JP7287480B2 - 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム - Google Patents

解析機能付与装置、解析機能付与方法及び解析機能付与プログラム Download PDF

Info

Publication number
JP7287480B2
JP7287480B2 JP2021551100A JP2021551100A JP7287480B2 JP 7287480 B2 JP7287480 B2 JP 7287480B2 JP 2021551100 A JP2021551100 A JP 2021551100A JP 2021551100 A JP2021551100 A JP 2021551100A JP 7287480 B2 JP7287480 B2 JP 7287480B2
Authority
JP
Japan
Prior art keywords
analysis
execution
unit
branch
script
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2021551100A
Other languages
English (en)
Japanese (ja)
Other versions
JPWO2021070393A1 (https=
JPWO2021070393A5 (https=
Inventor
利宣 碓井
知範 幾世
裕平 川古谷
誠 岩村
潤 三好
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
NTT Inc USA
Original Assignee
Nippon Telegraph and Telephone Corp
NTT Inc USA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp, NTT Inc USA filed Critical Nippon Telegraph and Telephone Corp
Publication of JPWO2021070393A1 publication Critical patent/JPWO2021070393A1/ja
Publication of JPWO2021070393A5 publication Critical patent/JPWO2021070393A5/ja
Application granted granted Critical
Publication of JP7287480B2 publication Critical patent/JP7287480B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/362Debugging of software
    • G06F11/3636Debugging of software by tracing the execution of the program
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/815Virtual
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/865Monitoring of software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Mathematical Physics (AREA)
  • Devices For Executing Special Programs (AREA)
  • Debugging And Monitoring (AREA)
JP2021551100A 2019-10-11 2019-10-11 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム Active JP7287480B2 (ja)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/040336 WO2021070393A1 (ja) 2019-10-11 2019-10-11 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム

Publications (3)

Publication Number Publication Date
JPWO2021070393A1 JPWO2021070393A1 (https=) 2021-04-15
JPWO2021070393A5 JPWO2021070393A5 (https=) 2022-06-21
JP7287480B2 true JP7287480B2 (ja) 2023-06-06

Family

ID=75438071

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021551100A Active JP7287480B2 (ja) 2019-10-11 2019-10-11 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム

Country Status (3)

Country Link
US (1) US20230028595A1 (https=)
JP (1) JP7287480B2 (https=)
WO (1) WO2021070393A1 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11989292B2 (en) * 2018-10-11 2024-05-21 Nippon Telegraph And Telephone Corporation Analysis function imparting device, analysis function imparting method, and recording medium
JP7557431B2 (ja) * 2021-06-18 2024-09-27 株式会社日立製作所 ソースコード修正支援装置及びソースコード修正支援方法
JP7568129B2 (ja) 2021-10-18 2024-10-16 日本電信電話株式会社 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
WO2023067668A1 (ja) * 2021-10-18 2023-04-27 日本電信電話株式会社 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
US20240411557A1 (en) * 2021-10-18 2024-12-12 Nippon Telegraph And Telephone Corporation Analysis function imparting method, analysis function imparting device, and analysis function imparting program
JP7568130B2 (ja) 2021-10-18 2024-10-16 日本電信電話株式会社 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
JPWO2024214265A1 (https=) * 2023-04-13 2024-10-17
JPWO2024214263A1 (https=) * 2023-04-13 2024-10-17

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013008326A1 (ja) 2011-07-13 2013-01-17 富士通株式会社 ソフトウェア検証方法、およびソフトウェア検証システム

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997027536A1 (en) * 1996-01-24 1997-07-31 Sun Microsystems, Inc. Instruction folding for a stack-based machine
US8924933B2 (en) * 2008-03-25 2014-12-30 Barclays Capital Inc. Method and system for automated testing of computer applications
CN105630526B (zh) * 2014-11-03 2019-04-19 阿里巴巴集团控股有限公司 脚本的加载控制方法及装置
KR101731022B1 (ko) * 2014-12-31 2017-04-27 주식회사 시큐아이 익스플로잇 탐지 방법 및 장치
US10033747B1 (en) * 2015-09-29 2018-07-24 Fireeye, Inc. System and method for detecting interpreter-based exploit attacks
CN108830077B (zh) * 2018-06-14 2023-07-18 腾讯科技(深圳)有限公司 一种脚本检测方法、装置及终端

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013008326A1 (ja) 2011-07-13 2013-01-17 富士通株式会社 ソフトウェア検証方法、およびソフトウェア検証システム

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KINDER,Johannes,Towards Static Analysis of Virtualization-Obfuscated Binaries,2012 19th Working Conference on Reverse Engineering,カナダ,IEEE,2012年,Retrieved from the Internet:<https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6385102>, DOI:10.1109/WCRE.2012.16, ISSN:1095-1350, ISBN 978-0-7695-4891-3
碓井 利宣 ほか,スクリプト実行環境に対する解析機能の自動付与手法,コンピュータセキュリティシンポジウム2018論文集,日本,一般社団法人情報処理学会,Vol.2018, No.2,pp.1016-1023

Also Published As

Publication number Publication date
WO2021070393A1 (ja) 2021-04-15
JPWO2021070393A1 (https=) 2021-04-15
US20230028595A1 (en) 2023-01-26

Similar Documents

Publication Publication Date Title
JP7287480B2 (ja) 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム
JP7517585B2 (ja) 解析機能付与装置、解析機能付与プログラム及び解析機能付与方法
CN101661543B (zh) 软件源代码安全漏洞的检测方法及检测装置
JP7115552B2 (ja) 解析機能付与装置、解析機能付与方法及び解析機能付与プログラム
CN109101815B (zh) 一种恶意软件检测方法及相关设备
US20160371494A1 (en) Software Vulnerabilities Detection System and Methods
US9507933B2 (en) Program execution apparatus and program analysis apparatus
Gibbs et al. Operation mango: Scalable discovery of {Taint-Style} vulnerabilities in binary firmware services
WO2012079832A1 (en) Formal analysis of the quality and conformance of information flow downgraders
WO2018131199A1 (ja) 結合装置、結合方法および結合プログラム
US8935782B2 (en) Malware detection via network information flow theories
CN110096873A (zh) 通过补丁变换的自动诱饵推导
JP7568131B2 (ja) 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
US20160011951A1 (en) Techniques for web service black box testing
KR20210045122A (ko) 기호 실행을 사용하는 소프트웨어 테스트 입력 생성 장치 및 방법
Yin et al. Precise discovery of more taint-style vulnerabilities in embedded firmware
US20130152205A1 (en) Interactive analysis of a security specification
Ashouri Practical dynamic taint tracking for exploiting input sanitization error in java applications
JP7568129B2 (ja) 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
WO2023067663A1 (ja) 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
JP6984760B2 (ja) 変換装置及び変換プログラム
Bhardwaj et al. Fuzz testing in stack-based buffer overflow
Youssef et al. Tracing Software Exploitation
JP7568130B2 (ja) 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム
Usui et al. My script engines know what you did in the dark: Converting engines into script API tracers

Legal Events

Date Code Title Description
A529 Written submission of copy of amendment under article 34 pct

Free format text: JAPANESE INTERMEDIATE CODE: A5211

Effective date: 20220215

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20220215

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20230207

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20230406

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20230425

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20230508

R150 Certificate of patent or registration of utility model

Ref document number: 7287480

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350