CN114417343A - Operating system kernel information leakage vulnerability detection method under binary file - Google Patents
Operating system kernel information leakage vulnerability detection method under binary file Download PDFInfo
- Publication number
- CN114417343A CN114417343A CN202011174860.9A CN202011174860A CN114417343A CN 114417343 A CN114417343 A CN 114417343A CN 202011174860 A CN202011174860 A CN 202011174860A CN 114417343 A CN114417343 A CN 114417343A
- Authority
- CN
- China
- Prior art keywords
- code
- pointer
- vulnerability
- unit
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims description 8
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000014509 gene expression Effects 0.000 claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 17
- 238000012546 transfer Methods 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 4
- 238000012216 screening Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004880 explosion Methods 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
A method for detecting kernel information leakage loopholes of an operating system under a binary file comprises the steps of carrying out pre-analysis processing on a binary code to be analyzed to obtain the using condition of a binary code pointer; then, performing symbolic execution on the binary codes to obtain symbolic execution expressions and performing potential vulnerability judgment; and finally, judging whether the corresponding kernel information leakage vulnerability is determined according to the further sensitive information of the code mode with the vulnerability risk obtained by vulnerability judgment. According to the method, the binary codes are cut into the functions by utilizing the disclosed symbolic information, the property analysis of the parameters is carried out on the parameter reference of the functions by using the code slices, and the kernel privacy leakage analysis is carried out through symbolic execution, so that the problem of information leakage contained in the kernel of the operating system is effectively found, and the safety of the operating system is ensured.
Description
Technical Field
The invention relates to a technology in the field of information security, in particular to a method for detecting kernel information leakage vulnerability of an operating system under a binary file.
Background
The kernel information leakage vulnerability of the operating system is a type of hidden security vulnerability, and the kernel information leakage vulnerability of the operating system is analyzed mainly by using analysis based on source codes and analysis based on full-system simulation, and is limited in that: the source code-based scheme requires an analyst to master the source code, and often, a third party authorized analyst does not have such conditions and the system-wide simulation-based scheme cannot well cover the entire logic of the analysis target program, so that the analysis process is difficult to complete.
These limitations may be addressed using a binary symbolic execution method that may be performed without source code and that may guarantee that the full logic of the target program is covered. The existing binary symbol execution method cannot well analyze the kernel information leakage vulnerability of the operating system because: binary symbolic execution does not realize the identification of pointer properties, and kernel information leakage loopholes of an operating system often occur in a special pointer such as a user-mode pointer; the symbol execution method generally has the efficiency problem caused by path explosion, and for the binary program of the kernel of the operating system, the path combination is more complex, and a good method is needed to process the path explosion problem; the code mode can be obtained in the process of symbolic execution, but the code mode corresponding to the kernel information vulnerability is similar to some benign code modes, and further judgment needs to be carried out on the basis of the result of symbolic execution.
Disclosure of Invention
The invention provides a method for detecting the kernel information leakage vulnerability of an operating system under a binary file aiming at the defects of poor operability and the like of the existing vulnerability analysis scheme based on source codes.
The invention is realized by the following technical scheme:
the invention relates to a method for detecting kernel information leakage loopholes of an operating system under a binary file, which obtains the using condition of a binary code pointer by performing pre-analysis processing on a binary code to be analyzed; then, performing symbolic execution on the binary codes to obtain symbolic execution expressions and performing potential vulnerability judgment; and finally, judging whether the corresponding kernel information leakage vulnerability is determined according to the further sensitive information of the code mode with the vulnerability risk obtained by vulnerability judgment.
The pre-analysis processing is automatically realized by means of a code slicing technology.
The use cases comprise: the functions involved in the code and their corresponding user-state pointers, the method of the code to use the code slice, and the access patterns of all pointers.
The symbolic execution means: according to the use condition of the binary code pointer, only the path corresponding to the sequence formed by the nodes where the memory access is located from the starting point in the control flow graph of the execution function is obtained, and the symbolic execution expression is obtained from the execution result.
The symbolic execution expression comprises: pointer variables, uninitialized value variables, instruction constants and their assignment operations, and boolean symbols linking assignment operations.
The potential vulnerability judgment is as follows: and performing proposition formula satisfiability judgment on the symbolic execution expression, and judging whether the code mode corresponding to the current path has a potential vulnerability or not when the proposition can be satisfied and ambiguity exists.
Whether the corresponding kernel information leakage vulnerability is determined or not is determined by: by statically analyzing the pointer property of data related to the code with the vulnerability risk, searching the use method of the data in the code, judging whether the pointer property is a pointer or a constant and judging whether the code mode with the vulnerability risk really corresponds to the kernel information leakage vulnerability, specifically: and finally, confirming that the risk code mode really has a bug when the value domain meeting the proposition with ambiguity contains the pointer variable.
The invention relates to a system for realizing the method, which comprises the following steps: pre-analysis module, symbol execution module and threat decision module, wherein: the pre-analysis module performs function cutting and code slicing processing according to the disclosed symbolic information, the information contained in the binary file format and the information of the binary codes and outputs the parameter properties of the functions to obtain function information results and output the function information results to the symbolic execution module, the symbolic execution module obtains expression results according to symbolic execution and outputs the expression results to the threat determination module, and the threat determination module solves the expression results and obtains the detection results of the kernel leakage loopholes of the operating system.
Technical effects
The invention integrally solves the problem that the kernel information of the operating system cannot be automatically and statically analyzed in the prior art is leaked.
Compared with the prior art, the method can identify the sensitive path identification related to the kernel information leakage vulnerability of the operating system, judge the functional property of kernel information exchange of the operating system on the basis of the binary code, and judge the pointer property related to kernel information leakage
Drawings
FIG. 1 is a schematic diagram of a pre-analysis module of the present invention;
FIG. 2 is a schematic diagram of a symbol execution module according to the present invention;
fig. 3 is a schematic diagram of a threat determination module according to the present invention.
Detailed Description
The embodiment relates to an automatic detection system for kernel information leakage vulnerability of an operating system based on binary symbolic execution, which comprises: the system comprises a pre-analysis module, a symbol execution module and a threat judgment module.
The pre-analysis module comprises: the system comprises a binary file analyzing unit, a user pointer related function identifying unit, a pointer access analyzing unit and a function property sorting unit, wherein: the analysis binary file unit is associated with the identification user pointer related function unit, the function head and tail information is delivered to the identification user pointer related function unit, the identification user pointer related function unit is connected with the pointer analysis unit, the identification user pointer related function unit delivers the function information used by the user pointer to the pointer access analysis unit, the pointer access analysis unit delivers the pointer property and the access mode used by the function to the function property sorting unit, and the function property sorting unit outputs the function property database.
The symbol execution module comprises: a symbol execution engine unit and a code pattern processing unit, wherein: the symbolic execution engine unit obtains functional property information from the functional property database, generates a path transfer expression by combining the functional property information in the execution process, splices the instruction-level symbolic execution result expression to obtain a code mode, is connected with the code mode processing unit and transmits code mode information, and the code mode processing unit inputs the code mode information, screens out problematic code modes and outputs a dangerous function code mode database.
The threat determination module comprises: data identification unit, code section unit, data nature judge unit and vulnerability confirm unit, wherein: the data identification unit obtains a danger function code mode from a danger function code mode database, is connected with the code slicing unit, transmits a data position in the danger function code mode to the code slicing unit, the code slicing unit slices the code according to the data position and outputs data access information, the data property judgment unit judges the property of the data according to the data access information and transmits the property of the data to the vulnerability confirmation unit, and the vulnerability confirmation unit judges whether the code mode corresponds to the vulnerability code according to the data property and the code mode.
The embodiment relates to a vulnerability detection method of the system, which comprises the steps of carrying out pre-analysis processing on binary codes to be analyzed to obtain the using condition of a binary code pointer; then, performing symbolic execution on the binary codes to obtain symbolic execution expressions and performing potential vulnerability judgment; and finally, judging whether the corresponding kernel information leakage vulnerability is determined according to the further sensitive information of the code mode with the vulnerability risk obtained by vulnerability judgment.
As shown in fig. 1, the pre-analysis process includes the following steps:
102, screening out functions accessed by the user pointer according to the function information;
103, analyzing and slicing the pointer access of the screened function, and combining the relation between the authority related pointer and the user pointer to obtain the information of the use condition of the user pointer;
and 104, generating a symbol execution expression for the data related to the user pointer according to the slicing result, namely the use condition of the binary code pointer.
As shown in fig. 2, the symbolic execution includes the following steps:
and 204, solving the code mode, simplifying the code mode, and determining whether the code mode is dangerous or not according to a simplification result.
As shown in fig. 3, the sensitive information determination includes the following steps:
step 301: the code pattern is split into source data and general data and data associated with the user-mode pointers is identified.
Step 302: and slicing based on the obtained data information, and finding out the access mode of the adjacent codes to the data.
Step 303: and judging whether the data is a pointer or sensitive information according to the access mode of the data.
Step 304: and when the effective range of the sensitive information exists in the code mode and participates in the write operation of the user mode pointer, judging that the vulnerability is established, and obtaining a vulnerability detection result of the kernel leakage of the operating system.
Through specific practical experiments, under the specific environment setting of a 7700HQ CPU and a 16G RAM common computer, by taking win32kfull.sys, ntoskrnl.exe files in 5 months of 2020 as parameters, experimental data can be obtained as follows: obtain a database containing information about the nature of the function, output function win32 k! fnHkINLPDEBHUGHOOKSTRUCT and ntoskrnl! MmQueryVirtualMemory is a leaky function.
Compared with the prior art, the method can analyze the code of the kernel information leakage vulnerability under the static condition, and can successfully and automatically analyze the vulnerability which cannot be analyzed by the conventional automatic scheme.
The foregoing embodiments may be modified in many different ways by those skilled in the art without departing from the spirit and scope of the invention, which is defined by the appended claims and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims (11)
1. A method for detecting kernel information leakage vulnerability of an operating system under a binary file is characterized in that the using condition of a binary code pointer is obtained by performing pre-analysis processing on a binary code to be analyzed; then, performing symbolic execution on the binary codes to obtain symbolic execution expressions and performing potential vulnerability judgment; finally, judging whether the corresponding kernel information leakage vulnerability is determined according to the further sensitive information of the code mode with the vulnerability risk obtained by vulnerability judgment;
the pre-analysis processing is automatically realized by a code slicing technical means;
the use cases comprise: functions involved in the code and their corresponding user-mode pointers, the method of the code using the code slice, and the access mode of all pointers;
the symbolic execution expression comprises: pointer variables, uninitialized value variables, instruction constants and their assignment operations, and boolean symbols linking assignment operations.
2. The method for detecting kernel information leakage vulnerability of operating system under binary file according to claim 1, wherein said symbolic execution means: according to the use condition of the binary code pointer, only the path corresponding to the sequence formed by the nodes where the memory access is located from the starting point in the control flow graph of the execution function is obtained, and the symbolic execution expression is obtained from the execution result.
3. The method for detecting the kernel information leakage vulnerability of the operating system under the binary file according to claim 1, wherein the potential vulnerability determination means: and performing proposition formula satisfiability judgment on the symbolic execution expression, and judging whether the code mode corresponding to the current path has a potential vulnerability or not when the proposition can be satisfied and ambiguity exists.
4. The method for detecting kernel information leakage vulnerability of operating system under binary file according to claim 1, wherein whether to determine the corresponding kernel information leakage vulnerability is: by statically analyzing the pointer property of data related to the code with the vulnerability risk, searching the use method of the data in the code, judging whether the pointer property is a pointer or a constant and judging whether the code mode with the vulnerability risk really corresponds to the kernel information leakage vulnerability, specifically: and finally, confirming that the risk code mode really has a bug when the value domain meeting the proposition with ambiguity contains the pointer variable.
5. The method for detecting the kernel information leakage vulnerability of the operating system under the binary file according to claim 1, wherein the pre-analysis processing comprises the following steps:
step 101, analyzing a binary file, and identifying function information in the file;
102, screening out functions accessed by the user pointer according to the function information;
103, analyzing and slicing the pointer access of the screened function, and combining the relation between the authority related pointer and the user pointer to obtain the information of the use condition of the user pointer;
and 104, generating a symbol execution expression for the data related to the user pointer according to the slicing result, namely the use condition of the binary code pointer.
6. The method for detecting kernel information leakage vulnerability of operating system under binary file according to claim 1 or 2, wherein said symbolic execution comprises the following steps:
step 201, starting to execute symbol execution on the binary file based on the input binary file, wherein each symbol execution takes a function as a starting point, and the initial state is set to be full empty;
step 202, when control flow transfer related to a user pointer occurs in the symbol execution process, abandoning the transfer and directly executing a symbol execution expression obtained by pre-analysis processing;
step 203, generating expressions for all operations generated in the symbol execution process, and splicing all the obtained expressions to obtain a code mode;
and 204, solving the code mode, simplifying the code mode, and determining whether the code mode is dangerous or not according to a simplification result.
7. The method for detecting the kernel information leakage vulnerability of the operating system under the binary file according to claim 1, wherein the sensitive information judgment comprises the following steps:
step 301: splitting the code mode into source data and general data and identifying data related to the user mode pointer;
step 302: slicing based on the obtained data information, and finding out an access mode of adjacent codes to the data;
step 303: judging whether the data is a pointer or sensitive information according to the access mode of the data;
step 304: and when the effective range of the sensitive information exists in the code mode and participates in the write operation of the user mode pointer, judging that the vulnerability is established, and obtaining a vulnerability detection result of the kernel leakage of the operating system.
8. A system for implementing the method of any preceding claim, comprising: pre-analysis module, symbol execution module and threat decision module, wherein: the pre-analysis module performs function cutting and code slicing processing according to the disclosed symbolic information, the information contained in the binary file format and the information of the binary codes and outputs the parameter properties of the functions to obtain function information results and output the function information results to the symbolic execution module, the symbolic execution module obtains expression results according to symbolic execution and outputs the expression results to the threat determination module, and the threat determination module solves the expression results and obtains the detection results of the kernel leakage loopholes of the operating system.
9. The system of claim 8, wherein said pre-analysis module comprises: the system comprises a binary file analyzing unit, a user pointer related function identifying unit, a pointer access analyzing unit and a function property sorting unit, wherein: the analysis binary file unit is associated with the identification user pointer related function unit, the function head and tail information is delivered to the identification user pointer related function unit, the identification user pointer related function unit is connected with the pointer analysis unit, the identification user pointer related function unit delivers the function information used by the user pointer to the pointer access analysis unit, the pointer access analysis unit delivers the pointer property and the access mode used by the function to the function property sorting unit, and the function property sorting unit outputs the function property database.
10. The system of claim 8, wherein said symbol execution module comprises: a symbol execution engine unit and a code pattern processing unit, wherein: the symbolic execution engine unit obtains functional property information from the functional property database, generates a path transfer expression by combining the functional property information in the execution process, splices the instruction-level symbolic execution result expression to obtain a code mode, is connected with the code mode processing unit and transmits code mode information, and the code mode processing unit inputs the code mode information, screens out problematic code modes and outputs a dangerous function code mode database.
11. The system of claim 8, wherein said threat determination module comprises: data identification unit, code section unit, data nature judge unit and vulnerability confirm unit, wherein: the data identification unit obtains a danger function code mode from a danger function code mode database, is connected with the code slicing unit, transmits a data position in the danger function code mode to the code slicing unit, the code slicing unit slices the code according to the data position and outputs data access information, the data property judgment unit judges the property of the data according to the data access information and transmits the property of the data to the vulnerability confirmation unit, and the vulnerability confirmation unit judges whether the code mode corresponds to the vulnerability code according to the data property and the code mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011174860.9A CN114417343B (en) | 2020-10-28 | 2020-10-28 | Method for detecting kernel information leakage loopholes of operating system under binary files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011174860.9A CN114417343B (en) | 2020-10-28 | 2020-10-28 | Method for detecting kernel information leakage loopholes of operating system under binary files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114417343A true CN114417343A (en) | 2022-04-29 |
| CN114417343B CN114417343B (en) | 2024-07-05 |
Family
ID=81260403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011174860.9A Active CN114417343B (en) | 2020-10-28 | 2020-10-28 | Method for detecting kernel information leakage loopholes of operating system under binary files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114417343B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130055207A1 (en) * | 2011-08-29 | 2013-02-28 | Microsoft Corporation | Demand-driven analysis of pointers for software program analysis and debugging |
| US20150227746A1 (en) * | 2014-02-07 | 2015-08-13 | Northwestern University | System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification |
| CN104899514A (en) * | 2015-06-17 | 2015-09-09 | 上海斐讯数据通信技术有限公司 | Guiding symbol based mobile terminal malicious behavior detection method and system |
| CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
| WO2018101575A1 (en) * | 2016-11-29 | 2018-06-07 | 한국전력공사 | Binary code-based embedded software vulnerability analysis device and method therefor |
| CN108171061A (en) * | 2018-01-16 | 2018-06-15 | 武汉轻工大学 | A kind of Android system Kernel security detection method and device |
| CN109492406A (en) * | 2018-11-15 | 2019-03-19 | 百度在线网络技术(北京)有限公司 | Monitor the methods, devices and systems of kernel loophole attack |
| CN109840416A (en) * | 2017-11-28 | 2019-06-04 | 西安玖诚玖谊实业有限公司 | Malicious code behavior automatic analysis system |
| CN111240687A (en) * | 2020-01-09 | 2020-06-05 | 华东师范大学 | Source code static analysis device |
-
2020
- 2020-10-28 CN CN202011174860.9A patent/CN114417343B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130055207A1 (en) * | 2011-08-29 | 2013-02-28 | Microsoft Corporation | Demand-driven analysis of pointers for software program analysis and debugging |
| US20150227746A1 (en) * | 2014-02-07 | 2015-08-13 | Northwestern University | System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification |
| CN104899514A (en) * | 2015-06-17 | 2015-09-09 | 上海斐讯数据通信技术有限公司 | Guiding symbol based mobile terminal malicious behavior detection method and system |
| WO2018101575A1 (en) * | 2016-11-29 | 2018-06-07 | 한국전력공사 | Binary code-based embedded software vulnerability analysis device and method therefor |
| CN109840416A (en) * | 2017-11-28 | 2019-06-04 | 西安玖诚玖谊实业有限公司 | Malicious code behavior automatic analysis system |
| CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
| CN108171061A (en) * | 2018-01-16 | 2018-06-15 | 武汉轻工大学 | A kind of Android system Kernel security detection method and device |
| CN109492406A (en) * | 2018-11-15 | 2019-03-19 | 百度在线网络技术(北京)有限公司 | Monitor the methods, devices and systems of kernel loophole attack |
| CN111240687A (en) * | 2020-01-09 | 2020-06-05 | 华东师范大学 | Source code static analysis device |
Non-Patent Citations (7)
| Title |
|---|
| PAUL MUNTEAN 等: "Context-sensitive detection of Information exposure bugs with symbolic execution", INNOSWDEV 2014:PROCEEDINGS OF THE INTERNATIONAL WORKSHOP ON INNOVATION SOFTWARE DEVELOPMENT METHDOLOGIES AND PRACTICES, 30 November 2014 (2014-11-30), pages 84 - 93 * |
| SHENGJIAN GUO 等: "Adversarial symbolic execution for detecting concurrency-related cache timing leaks", ESEC/FSE 2018:PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 31 October 2018 (2018-10-31), pages 377 - 388, XP058699281, DOI: 10.1145/3236024.3236028 * |
| 周宽久;杨广;赖晓晨;崔凯;姚艳双;: "基于控制流切片的代码安全缺陷检测方法", 计算机工程与设计, no. 06, 16 June 2012 (2012-06-16), pages 2265 - 2271 * |
| 彭诗言: "一种基于符号污点执行的操作系统内核信息泄露漏洞检测方法", 中国优秀硕士学位论文全文数据库 信息科技辑, no. 01, 15 January 2024 (2024-01-15), pages 138 - 187 * |
| 徐永健;王丹;陈渝;范文良;: "使用符号化驱动环境检测Linux设备驱动程序的漏洞", 计算机工程与科学, no. 02, 15 February 2016 (2016-02-15), pages 290 - 296 * |
| 李伟;苏璞睿;: "基于内核驱动的恶意代码动态检测技术", 中国科学院研究生院学报, no. 05, 15 September 2010 (2010-09-15), pages 695 - 703 * |
| 陈恺;冯登国;苏璞睿;: "基于有限约束满足问题的溢出漏洞动态检测方法", 计算机学报, no. 05, 15 May 2012 (2012-05-15), pages 898 - 909 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114417343B (en) | 2024-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109992970B (en) | JAVA deserialization vulnerability detection system and method | |
| US8171551B2 (en) | Malware detection using external call characteristics | |
| US11455400B2 (en) | Method, system, and storage medium for security of software components | |
| US20170372068A1 (en) | Method to identify known compilers functions, libraries and objects inside files and data items containing an executable code | |
| Mirsky et al. | {VulChecker}: Graph-based Vulnerability Localization in Source Code | |
| KR101640479B1 (en) | Software vulnerability attack behavior analysis system based on the source code | |
| Li et al. | A novel approach for software vulnerability classification | |
| KR20180010053A (en) | Extraction system and method of risk code for vulnerability analysis | |
| Filus et al. | Software vulnerabilities in TensorFlow-based deep learning applications | |
| CN112115473A (en) | Method for security detection of Java open source assembly | |
| CN114462044A (en) | UEFI (unified extensible firmware interface) firmware vulnerability static detection method and device based on taint analysis | |
| Lubuva et al. | A review of static malware detection for Android apps permission based on deep learning | |
| Zahan et al. | Shifting the Lens: Detecting Malware in npm Ecosystem with Large Language Models | |
| You et al. | Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART) | |
| Samhi et al. | Negative results of fusing code and documentation for learning to accurately identify sensitive source and sink methods: An application to the android framework for data leak detection | |
| Borzykh et al. | Detecting Code Security Breaches by Means of Dataflow Analysis | |
| CN109299610B (en) | Method for verifying and identifying unsafe and sensitive input in android system | |
| CN114417343B (en) | Method for detecting kernel information leakage loopholes of operating system under binary files | |
| US11250127B2 (en) | Binary software composition analysis | |
| Marashdih et al. | The problems and challenges of infeasible paths in static analysis | |
| Staderini et al. | Security Evaluation and Improvement of Solidity Smart Contracts | |
| CN113392016B (en) | Protocol generation method, device, equipment and medium for processing program abnormal condition | |
| EP3692456A1 (en) | Binary image stack cookie protection | |
| Xiaomeng et al. | A survey on source code review using machine learning | |
| Fülöp et al. | Comprehensive Evaluation of Cross Translation Unit Symbolic Execution. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |