CN113626823B - Method and device for detecting interaction threat among components based on reachability analysis - Google Patents
Method and device for detecting interaction threat among components based on reachability analysis Download PDFInfo
- Publication number
- CN113626823B CN113626823B CN202110726263.0A CN202110726263A CN113626823B CN 113626823 B CN113626823 B CN 113626823B CN 202110726263 A CN202110726263 A CN 202110726263A CN 113626823 B CN113626823 B CN 113626823B
- Authority
- CN
- China
- Prior art keywords
- function
- main application
- dependency
- chart
- point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a device for detecting interaction threat among components based on reachability analysis, comprising the steps of constructing a main application class hierarchy chart, a main application call chart, a control flow chart among main application processes, a main application system dependency chart, a dependent component class hierarchy chart and a dependent component system dependency chart based on corresponding intermediate representation codes of main applications and dependent components in a software system; and judging whether the loopholes in a certain component can be triggered through interaction among the components by utilizing the reachability of the loophole paths and the controllability of external input. The method is not limited to analyzing a certain type of loopholes, but realizes a universal threat detection effect through identifying input points and interaction interfaces, analyzing the accessibility of a loophole path and the controllability of external input, and has stronger verifiability and reproducibility.
Description
Technical Field
The invention relates to the field of program analysis, in particular to a method and a device for detecting interaction threats among components based on reachability analysis, wherein the reachability analysis comprises input reachability analysis and path reachability analysis.
Background
The huge value of big data makes it one of the key targets of current network attack. However, the big data processing program and the big data platform supported by the big data processing program pay attention to high availability and high expansibility of services, and safety is not fully considered, so that safety risks exist in the big data processing process. The loopholes in the big data processing program are not mainly the traditional loopholes, but are mostly logic defects or security threats introduced by interaction among components, and are difficult to detect, reproduce, analyze and locate due to frequent interaction, various types and complex triggering conditions. Although the traditional vulnerability mining technology represented by the fuzzy test can effectively find vulnerabilities in key basic software such as an operating system kernel, a protocol, an open source library and the like, the traditional vulnerability mining technology does not adapt to security threats introduced by interaction among components in a big data processing program and lacks threat detection capability of corresponding scenes.
Program analysis refers to the automated processing of a computer program to confirm or discover its characteristics, such as performance, security, etc. The program analysis application scene comprises compiling optimization, defect detection, fault positioning and the like, and can be used for finding out defects affecting the program safety, such as buffer overflow, reuse after release, null pointer dereferencing and the like. Therefore, program analysis is also a current mainstream vulnerability mining means, and especially a tool layer aiming at traditional vulnerabilities such as memory damage vulnerabilities and conditional competition vulnerabilities is endless. However, these tools have insufficient detection and validation capabilities for vulnerabilities that require cross-component triggering, resulting in security threats in complex software systems such as big data applications that are difficult to detect and locate due to inter-component interactions. Such vulnerabilities often occur in the complex software systems described above, affecting the security of the system and the user. There is therefore a need for a technique for detecting threats to interactions between components that complements the deficiencies of existing tools.
Disclosure of Invention
Aiming at the problem that the interaction threat among components frequently occurring in complex software systems such as big data application is difficult to detect and position by the existing method, the invention discloses a method and a device for detecting the interaction threat among components based on reachability analysis. The method analyzes intermediate representation codes obtained by disassembling source codes, byte codes or binary codes, judges whether a bug in a certain component can be triggered through interaction among the components based on the accessibility of a bug path and the controllability of external input, wherein the bug comprises unrepaired public bugs in the component, and uses other technical means (such as fuzzy test, static detection and the like) and manually audits newly discovered suspected bugs and the like.
The technical content of the invention comprises:
a method for detecting interaction threat among components based on reachability analysis comprises the following steps:
1) Collecting vulnerabilities to form a vulnerability set, and disassembling or intermediate translating codes of a main application and a dependent component in a software system to be analyzed to obtain intermediate representation codes;
2) Respectively constructing a main application class hierarchy chart, a main application call chart, a control flow chart among main application processes, a main application system dependency chart, a dependent component class hierarchy chart and a dependent component system dependency chart according to the intermediate representation codes;
3) Analyzing by using the main application class hierarchy chart and the main application call chart to obtain a plurality of candidate external input points;
4) Analyzing on a control flow graph among main application processes, searching on a main application class hierarchy according to an obtained function prototype of a called function, and putting the called function of which the type reference cannot be inquired on the main application class hierarchy into a calling instruction set, wherein the function prototype comprises: type reference, function name, number of parameters, and type of parameters;
5) Matching each calling function in the calling instruction set with a function in the class hierarchy chart of the dependent component, taking the successfully matched calling function as an interaction interface between components, and placing an interaction interface calling point into the calling point set;
6) Acquiring an interaction interface call point with a data dependency relationship with a candidate external input point by using a main application system dependency graph, and taking the interaction interface call point with the dependency relationship as a controllable interaction interface call point;
7) And identifying controllable interaction interface call points with data dependency relations between all vulnerabilities in the vulnerability set by utilizing a dependency graph of the dependent component system, and obtaining an interaction threat detection result between components.
Further, the code of the master application and the dependent components includes: source code, bytecode, or binary code.
Further, each node in the main application class hierarchy or the dependency component class hierarchy represents a class in the object-oriented language, and an edge represents an inheritance relationship of the class; each node in the main application call graph represents a function, and the edges represent function call relations; each node in the control flow graph between the main application processes represents a basic block in the function, and the edges represent control flow transfer relations; each function in the main application system dependency graph represents a main application program dependency graph, each function in the dependent component system dependency graph represents a dependent component program dependency graph, and each node in the main application program dependency graph or the dependent component program dependency graph is a statement in the program, and the edges represent data dependency relations.
Further, candidate external input points are found by:
1) Traversing all functions in the main application class hierarchy;
2) When any function is a main function and the precursor node is not queried on the call graph, the main function is considered as a candidate external input point.
Further, a function prototype of the called function is obtained by:
1) Performing iterative traversal in depth priority order from a root node of a control flow graph among main application processes;
2) For each node traversed, a function prototype of the called function is obtained by identifying instructions of all call types on the intermediate representation.
Further, the matching is performed by:
1) For each calling function in the calling instruction set, inquiring whether a type statement of the interface exists on the dependency component class hierarchy;
2) If the type declaration exists, searching the function names, the parameter quantity and the parameter types in the corresponding function prototypes on the dependency component class hierarchy chart;
3) If the corresponding function name, parameter number and parameter type exist, the matching is successful.
Further, there is an interactive interface call point of the data dependency through the steps of:
1) Making a first backward data flow slice from an interaction interface call point in the main application system dependency graph;
2) If the use point of a statement in the first backward data flow slice contains a candidate external input point, the candidate external input point and the interaction interface call point have a dependency relationship.
Further, identifying controllable interaction interface call points with data dependency relations with all vulnerabilities in the vulnerability set by the following steps:
1) On a dependency graph of a dependent component system where each vulnerability is located, taking all nodes in a vulnerability path set of each vulnerability as starting points, and performing second backward data flow slicing;
2) And if the second backward data flow slice contains the function body of the called interface at the controllable interaction interface call point, the vulnerability and the controllable interaction interface call point have a data dependency relationship.
Further, the detection result of the interaction threat between the components comprises: and the identified controllable interaction interface call point and the corresponding candidate external input point and vulnerability.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when run.
An electronic device comprising a memory and a processor, wherein the memory stores a program for performing the above-described method.
Compared with the prior art, the invention has the following advantages and positive effects:
the invention is oriented to the interaction threat among components frequently occurring in complex software systems such as big data application and the like, and has obvious advantages compared with the prior art. On one hand, the existing dynamic detection technologies such as fuzzy test and the like are difficult to obtain higher code coverage rate due to more and frequent interaction types, and the triggering and monitoring capability of the threat is insufficient due to deeper threat triggering paths and complex input conditions. On the other hand, the existing static detection technology is good at analyzing traditional loopholes such as memory damage loopholes, but lacks customized processing of interaction threats among components. The method is not limited to analyzing a certain type of loopholes, but realizes a universal threat detection effect through identifying input points and interaction interfaces, analyzing the accessibility of a loophole path and the controllability of external input, and has stronger verifiability and reproducibility.
Drawings
Fig. 1 is a diagram illustrating an example of the method of the present invention.
Detailed Description
In order to enable those skilled in the art to better understand the present invention, the following description will make clear and complete descriptions of the technical solutions in the embodiments of the present invention with reference to the accompanying drawings.
The method mainly analyzes the controllability of external input and the accessibility of the vulnerability path. Inputs to the method include the vulnerability set vuls (including the collected public vulnerabilities and newly discovered suspected vulnerabilities within the component), as well as code of the host application and other dependent components. Each element in the vulnerability set corresponds to complete information of a public or suspected vulnerability, and the complete information comprises a vulnerability path, a dependency component where the vulnerability is located, a vulnerability description and the like. The output of the method comprises a triplet list result formed by the vulnerability code position vul, the inter-component interaction call site and the external input position input. Specifically, the method comprises 7 steps, as shown in fig. 1, and the detailed method comprises the following steps:
1. the method comprises the steps of firstly, disassembling or intermediate translating source codes, byte codes or binary codes of main applications and other dependent components in a software system to be analyzed into intermediate representation codes, and mainly aiming at obtaining a representation form easy to analyze the semantics of the representation form. Taking the big data warehouse Hive as an example, the host application is Hive, and other dependent components include the Hadoop platform base component HDFS, yarn, mapReduce, etc., analyzing their Jar packages (bytecodes) and deriving a form of the intermediate representation code WALA-IR of WALA. The WALA-IR represents instructions in a syntax near the bytecode, but in a register transfer language based on Static Single Assignment (SSA) and organizes the instructions in a control flow graph of basic blocks.
2. On the intermediate representation code, firstly, a class hierarchy diagram CHG, a call diagram CG, an inter-process control flow diagram iCFG and a system dependency diagram SDG of a main application are constructed, and then, the class hierarchy diagram CHG and the system dependency diagram SDG of other dependency components are constructed (only data dependency is considered in the SDG) as objects of subsequent analysis. Each node in the CHG represents a class in the object-oriented language, and the edges represent inheritance relationships of the class; each node of the CG represents a function, and the edges represent function calling relations; each node in the icafg represents a basic block in the function, and the edges represent control flow transfer relationships, including inter-process and intra-process; SDG is an extension of the Program Dependency Graph (PDG), each function is expressed as a PDG, each node in the PDG is a statement in the program, and the edges represent data dependencies.
3. Analysis is performed on the class hierarchy of the host application, all functions in the class are traversed, and if a function is a main function and a predecessor node is not queried on the call graph of the host application (i.e., never as a called function), it is identified as a possible external input point input.
4. And analyzing on the inter-process control flow graph of the main application, performing iterative traversal from the root node of the graph in a depth priority order, identifying all instructions of the calling type on the intermediate representation for each traversed node, and acquiring the function prototype of the called function, wherein the function prototype comprises information such as type reference, function name, parameter quantity, parameter type and the like. Querying the class hierarchy of the main application for the type reference of the called function, if the type reference is not found, it is considered that the interface in one other component, namely the inter-component interaction interface, is called, and the calling instruction is put into the calling instruction set call_ins.
5. And taking out a call instruction from a call instruction set, for each called function which is possibly an inter-component interaction interface, firstly inquiring whether the type statement of the interface exists on a class hierarchy diagram depending on the component, then searching whether a corresponding function prototype exists, including function names, parameter quantity, parameter types and the like, and confirming that the function prototype is an inter-component interaction interface if the function name, the parameter quantity, the parameter types and the like are completely matched, and finally putting call point information of the interaction interface into a call point set call.
6. For each interaction interface call site in the call site set call site, whether an external input point in the main application has data dependence with the call site is judged, and whether the interaction interface call site is controllable in input is determined. Specifically, a backward data flow slice is started from a call site in a system dependency graph of a main application, if a use point of a certain statement in a slice result contains a certain external input point input, a data dependency relationship is indicated, namely, a controllable interaction interface call site is identified.
7. For each identified controllable interaction interface call site, analyzing all vulnerabilities in the vulnerability set vulls: and on a system dependency graph of the component where the vulnerability vulnerabilities are located, taking all nodes in a vulnerability path set of the vulnerabilities as starting points, slicing backward data flow, and judging whether a slicing result contains a function body of a called interface at a calling point or not, if so, indicating that data dependency exists, and verifying the reachability of the vulnerability paths. And finally identifying the interaction threat among the components with controllable input and reachable paths, and placing the triples of the vulnerability vulnerabilities vul, the input points input and the interaction call points callsite into a result list result.
The execution of the above steps is described below by way of an example.
In the scenario of a big data warehouse Hive, the primary application is Hive, the dependent components are Hadoop platforms (HDFS, yarn, mapReduce), etc. As shown in FIG. 1, the process of interactive security threat detection is illustrated using one of the published vulnerabilities CVE-2014-3627 in the Yarn component as an example. The input of the method is a jar packet containing a set vuls, hive and Hadoop vulnerability version of CVE-2014-3627 vulnerability information. By input point recognition, we recognize the entry function of the query execution class ExecDriver as an external input location. Through the identification of the interactive interface, a possible interactive interface call point is found and is positioned in an execution function of the execution driver class, and an addcachaArchive interface of the distributedcche class is called. The corresponding function body is then identified in the dependent component and identified as an interactive interface call site. For the call point, main function parameters of the ExecDriver are taken as stain sources, and the input controllability can be judged through the analysis method. And the vulnerability path of the Yarn vulnerability CVE-2014-3627 comprises an addcacheArchive interface of a distributedcche class, the path accessibility can be judged through the analysis method, the triggering feasibility of the CVE-2014-3627 is finally verified, and the security threat caused by interaction between components is identified.
When Hive processes connection inquiry, the connection operation between the large table and the small table is defaulted to select a MapJoin physical inquiry algorithm. The algorithm, when executed, will upload the small table into the distributed cache. If Hive is deployed on a Hadoop version containing a vulnerability, then the vulnerability CVE-2014-3627 may be triggered when sending a carefully constructed query, and the security of the user on the Hadoop platform is affected by executing the Hive query.
Aiming at the interaction threat among components frequently occurring in complex software systems such as big data application, compared with the existing dynamic and static analysis technology, the main advantages of the invention are shown in the table 1:
TABLE 1
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalents and modifications that do not depart from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (9)
1. A method for detecting interaction threat among components based on reachability analysis comprises the following steps:
1) Collecting vulnerabilities to form a vulnerability set, and disassembling or intermediate translating codes of a main application and a dependent component in a software system to be analyzed to obtain intermediate representation codes;
2) Respectively constructing a main application class hierarchy chart, a main application call chart, a control flow chart among main application processes, a main application system dependency chart, a dependent component class hierarchy chart and a dependent component system dependency chart according to the intermediate representation codes; wherein each node in the main application class hierarchy or the dependency component class hierarchy represents a class in the object-oriented language, and an edge represents an inheritance relationship of the class; each node in the main application call graph represents a function, and the edges represent function call relations; each node in the control flow graph between the main application processes represents a basic block in the function, and the edges represent control flow transfer relations; each function in the dependency graph of the main application system represents a dependency graph of the main application program, each function in the dependency graph of the dependent component system represents a dependency graph of the dependent component program, each node in the dependency graph of the main application program or the dependency graph of the dependent component program is a statement in the program, and the edges represent data dependency relations;
3) Analyzing by using the main application class hierarchy chart and the main application call chart to obtain a plurality of candidate external input points;
4) Analyzing on a control flow graph among main application processes, searching on a main application class hierarchy according to an obtained function prototype of a called function, and putting the called function of which the type reference cannot be inquired on the main application class hierarchy into a calling instruction set, wherein the function prototype comprises: type reference, function name, number of parameters, and type of parameters;
5) Matching each calling function in the calling instruction set with a function in the class hierarchy chart of the dependent component, taking the successfully matched calling function as an interaction interface between components, and placing an interaction interface calling point into the calling point set;
6) Acquiring an interaction interface call point with a data dependency relationship with a candidate external input point by using a main application system dependency graph, and taking the interaction interface call point with the dependency relationship as a controllable interaction interface call point;
7) And identifying controllable interaction interface call points with data dependency relations between all vulnerabilities in the vulnerability set by utilizing a dependency graph of the dependent component system, and obtaining an interaction threat detection result between components.
2. The method of claim 1, wherein the code of the host application and dependent components comprises: source code, bytecode, or binary code.
3. The method of claim 1, wherein candidate external input points are found by:
1) Traversing all functions in the main application class hierarchy;
2) When any function is a main function and the precursor node is not queried on the main application call graph, the main function is considered as a candidate external input point.
4. The method of claim 1, wherein the function prototype of the called function is obtained by:
1) Performing iterative traversal in depth priority order from a root node of a control flow graph among main application processes;
2) For each node traversed, a function prototype of the called function is obtained by identifying instructions of all call types on the intermediate representation.
5. The method of claim 1, wherein the matching is performed by:
1) For each calling function in the calling instruction set, inquiring whether a type statement of the interface exists on the dependency component class hierarchy;
2) If the type declaration exists, searching the function names, the parameter quantity and the parameter types in the corresponding function prototypes on the dependency component class hierarchy chart;
3) If the corresponding function name, parameter number and parameter type exist, the matching is successful.
6. The method of claim 1, wherein the interactive interface call point having a data dependency relationship with the candidate external input point is obtained by:
1) Making a first backward data flow slice from an interaction interface call point in the main application system dependency graph;
2) If the use point of a statement in the first backward data flow slice contains a candidate external input point, the candidate external input point and the interaction interface call point have a dependency relationship.
7. The method of claim 1, wherein the controllable interaction interface call site that has a data dependency with each vulnerability in the vulnerability set is identified by:
1) On a dependency graph of a dependent component system where each vulnerability is located, taking all nodes in a vulnerability path set of each vulnerability as starting points, and performing second backward data flow slicing;
2) And if the second backward data flow slice contains the function body of the called interface at the controllable interaction interface call point, the vulnerability and the controllable interaction interface call point have a data dependency relationship.
8. The method of claim 1, wherein the inter-component interaction threat detection result comprises: and the identified controllable interaction interface call point and the corresponding candidate external input point and vulnerability.
9. An electronic device comprising a memory, in which a computer program is stored, and a processor arranged to run the computer program to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110726263.0A CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110726263.0A CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113626823A CN113626823A (en) | 2021-11-09 |
| CN113626823B true CN113626823B (en) | 2023-06-27 |
Family
ID=78378517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110726263.0A Active CN113626823B (en) | 2021-06-29 | 2021-06-29 | Method and device for detecting interaction threat among components based on reachability analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113626823B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277069A (en) * | 2022-06-17 | 2022-11-01 | 江苏通付盾信息安全技术有限公司 | Application software network security detection platform and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038380A (en) * | 2017-04-14 | 2017-08-11 | 华中科技大学 | A kind of leak detection method and system based on performance of program tree |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8732838B2 (en) * | 2008-06-26 | 2014-05-20 | Microsoft Corporation | Evaluating the effectiveness of a threat model |
| CN107832619B (en) * | 2017-10-10 | 2020-12-15 | 电子科技大学 | Automatic application program vulnerability mining system and method under Android platform |
| CN109857917B (en) * | 2018-12-21 | 2021-07-13 | 中国科学院信息工程研究所 | Security knowledge graph construction method and system for threat intelligence |
| CN111400719B (en) * | 2020-03-12 | 2023-03-14 | 中国科学院信息工程研究所 | Firmware vulnerability distinguishing method and system based on open source component version identification |
| CN112699377B (en) * | 2020-12-30 | 2023-04-28 | 哈尔滨工业大学 | Function-level code vulnerability detection method based on slice attribute graph representation learning |
| CN112671807B (en) * | 2021-03-15 | 2021-06-25 | 中国电子信息产业集团有限公司第六研究所 | Threat processing method, threat processing device, electronic equipment and computer readable storage medium |
-
2021
- 2021-06-29 CN CN202110726263.0A patent/CN113626823B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038380A (en) * | 2017-04-14 | 2017-08-11 | 华中科技大学 | A kind of leak detection method and system based on performance of program tree |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113626823A (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3205072B1 (en) | Differential dependency tracking for attack forensics | |
| CN114077741B (en) | Software supply chain safety detection method and device, electronic equipment and storage medium | |
| CN112733150B (en) | Firmware unknown vulnerability detection method based on vulnerability analysis | |
| US9645800B2 (en) | System and method for facilitating static analysis of software applications | |
| KR102362516B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| CN108268773B (en) | Android application upgrade package local storage security detection method | |
| KR102396237B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| CN113626823B (en) | Method and device for detecting interaction threat among components based on reachability analysis | |
| US20240054210A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| US20230141948A1 (en) | Analysis and Testing of Embedded Code | |
| CN109670317B (en) | Internet of things equipment inheritance vulnerability mining method based on atomic control flow graph | |
| CN116738437A (en) | Unauthorized vulnerability detection method and system of Java Web system | |
| KR102411383B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| CN113419960B (en) | Seed generation method and system for kernel fuzzy test of trusted operating system | |
| US11886599B2 (en) | Method and system for data flow monitoring to identify application security vulnerabilities and to detect and prevent attacks | |
| CN113553593B (en) | Semantic analysis-based method and system for mining loopholes of firmware kernel of Internet of things | |
| CN114417347A (en) | Vulnerability detection method, device, equipment, storage medium and program of application program | |
| US10678916B2 (en) | Malicious program detection | |
| CN116305131B (en) | Static confusion removing method and system for script | |
| KR102447280B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| KR102437376B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| KR102447279B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| KR102396236B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information | |
| US20230315843A1 (en) | Systems and methods for cybersecurity alert deduplication, grouping, and prioritization | |
| KR102432649B1 (en) | Processor for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |