to judge which reference file the current path is closer to. In order to compare the path abstracts, the module firstly extracts abstract information of the patch related paths in the target binary system, and then calculates the similarity by using a proper comparison method.
(1) Extracting a digest of patch paths in a target binary
To extract the semantic information for a particular path, the present invention employs symbolic execution techniques to approximately simulate program execution and collect relevant semantic information during execution. The invention uses partial function of symbol execution tool to record partial semantic information in execution path, the semantic information includes: a path constraint set, a memory state set and a function call sequence.
The invention directly adopts the symbol value of the information in the symbol execution engine to represent the final path summary. FIG. 3 shows summary information of a path in a target binary, wherein a path constraint set is an abstract syntax tree set composed of all branch judgment conditions of an execution path; the memory state set is an operation set for accessing the global variable in the execution path, and each element in the set is an address and a value of a key value pair representing the global variable; the function call sequence is the sequence of function names called in the path, and the sequence is ordered according to the sequence of function calls.
(2) Comparison algorithm
The summary information contained in two similar patch related paths are also similar, while the different parts are caused by the patch. Based on the premise, the method calculates the similarity of the path abstract of the target binary file and the abstract information of the route related to the complement of the reference binary before/after the patch, and measures the similarity of the two paths according to the similarity calculation result.
Similarity of path digests. As mentioned previously, the path digest consists of three elements, including a path constraint set, a memory state set, and a function call sequence. The invention takes the average similarity of the elements as the overall similarity of the path abstract, and the similarity calculation method of each element is as follows:
1) path constraint set similarity. The path constraint set is a set of abstract syntax trees. Thus, the present invention measures the similarity between two sets of constraints based on set similarity. Specifically, two sets S are given { S ═ S1,s2,...,sn}, S′={s′1,s′2,...,s′m-the similarity between the two is defined as:
wherein m isijRepresents siAnd s'jThe mapping relation between them, sim(s)i,s′j) It represents the similarity between the two elements. The invention needs to find out m11,m12,...,mnmTo complete a one-to-one mapping between the two sets. Assuming n < m, n elements in S' map uniquely to elements in S, so if SiIs mapped to s'jThen m isijIs recorded as 1, otherwise 0. To determine { m11,m12,...,mnmThe present invention uses the Kuhn-Munkres algorithm to find the mapping that maximizes equation (1). In calculating the similarity of the set elements, since the path constraint is an AST tree, the present invention calculates the similarity between two set elements by the edit distance of the tree.
2) Memory state set similarity. The similarity between the memory state sets is similarly calculated by the aforementioned set similarity to be the maximum similarity. The element in the memory state set is a key value pair representing the memory, so when the similarity of the elements in the set is calculated, the similarity of the key value pair is represented by directly utilizing the product of the key similarity and the value similarity.
3) Similarity of function call sequences. Unlike the two previous path digests, which measure the maximum similarity of digests by using set similarity, the function call sequence is generated according to the sequence of function calls in the path, i.e., the function call sequence is an ordered list. In order to calculate the similarity of two ordered sequences, the invention uses the edit distance of the list to calculate the similarity of two function call sequences. Given two function call sequences L and L', the similarity calculation formula is as follows
The similarity between the path digests is represented by the average similarity of three elements, and if S, M, and L are respectively a path constraint set, a memory state set, and a function call sequence in a path digest in a target binary file, and S ', M ', and L ' are related elements of a path digest before or after a patch, the similarity between the two path digests is calculated as follows:
3. comparison of Patch digests
The patch abstract is a path abstract set corresponding to all control flow anchor node sets of the patch file. Only the existence condition of a single patch basic block can be judged through the comparison between the path summary sets determined by a single anchor node, and the whole patch existence state needs to integrate all the path summary comparison results.
As shown in fig. 4, assuming that the current control flow anchor node is an, it determines a set of patch related paths in the target binary file and reference binary patch related paths before/after the patch at the same time, and accordingly, the present invention can calculate a set of patch related path digests (PathDigests) in the target binary file. By the set similarity calculation formula and the path abstract similarity calculation method, the similarity sim (an, pre) between the path abstract set and the patch related path abstract set before the patch and the similarity sim (an, post) between the path abstract set and the patch related path abstract set after the patch can be calculated. Then, by comparing the similarity of the two path summary sets, the invention can determine the reference binary version of the target binary file which is closer. And the similarity of the final patch abstract is superposed with the similarity comparison results of the path abstract sets of all the anchor nodes, and the final patch existence judgment is given, wherein the calculation formula is as follows:
where anchor represents the set of all anchor nodes of which an is one. For an anchor node an, if the similarity between the target binary path summary set and the source code path summary set after the patch is greater than the similarity between the target binary path summary set and the source code path summary set before the patch, namely sim (an, post) > sim (an, pre), the patch path summary set of the target binary file determined by an is closer to the path summary set after the patch, and the comparison result is set to 1, otherwise, the comparison result is set to 0 or-1. From the above formula, it can be seen that if the summary information of the patch related path determined by more than half of the anchor nodes is closer to the summary information of the patch path of the reference binary system after the patch, the present invention considers that the target binary system has the specified patch file applied.
Example 1
The embodiment designs an anchor node positioning module, which matches a basic block with the same semantics in a control flow graph of a target binary system by using semantic information of a control flow basic block, so as to determine a patch related path in the target binary file. In this embodiment, a path summary comparison module is simultaneously designed, and the module collects semantic summary information in a path related to a patch in a target binary file through a symbolic execution technology, and then performs similarity calculation on two path summaries by using a proper matching algorithm. The specific implementation of these two modules is described below.
First, anchor node positioning module
The input to the anchor node location module is a set of anchor nodes for the target binary and the pre/post-patch reference binary patch files. The anchor node positioning module is used for matching anchor nodes with the same semantic information in the target binary file by referring to the anchor nodes of the binary patch file.
In order to locate the anchor node, the invention firstly analyzes SYMTAB or KALLSYMS sections of the target binary file, wherein the structures are section sections in the executable file and are responsible for recording all symbolic information such as variables, function names and the like in the executable file. The invention can find the address of the function where the patch is located in the binary file through the symbol information. Then, the invention analyzes the target binary file through an angr tool and generates a control flow graph of the function where the patch is located according to the symbolic information.
The specific anchor node positioning process is as follows:
1) selecting a single reference anchor node one by one from an anchor node set of a reference binary patch file before/after a patch by an algorithm;
2) for a specific reference anchor node, the algorithm traverses all basic blocks of the control flow graph of the function where the target binary file patch is located by using an angr tool. If the basic block has the same termination type instruction (e.g., semantic related instructions such as signed/unsigned conditional jump, unconditional jump, function call and return) as the reference anchor node, and the basic block has the same global memory access number as the reference anchor node, the basic block is considered as a patch anchor node of the target binary file.
3) Back to 1) until all anchor nodes are located.
Second, route abstract comparison module
The path summary comparison module firstly determines patch related paths of the target binary file through the anchor nodes, and then performs simulation execution on the paths by using a symbol execution tool angr, so as to collect semantic information in the patch related paths, wherein the semantic information is the path summary of the target binary patch. In order to judge the similarity degree between the binary program and the reference binary file before/after patch patching, the module respectively compares the path abstract of the target binary patch with the path abstract of the reference binary file before/after patch patching. The following specifically describes a generation and comparison algorithm of a patch path digest of a target binary file:
(1) patch path digest for target binary files
The invention adopts the open-source symbolic execution tool angr to perform simulation execution on the patch related path of the target binary file, and because the execution inlet of the invention is not the program inlet in the traditional sense but the inlet of the patch related function, the invention makes customized modification on the angr so as to initialize the related variables in a specific program. Firstly, the angr needs to symbolize the parameter of the function where the integer is located, and initializes the parameter to a symbolic value of a unique identifier (such as arg 0); then, for the non-initialized memory and the memory pointed by the symbolic address, the angr gives a unique symbolic value to the memory, and for the local memory, the angr is initialized to a value of 0; finally, since the present invention does not perform simulated execution of inter-function calls, for the return values of these functions, the angr assigns them to unique symbolic values. Through these initializations, the angr can smoothly collect all path summary information on the path of the target binary file from the function entry to the anchor node. Wherein the path summary comprises: a set of path constraints, a set of memory states, and a sequence of function calls.
(2) Route summary comparison
The path summary comparison algorithm calculates the similarity of the patch path summary of the target binary system and the patch path summary before/after the patch, and can be divided into similarity calculation of three elements, namely a path constraint set, a memory state set and a function call sequence.
1) Path constraint set similarity
As can be seen from the summary of the invention, the path constraint similarity can be converted into the calculation of the set similarity. For the target binary patch path constraint set S and the pre-patch (or post-patch) binary patch constraint set S', the maximum similarity between these two sets can be calculated using the Kuhn-Munkres algorithm. But since the set element is a branch decision AST representing a path constraint, the present invention needs to define a similarity measure between AST. Therefore, the invention uses the existing tree edit distance calculation method. In particular, the present invention utilizes a bipartite graph matching algorithm to calculate tree edit distances. The present invention finds that although some AST expressions are of different formats (e.g. a > b and b < a), their nature is interchangeable and in order to avoid errors in matching, the present invention will flip such expressions during matching to maintain a uniform format.
2) Memory state set similarity
Similarly, the memory state set is also calculated by using Kuhn-Munkres algorithm to calculate the maximum similarity. Because the elements of the memory state set are key value pairs representing the memory, for a single element, the product of the key similarity and the value similarity is used for representing the element similarity.
3) Function call sequence similarity
For the calling sequence L of the relevant path of the target binary patch and the calling sequence L' of the relevant path of the binary patch before (or after) the patch, which are ordered sequences, the similarity between the two lists is directly calculated by adopting a list edit distance LED algorithm.
The invention implements the existence detection of the patch by comparing the semantic information on the patch related path of the target C/C + + code with the semantic information on the patch related path before/after the patch, and the semantic abstracts can resist the influence of different compiling environments and customized modification, thereby providing an accurate and reliable detection method for the existence detection of a large number of closed-source C/C + + binary patches.
Claims (8)
1. A C/C + + patch existence detection method based on patch summary comparison is characterized by comprising the following specific steps:
1) determining an anchor node in a control flow graph of a patch related function of the target C/C + binary file, thereby determining a potential patch related path in the target binary file;
2) extracting path abstract information related to patches in the target binary file by using the anchor node, and comparing the extracted path abstract information with the path abstract information related to the patches of the pre-patch/post-patch reference binary file to obtain the similarity of a single patch path;
3) and comprehensively judging the existence state of the patch file according to the comparison result of the path abstracts controlled by all the anchor nodes.
2. The method for detecting the existence of the C/C + + patch according to claim 1, wherein in step 1), a basic block similar to an anchor node in a reference binary system before/after the patch is selected as the anchor node in a target binary system; the positioning principle is as follows:
the termination types of basic blocks are the same, namely signed/unsigned conditional jump, unconditional jump, function call and return instruction are the same;
the number of global memory accesses in the basic block is the same;
based on the positioning principle, if the unique correspondence is found in the target binary file, the target binary file is the anchor node;
if a plurality of candidate nodes are found in the target binary file, selecting the node with the maximum similarity as an anchor node in the step 2);
and if no suitable anchor node is found, directly selecting an outlet of the function where the patch is located as the anchor node of the target binary file.
3. The method for detecting the presence of C/C + + patches as claimed in claim 1, wherein in step 2), the symbolic execution technique is used to approximately simulate the program execution, and during the execution process, the symbolic execution tool is used to collect the semantic information including the path constraint set, the memory state set and the function call sequence, and finally the symbolic values of these semantic information in the symbolic execution engine are used to represent the path digest.
4. The method for detecting the existence of the C/C + + patch according to claim 1, wherein in step 2), the similarity between the path summary information is represented by an average similarity between three elements;
setting S, M and L as a path constraint set, a memory state set and a function call sequence in a path abstract in a target binary file, respectively, and setting S ', M ' and L ' as related elements of the path abstract before or after patching, calculating the similarity sim between the two path abstracts as follows:
wherein: sim (S, S '), sim (M, M '), and sim (L, L ') represent the similarity of the path constraint set, the memory state set, and the function call sequence, respectively.
5. The C/C + + patch presence detection method of claim 4,
given two sets of path constraints, S ═ S1,s2,...,sn},S′={s′1,s′2,...,s′m}, the similarity sim (S, S') of the path constraint set is defined as:
wherein m isijRepresents siAnd s'jThe mapping relation between them, sim(s)i,s′j) Then represents the similarity between the two elements; m isijObtaining the result through a Kuhn-Munkres algorithm; sim(s)i,s′j) Calculated by the edit distance of the tree.
6. The method of claim 4, wherein the similarity sim (M, M') of the memory state set is calculated based on the set similarity, the element in the memory state set is a key-value pair representing the memory, and the similarity of the key-value pair is represented by a product of the key similarity and the value similarity when the similarity of the element in the set is calculated.
7. The method according to claim 4, wherein the function call sequences are generated according to the sequence of function calls in the path, that is, the function call sequences are ordered lists, so that the edit distance of the lists is used to calculate the similarity sim (L, L') between the two function call sequences.
8. The method according to claim 1, wherein in step 3), the similarity sim (an, pre) between the path summary set and the patch related path summary set before the patch and the similarity sim (an, post) between the path summary set and the patch related path summary set after the patch are calculated. Then, by comparing the similarity of the two path summary sets, the invention can determine the reference binary version of the target binary file which is closer. And the similarity of the final patch abstract is superposed with the comparison results of the similarity of the path abstract sets of all the anchor nodes, and the final patch existence judgment is given, wherein the calculation formula is as follows:
where anchor represents the set of all anchor nodes of which an is one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010666867.6A CN111967013A (en) | 2020-07-13 | 2020-07-13 | C/C + + patch existence detection method based on patch summary comparison |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010666867.6A CN111967013A (en) | 2020-07-13 | 2020-07-13 | C/C + + patch existence detection method based on patch summary comparison |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111967013A true CN111967013A (en) | 2020-11-20 |
Family
ID=73362271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010666867.6A Pending CN111967013A (en) | 2020-07-13 | 2020-07-13 | C/C + + patch existence detection method based on patch summary comparison |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967013A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114490313A (en) * | 2021-12-10 | 2022-05-13 | 中国科学院信息工程研究所 | Security inspection defect detection method based on key semantic features |
-
2020
- 2020-07-13 CN CN202010666867.6A patent/CN111967013A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114490313A (en) * | 2021-12-10 | 2022-05-13 | 中国科学院信息工程研究所 | Security inspection defect detection method based on key semantic features |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Allamanis et al. | Self-supervised bug detection and repair | |
| Xu et al. | Spain: security patch analysis for binaries towards understanding the pain and pills | |
| Zhou et al. | Security assurance for smart contract | |
| CN109426615B (en) | Inter-process null pointer dereference detection method, system, device, and medium | |
| CN107273751B (en) | Multi-mode matching-based security vulnerability online discovery method | |
| US20190138731A1 (en) | Method for determining defects and vulnerabilities in software code | |
| CN111125716B (en) | Method and device for detecting Ethernet intelligent contract vulnerability | |
| Partush et al. | Abstract semantic differencing for numerical programs | |
| CN111104335B (en) | C language defect detection method and device based on multi-level analysis | |
| CN104636256A (en) | Memory access abnormity detecting method and memory access abnormity detecting device | |
| Zhong et al. | Boosting complete-code tool for partial program | |
| CN109670318B (en) | Vulnerability detection method based on cyclic verification of nuclear control flow graph | |
| CN113326187A (en) | Data-driven intelligent detection method and system for memory leakage | |
| CN113468525A (en) | Similar vulnerability detection method and device for binary program | |
| CN112256271A (en) | Block chain intelligent contract security detection system based on static analysis | |
| Chen et al. | Cati: Context-assisted type inference from stripped binaries | |
| CN116383833A (en) | Method and device for testing software program code, electronic equipment and storage medium | |
| CN115129591A (en) | Binary code-oriented reproduction vulnerability detection method and system | |
| CN116578980A (en) | Code analysis method and device based on neural network and electronic equipment | |
| Hua et al. | On the effectiveness of deep vulnerability detectors to simple stupid bug detection | |
| Aleti et al. | E-APR: Mapping the effectiveness of automated program repair techniques | |
| Zakeri-Nasrabadi et al. | An ensemble meta-estimator to predict source code testability | |
| CN111967013A (en) | C/C + + patch existence detection method based on patch summary comparison | |
| Reiter et al. | Automatically mitigating vulnerabilities in binary programs via partially recompilable decompilation | |
| US20110265050A1 (en) | Representing binary code as a circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |