CN114139160A - Method and system for determining software vulnerability influence range - Google Patents
Method and system for determining software vulnerability influence range Download PDFInfo
- Publication number
- CN114139160A CN114139160A CN202111205715.7A CN202111205715A CN114139160A CN 114139160 A CN114139160 A CN 114139160A CN 202111205715 A CN202111205715 A CN 202111205715A CN 114139160 A CN114139160 A CN 114139160A
- Authority
- CN
- China
- Prior art keywords
- software
- open source
- vulnerability
- basic
- source software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Animal Behavior & Ethology (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method for determining the influence range of software bugs, which comprises the following steps: storing a known bug, first software with the known bug, first open source software on which the first software is based, and association path relations among basic files causing the known bug, wherein the first open source software contains the basic files; storing the mapping relation between the known loophole and the basic file; according to the basic file, second open source software containing the basic file is obtained, second software compiled based on the second open source software is obtained, and the second software is judged to have the known vulnerability; and storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file. The invention utilizes the multidimensional information related to the vulnerability to deduce and predict the software product which is actually affected by the known vulnerability but is not recorded by the vulnerability library.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for determining the influence range of a software bug and a method and a system for detecting the software bug.
Background
The Linux kernel implements many important architectural attributes. At either the upper or lower level, the kernel is divided into a number of subsystems. Linux can also be considered as a whole because it integrates all basic services into the kernel. For Linux, the portability is good on the premise of the size and the complexity. Linux can be compiled on a large number of processors and platforms with different architectural constraints and requirements.
Due to the open source, convenience and high performance of the Linux, numerous software compiled based on the Linux core is available. The security of the software is very important for each user, enterprise and country, so that some countries develop and operate a vulnerability library to disclose discovered vulnerabilities on a regular basis, enterprises can perform security upgrade of the software when discovering that the software operated by the enterprises is vulnerable, and users can also perform vulnerability detection of the installed software by using security monitoring software. However, after the software developed based on the Linux kernel file is compiled, the same kernel file may have different file names, and some kernel files are not identified, so that even if some kernel files of Linux are disclosed to have bugs, some software developed based on the Linux kernel file cannot be known to have bugs.
Disclosure of Invention
In view of the above, the present invention has been developed to provide a solution that overcomes, or at least partially solves, the above-mentioned problems. Therefore, in one aspect of the present invention, a method for determining the scope of influence of a software bug is provided, which includes:
storing a known bug, first software with the known bug, first open source software on which the first software is based, and association path relations among basic files causing the known bug, wherein the first open source software contains the basic files;
storing the mapping relation between the known loophole and the basic file;
acquiring second open source software containing the basic file according to the basic file,
acquiring second software compiled based on the second open source software, and judging that the second software has the known bugs;
and storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
Optionally, a vulnerability map is constructed according to the stored relationship.
Optionally, the first open source software and the second open source software include different Linux kernel versions.
The invention also provides a software vulnerability detection method which is characterized in that the vulnerability detection is carried out on the software to be detected by utilizing the vulnerability map constructed in the front.
The invention also provides a system for determining the software vulnerability influence range, which comprises the following components:
the first storage unit is used for storing known vulnerabilities, first software with the known vulnerabilities, first open source software based on which the first software is based and association path relations among basic files causing the known vulnerabilities, wherein the open source software comprises the basic files;
the second storage unit stores the mapping relation between the known bugs and the basic files;
an open source software analysis module for obtaining a second open source software containing the basic file according to the basic file,
the application software analysis module is used for acquiring second software compiled based on the second open source software and judging that the second software has the known bugs;
and the third storage unit is used for storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
Optionally, the system further includes a vulnerability map component unit, configured to construct a vulnerability map according to the relationship stored in the first storage unit, the second storage unit, and the third storage unit.
Optionally, the first open source software and the second open source software include different Linux kernel versions.
The invention also provides a software vulnerability detection system, which further comprises a vulnerability detection unit used for carrying out vulnerability detection on the software to be detected by utilizing the vulnerability map constructed in the front.
The technical scheme provided by the application at least has the following technical effects or advantages: and deducing by using the multi-dimensional information related to the vulnerability, and predicting the software product which is actually influenced by the known vulnerability and is not recorded by the vulnerability library.
The above description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the technical solutions of the present invention and the objects, features, and advantages thereof more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 illustrates a flow of a method for determining a software vulnerability impact scope according to the present invention;
FIG. 2 illustrates known and determined association path relationships stored by the present invention;
FIG. 3 illustrates a vulnerability map of an embodiment.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The Linux kernel mainly consists of five subsystems: process scheduling, memory management, a virtual file system, a network interface and interprocess communication. Wherein, the process Scheduling (SCHED) controls the access of the process to the CPU, and when the next process needs to be selected to run, the scheduling program selects the most valuable process to run; memory Management (MM) allows multiple processes to safely share a main memory region; a Virtual File System (VFS) hides the specific details of various hardware, provides a uniform interface for all devices, and provides dozens of different file systems; the network interface (NET) provides access to various network standards and support for various network hardware; interprocess communication (IPC) supports various communication mechanisms between processes.
With the development of Linux, new versions are generated continuously, and the version number of the general Linux consists of three parts; the first part represents the main version number of the kernel, and the main version number is changed only when the structure is changed; the second part represents the kernel version number, and changes when the function is added; the third part represents the kernel revision number, which represents the number of modifications, compilation (or build) times of the patch package number or minor version. Although Linux has different versions, it includes five basic files, and many times, many of the same basic files. If a base file has a vulnerability, then it is likely that software developed based on the Linux version that includes the base file will be affected by the vulnerability. Based on the discovery, the invention deeply excavates the association of basic files with vulnerabilities, and aims to provide a method and a system for completing the vulnerability influence range.
In one aspect of the present invention, a method for determining an influence range of a software vulnerability is provided, as shown in fig. 1, the method includes:
s1, storing a known bug, first software with the known bug, first open source software based on the first software and an association path relation between basic files causing the known bug, wherein the open source software comprises the basic files;
s2, storing the mapping relation between the known loophole and the basic file;
s3, acquiring second open source software containing the basic file according to the basic file;
s4, acquiring second software compiled based on the second open source software, and judging that the second software has the known bugs;
and S5, storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
According to the method, the vulnerability influence range can be completed, the problem that a large number of vulnerability influence ranges are lost in the current vulnerability database is solved to a great extent, as shown in fig. 2, the known first association path is mined and stored in the first storage unit, the second association path is stored in the second storage unit, and the third association path is analyzed and judged, namely the known vulnerability in the second software is found or identified.
The first open source software and the second open source software comprise different Linux kernel versions. For convenience of description, the Linux kernel open-source core component is selected for description, and the invention is not limited to the Linux open-source system.
As a specific embodiment, as shown in fig. 3, three different versions of Linux Kernel 2.6, Linux Kernel 2.6.18, and Linux Kernel 2.6.32 of Linux _ Kernel are established on the base file mm/gup.c, and the vulnerability library has been described: the basic file mm/gup.c has a bug CVE-2016-. According to the method, Google Android 1.1 is discovered through analysis on Google Android 1.1, the Google Android 1.1 is compiled or developed based on Linux Kernel 2.6, meanwhile, through analysis on Linux Kernel 2.6, the Google Android 1.1 is established on a basic file mm/gup.c with a bug, although the Google Android 1.1 software package does not record and represent the information of the basic file mm/gup.c, and no loopholes CVE-2016-.
Through the description of the above specific embodiments, the present application aims to discover an invisible vulnerability, thereby ensuring network security. In the invention, a path mining mode is provided, namely, some hidden and difficultly-identified bugs are found according to the found fact that two operating systems influencing RedHat have bugs due to the bugs existing in the basic files. For example, the gup.c file exists in the Google operating system, but the gup.c file is not described in the Google system, and only records that it is developed based on the Lunix _ kernel 2.6 version file. The gop.c file has a bug, the bug of a known CVE number affects the operating systems of two versions of Redhat, two revisions of Linux Kernel 2.6 are arranged at the upstream of the operating systems of the two versions of Redhat, and the known bug can be determined to affect the Google operating system by analyzing the fact that the Lunix _ Kernel 2.6 and the two revisions of Linux Kernel 2.6 are the same as each other and establishing the two revisions on the gup.c file. According to the method, the vulnerability map is constructed by acquiring the relationship between the basic file and the vulnerability of the open source component and the association (open source component file structure relationship) between the upstream open source component serving as a development basis and the basic file, and the existence of the CVE serial number vulnerability in the Google operating system can be judged based on the vulnerability map.
On the other hand, the vulnerability map can be constructed according to the stored relationship, namely the vulnerability map contains known software influenced by the vulnerability, the vulnerability comes from a basic file mm/gup.c, all Linux _ kernel versions built on the basic file are established, and the software developed and compiled based on all the Linux _ kernel versions is influenced by the vulnerability.
The invention also provides a software vulnerability detection method, which is used for carrying out vulnerability detection on the software to be detected by utilizing the vulnerability map constructed in the front, namely, the software to be detected is matched with the software developed and compiled based on all Linux _ kernel versions, and whether the software to be detected is influenced by the vulnerability is judged.
The invention also provides a system for determining the software vulnerability influence range, which comprises the following components:
the first storage unit is used for storing known vulnerabilities, first software with the known vulnerabilities, first open source software based on which the first software is based and association path relations among basic files causing the known vulnerabilities, wherein the open source software comprises the basic files;
the second storage unit stores the mapping relation between the known bugs and the basic files;
an open source software analysis module for obtaining a second open source software containing the basic file according to the basic file,
the application software analysis module is used for acquiring second software compiled based on the second open source software and judging that the second software has the known bugs;
and the third storage unit is used for storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
The system further comprises a vulnerability map component unit which is used for constructing the vulnerability map according to the relation stored in the first storage unit, the second storage unit and the third storage unit.
The first open source software and the second open source software comprise different Linux kernel versions.
The invention also provides a software vulnerability detection system, which further comprises a vulnerability detection unit used for carrying out vulnerability detection on the software to be detected by utilizing the vulnerability map constructed in the front.
The technical scheme provided by the application at least has the following technical effects or advantages: and deducing by using the multi-dimensional information related to the vulnerability, and predicting the software product which is actually influenced by the known vulnerability and is not recorded by the vulnerability library.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim.
Claims (8)
1. A method for determining the scope of influence of software vulnerabilities is provided, which includes: storing a known bug, first software with the known bug, first open source software on which the first software is based, and association path relations among basic files causing the known bug, wherein the first open source software contains the basic files;
storing the mapping relation between the known loophole and the basic file;
acquiring second open source software containing the basic file according to the basic file,
acquiring second software compiled based on the second open source software, and judging that the second software has the known bugs;
and storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
2. The method of claim 1, further characterized by constructing a vulnerability graph from the stored relationships.
3. The method of claim 1, further characterized in that the first open source software and the second open source software are different Linux kernel versions.
4. A software vulnerability detection method, characterized in that vulnerability detection is carried out on software to be tested by using the vulnerability map constructed in claim 2.
5. A system for determining a scope of influence of a software vulnerability, the system comprising:
the first storage unit is used for storing known vulnerabilities, first software with the known vulnerabilities, first open source software based on which the first software is based and association path relations among basic files causing the known vulnerabilities, wherein the first open source software contains the basic files;
the second storage unit is used for storing the mapping relation between the known bugs and the basic files;
an open source software analysis module for obtaining a second open source software containing the basic file according to the basic file,
the application software analysis module is used for acquiring second software compiled based on the second open source software and judging that the second software has the known bugs;
and the third storage unit is used for storing the association path relation of the known vulnerability, the second software, the second open source software and the basic file.
6. The system of claim 5, further characterized in that the system further comprises a vulnerability map component unit for constructing a vulnerability map according to the relationship stored in the first storage unit, the second storage unit and the third storage unit.
7. The system of claim 5, further characterized in that the first open source software and the second open source software are different versions of Linux kernel.
8. A software vulnerability detection system, characterized in that the system comprises a vulnerability detection unit for carrying out vulnerability detection on software to be tested by using the vulnerability map constructed in claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205715.7A CN114139160A (en) | 2021-10-15 | 2021-10-15 | Method and system for determining software vulnerability influence range |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205715.7A CN114139160A (en) | 2021-10-15 | 2021-10-15 | Method and system for determining software vulnerability influence range |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114139160A true CN114139160A (en) | 2022-03-04 |
Family
ID=80394232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111205715.7A Pending CN114139160A (en) | 2021-10-15 | 2021-10-15 | Method and system for determining software vulnerability influence range |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114139160A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114996720A (en) * | 2022-08-01 | 2022-09-02 | 北京中科微澜科技有限公司 | Vulnerability influence range detection method and device, storage medium and electronic equipment |
| CN115118498A (en) * | 2022-06-28 | 2022-09-27 | 北京中科微澜科技有限公司 | Vulnerability data analysis method and system based on relevance |
-
2021
- 2021-10-15 CN CN202111205715.7A patent/CN114139160A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118498A (en) * | 2022-06-28 | 2022-09-27 | 北京中科微澜科技有限公司 | Vulnerability data analysis method and system based on relevance |
| CN115118498B (en) * | 2022-06-28 | 2023-11-28 | 北京中科微澜科技有限公司 | Vulnerability data analysis method and system based on relevance |
| CN114996720A (en) * | 2022-08-01 | 2022-09-02 | 北京中科微澜科技有限公司 | Vulnerability influence range detection method and device, storage medium and electronic equipment |
| CN114996720B (en) * | 2022-08-01 | 2022-11-15 | 北京中科微澜科技有限公司 | Vulnerability influence range detection method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021098148A1 (en) | Software compiling method and apparatus, and electronic device and storage medium | |
| US7526750B2 (en) | Object-based systematic state space exploration of software | |
| US8578339B2 (en) | Automatically adding bytecode to a software application to determine database access information | |
| US8108456B2 (en) | Method and apparatus for migrating the system environment on which the applications depend | |
| US8326579B2 (en) | Method and system for program execution integrity measurement | |
| US7321988B2 (en) | Identifying a code library from the subset of base pointers that caused a failure generating instruction to be executed | |
| CN114139160A (en) | Method and system for determining software vulnerability influence range | |
| US7069474B2 (en) | System and method for assessing compatibility risk | |
| US20070204261A1 (en) | Robust software library wrapper method and apparatus | |
| CN106940695B (en) | Data source information verification method and device | |
| WO2003098490A1 (en) | A computing system deployment planning method | |
| CN103123605B (en) | A kind of Android platform automatic integration test method and device | |
| US7685471B2 (en) | System and method for detecting software defects | |
| CN114510722B (en) | Static detection method and detection system for incremental code | |
| CN101354675A (en) | Method for detecting embedded software dynamic memory | |
| CN111158741A (en) | Method and device for monitoring change of dependency relationship of business module on third-party class library | |
| US20130212565A1 (en) | Application analysis method, analysis system and recording medium | |
| US20210026756A1 (en) | Deriving software application dependency trees for white-box testing | |
| Peng et al. | {GLeeFuzz}: Fuzzing {WebGL} Through Error Message Guided Mutation | |
| CN114389978A (en) | Network protocol side channel detection method and system based on static taint analysis | |
| CN109086198A (en) | Test method, device and the storage medium of database | |
| Giuffrida et al. | Practical automated vulnerability monitoring using program state invariants | |
| US20060225047A1 (en) | Generic software requirements analyzer | |
| US20230141948A1 (en) | Analysis and Testing of Embedded Code | |
| US6438725B2 (en) | Apparatus and method for fast code coverage analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |