FR3067486B1 - Procede de detection non intrusif des failles de securite d'un programme informatique - Google Patents
Procede de detection non intrusif des failles de securite d'un programme informatique Download PDFInfo
- Publication number
- FR3067486B1 FR3067486B1 FR1755151A FR1755151A FR3067486B1 FR 3067486 B1 FR3067486 B1 FR 3067486B1 FR 1755151 A FR1755151 A FR 1755151A FR 1755151 A FR1755151 A FR 1755151A FR 3067486 B1 FR3067486 B1 FR 3067486B1
- Authority
- FR
- France
- Prior art keywords
- program
- computer program
- detection process
- cryptographic function
- app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title abstract 3
- 238000004590 computer program Methods 0.000 title abstract 2
- 238000001514 detection method Methods 0.000 title 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de détection non intrusif des failles de sécurité d'un programme informatique APP. Le procédé comporte une étape d'installation et d'exécution d'une version exécutable et non instrumentalisée du programme APP dans un système informatique 1, le système informatique 1 comprenant au moins une fonction cryptographique susceptible d'être appelée par le programme APP. Il comprend également, au cours de l'exécution du programme, une étape d'enregistrement dans un fichier de traçage des modalités d'appels à la fonction cryptographique et, après l'exécution du programme, une étape d'analyse du fichier de traçage à l'aide d'une base de règles pour détecter des appels à la fonction cryptographique susceptibles de former une faille de sécurité.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1755151A FR3067486B1 (fr) | 2017-06-09 | 2017-06-09 | Procede de detection non intrusif des failles de securite d'un programme informatique |
US16/620,819 US11768944B2 (en) | 2017-06-09 | 2018-05-11 | Non-intrusive method of detecting security flaws of a computer program |
PCT/FR2018/051162 WO2018224747A1 (fr) | 2017-06-09 | 2018-05-11 | Procede de detection non intrusif des failles de securite d'un programme informatique |
US18/228,634 US12105809B2 (en) | 2017-06-09 | 2023-07-31 | Non-intrusive method of detecting security flaws of a computer program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1755151 | 2017-06-09 | ||
FR1755151A FR3067486B1 (fr) | 2017-06-09 | 2017-06-09 | Procede de detection non intrusif des failles de securite d'un programme informatique |
Publications (2)
Publication Number | Publication Date |
---|---|
FR3067486A1 FR3067486A1 (fr) | 2018-12-14 |
FR3067486B1 true FR3067486B1 (fr) | 2021-08-27 |
Family
ID=59974533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR1755151A Active FR3067486B1 (fr) | 2017-06-09 | 2017-06-09 | Procede de detection non intrusif des failles de securite d'un programme informatique |
Country Status (3)
Country | Link |
---|---|
US (2) | US11768944B2 (fr) |
FR (1) | FR3067486B1 (fr) |
WO (1) | WO2018224747A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11934538B2 (en) * | 2019-10-23 | 2024-03-19 | Sri International | Augmenting executables having cryptographic primitives |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6851056B2 (en) * | 2002-04-18 | 2005-02-01 | International Business Machines Corporation | Control function employing a requesting master id and a data address to qualify data access within an integrated system |
US20040230825A1 (en) * | 2003-05-16 | 2004-11-18 | Shepherd Eric Robert | Secure browser |
US7207065B2 (en) | 2004-06-04 | 2007-04-17 | Fortify Software, Inc. | Apparatus and method for developing secure software |
US20090031135A1 (en) * | 2007-07-27 | 2009-01-29 | Raghunathan Kothandaraman | Tamper Proof Seal For An Electronic Document |
US9339847B2 (en) | 2008-06-30 | 2016-05-17 | Metso Minerals Inc. | Vibrating aggregate, an apparatus for processing mineral material, and a method for moving a processing device of an apparatus for processing mineral material |
US8397300B2 (en) * | 2009-09-22 | 2013-03-12 | International Business Machines Corporation | Detecting security vulnerabilities relating to cryptographically-sensitive information carriers when testing computer software |
US8661536B2 (en) * | 2010-03-17 | 2014-02-25 | Microsoft Corporation | Side channel attack analysis |
US8458798B2 (en) | 2010-03-19 | 2013-06-04 | Aspect Security Inc. | Detection of vulnerabilities in computer systems |
US9268945B2 (en) * | 2010-03-19 | 2016-02-23 | Contrast Security, Llc | Detection of vulnerabilities in computer systems |
US10701097B2 (en) * | 2011-12-20 | 2020-06-30 | Micro Focus Llc | Application security testing |
US9003236B2 (en) * | 2012-09-28 | 2015-04-07 | Intel Corporation | System and method for correct execution of software based on baseline and real time information |
US9846717B2 (en) * | 2012-10-23 | 2017-12-19 | Galois, Inc. | Software security via control flow integrity checking |
US9146833B2 (en) * | 2012-12-20 | 2015-09-29 | Intel Corporation | System and method for correct execution of software based on a variance between baseline and real time information |
US9124564B2 (en) * | 2013-08-22 | 2015-09-01 | Cisco Technology, Inc. | Context awareness during first negotiation of secure key exchange |
US10650148B2 (en) * | 2014-09-04 | 2020-05-12 | Micro Focus Llc | Determine protective measure for data that meets criteria |
WO2016047111A1 (fr) * | 2014-09-25 | 2016-03-31 | 日本電気株式会社 | Système d'analyse, dispositif d'analyse, procédé d'analyse, et support d'informations comprenant un programme d'analyse enregistré dans celui-ci |
WO2016094840A2 (fr) * | 2014-12-11 | 2016-06-16 | Ghosh Sudeep | Système, procédé et support lisible par ordinateur pour la protection de logiciels au moyen de machines virtuelles composables de niveau processus |
US9438618B1 (en) * | 2015-03-30 | 2016-09-06 | Amazon Technologies, Inc. | Threat detection and mitigation through run-time introspection and instrumentation |
US10713146B2 (en) * | 2015-06-26 | 2020-07-14 | AVAST Software s.r.o. | Dynamic binary translation and instrumentation with postponed attachment to running native threads |
EP3179371A1 (fr) * | 2015-12-08 | 2017-06-14 | Gilwa GmbH embedded systems | Procédé et dispositif pour la collecte de données de traçage de manière non intrusive |
US10503623B2 (en) * | 2016-04-29 | 2019-12-10 | Ca, Inc. | Monitoring containerized applications |
US10417111B2 (en) * | 2016-05-09 | 2019-09-17 | Oracle International Corporation | Correlation of stack segment intensity in emergent relationships |
WO2018006241A1 (fr) * | 2016-07-04 | 2018-01-11 | Mcafee, Inc. | Procédé et appareil de détection de vulnérabilités de sécurité dans une application web |
US10586045B2 (en) * | 2016-08-11 | 2020-03-10 | The Mitre Corporation | System and method for detecting malware in mobile device software applications |
US9898385B1 (en) * | 2016-10-11 | 2018-02-20 | Green Hills Software, Inc. | Systems, methods, and devices for vertically integrated instrumentation and trace reconstruction |
US20190354690A1 (en) * | 2016-12-08 | 2019-11-21 | Atricore Inc. | Systems, devices and methods for application and privacy compliance monitoring and security threat analysis processing |
US10558809B1 (en) * | 2017-04-12 | 2020-02-11 | Architecture Technology Corporation | Software assurance system for runtime environments |
US20190102279A1 (en) * | 2017-10-04 | 2019-04-04 | Layered Insight, Inc. | Generating an instrumented software package and executing an instance thereof |
US11074362B2 (en) * | 2017-12-04 | 2021-07-27 | ShiftLeft, Inc. | System and method for code-based protection of sensitive data |
-
2017
- 2017-06-09 FR FR1755151A patent/FR3067486B1/fr active Active
-
2018
- 2018-05-11 WO PCT/FR2018/051162 patent/WO2018224747A1/fr active Application Filing
- 2018-05-11 US US16/620,819 patent/US11768944B2/en active Active
-
2023
- 2023-07-31 US US18/228,634 patent/US12105809B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
FR3067486A1 (fr) | 2018-12-14 |
US12105809B2 (en) | 2024-10-01 |
US11768944B2 (en) | 2023-09-26 |
US20230376610A1 (en) | 2023-11-23 |
US20200125735A1 (en) | 2020-04-23 |
WO2018224747A1 (fr) | 2018-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI541669B (zh) | Detection systems and methods for static detection applications, and computer program products | |
EP3296877A3 (fr) | Systèmes de débogage | |
US20190064130A1 (en) | Peak detection method and data processing device | |
WO2007025279A3 (fr) | Appareil et procede permettant d'analyser et de completer un programme afin d'assurer sa securite | |
RU2012156433A (ru) | Система и способ обнаружения вредоносного программного обеспечения путем создания изолированной среды | |
MY188927A (en) | Big drilling data analytics engine | |
US8671397B2 (en) | Selective data flow analysis of bounded regions of computer software applications | |
FR3005448B1 (fr) | Procede et dispositif de detection d'une intention de demarrer d'un vehicule a l'arret | |
GB2519882A (en) | Identifying whether an application is malicious | |
TW200731105A (en) | Model manufacturing device, model manufacturing system and abnormal detector | |
GB2492667A (en) | Data processing method and system for checking pipeline leakage | |
SG11201803902VA (en) | Data processing method and apparatus | |
CN101964026A (zh) | 网页挂马检测方法和系统 | |
US20150278852A1 (en) | System And Method For Identifying Online Advertisement Laundering And Online Advertisement Injection | |
FR3067486B1 (fr) | Procede de detection non intrusif des failles de securite d'un programme informatique | |
WO2018016671A3 (fr) | Système de détection de code dangereux conçu pour vérifier une vulnérabilité de sécurité et procédé associé | |
MA45622B1 (fr) | Systèmes, procédés et programmes informatiques de génération de mesure d'authenticité d'un objet | |
RU2018142897A (ru) | Оптимизатор запроса для использования cpu и рефакторинга кода | |
FR3051579B1 (fr) | Procede de securisation d'un dispositif electronique, et dispositif electronique correspondant | |
FR3002053B1 (fr) | Tests sensibles de validation | |
TR201908074T4 (tr) | Bir şebekede verinin işlenmesine yönelik yöntem ve ilişkili mobil cihaz. | |
CN104636661A (zh) | 一种分析Android应用程序的方法和系统 | |
Nakamura et al. | Towards detection and analysis of interlanguage clones for multilingual web applications | |
Ferreira et al. | Characterizing complexity of highly-configurable systems with variational call graphs: Analyzing configuration options interactions complexity in function calls | |
PH12019500762A1 (en) | Method and apparatus for implementing accessibility function in applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PLSC | Publication of the preliminary search report |
Effective date: 20181214 |
|
PLFP | Fee payment |
Year of fee payment: 4 |
|
PLFP | Fee payment |
Year of fee payment: 5 |
|
PLFP | Fee payment |
Year of fee payment: 6 |
|
PLFP | Fee payment |
Year of fee payment: 7 |
|
PLFP | Fee payment |
Year of fee payment: 8 |