KR20210042285A - Method and apparatus for acquirising vulnerability feature, and electronic device - Google Patents

Abstract

The present invention relates to a method and an apparatus for obtaining characteristics of vulnerability, and an electronic device, and relates to a field of technology for information safety. According to the present invention, the method comprises the following steps: obtaining information on a patch of vulnerability; determining a type of vulnerability based on the information on a patch of vulnerability, wherein the type includes code-type vulnerability and no-code-type vulnerability; extracting at least one characteristic of vulnerability, based on a vulnerability analysis engine corresponding to the type of vulnerability; and transmitting the at least one characteristic of vulnerability to an electronic device. Accordingly, characteristics of vulnerability can be obtained on-line, efficiency of obtaining characteristics of vulnerability can be enhanced and costs for maintaining a library of system vulnerability can be reduced with no need for artificially analyzing and obtaining the characteristics of vulnerability.

Description

Vulnerability feature acquisition method, device, and electronic device {METHOD AND APPARATUS FOR ACQUIRISING VULNERABILITY FEATURE, AND ELECTRONIC DEVICE}

This application relates to the field of computer technology, and specifically to the field of information security technology.

In the field of information security, a vulnerability refers to a vulnerability or defect existing in a system, a system's sensitivity to a specific threat attack or risk event, or the possibility of an attacking threat action. Vulnerabilities can be sent by defects in designing applications or operating systems or errors in coding, and can be caused by design defects during service interaction processing or inappropriate points in the logical process. Such defects, errors, or inadequacies can be used deliberately or unintentionally, adversely affecting the assets or operations of an organization. For example, information systems are attacked or controlled, important information is stolen, user data is altered, and the system is a springboard for invading other host systems. Vulnerability characteristics are information indicating a vulnerability, and one vulnerability has a plurality of vulnerability characteristics. In the case of Android systems, how to acquire the vulnerability characteristics of known vulnerabilities is extremely important in system safety analysis.

In the prior art, known vulnerabilities of a system, for example, vulnerabilities scanned through vulnerability scanning, are countered based on the vulnerability characteristics when artificially analyzing the vulnerability characteristics of each vulnerability and detecting each vulnerability characteristic. The feature detection code is compiled, and the feature detection code is executed on the machine under test to detect the presence or absence of a vulnerability feature. If there is an update on the vulnerability that appears in the system, the vulnerability feature must be artificially analyzed again to perform a subsequent detection process, so the efficiency of obtaining the vulnerability feature is low.

It provides a method, a device, and an electronic device for obtaining a vulnerability feature, obtains the vulnerability feature of the vulnerability online, and improves the efficiency of obtaining the vulnerability feature.

According to a first aspect, a method for obtaining a vulnerability characteristic is provided,

After acquiring the vulnerability patch information of the vulnerability, determining a type of the vulnerability based on the vulnerability patch information, the type including a vulnerability of a code type and a vulnerability of a non-code type;

Extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability;

And sending at least one vulnerability feature of the vulnerability to an electronic device.

According to the technology of this application, after acquiring the vulnerability patch information of the vulnerability, after determining whether the vulnerability is a code type vulnerability or a non-code type vulnerability based on the vulnerability patch information, a vulnerability analysis engine corresponding to the type of vulnerability At least one vulnerability feature of the vulnerability is extracted based on, and finally, at least one vulnerability feature of the vulnerability is sent to the electronic device. Different types of vulnerabilities correspond to different types of vulnerability analysis engines, and since the vulnerability analysis engine is pre-built based on different types of vulnerabilities, the vulnerability features of the vulnerability can be acquired online and the efficiency of obtaining the vulnerability features It can improve and reduce the maintenance cost of the system vulnerability library without the need to artificially analyze and acquire the vulnerability characteristics.

According to a second aspect, a device for obtaining a vulnerability characteristic is provided,

An acquisition module for acquiring vulnerability patch information of a vulnerability;

A determination module determining the type of vulnerability based on the vulnerability patch information, the type including a code type vulnerability and a non-code type vulnerability;

An extraction module for extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability;

And a sending module for sending at least one vulnerability feature of the vulnerability to an electronic device.

According to the technology of this application, after the acquisition module acquires the vulnerability patch information of the vulnerability, it determines whether the vulnerability is a code type vulnerability or a non-code type vulnerability based on the vulnerability patch information, and then the extraction module is the type of vulnerability. At least one vulnerability feature of the vulnerability is extracted based on the vulnerability analysis engine corresponding to, and finally, the sending module sends at least one vulnerability feature of the vulnerability to the electronic device. Different types of vulnerabilities correspond to different types of vulnerability analysis engines, and since the vulnerability analysis engine is pre-built based on different types of vulnerabilities, the vulnerability features of the vulnerability can be acquired online and the efficiency of obtaining the vulnerability features It can improve and reduce the maintenance cost of the system vulnerability library without the need to artificially analyze and acquire the vulnerability characteristics.

According to the third aspect, providing a magnetic device,

At least one processor; And

Including; a memory that is communicatively connected to the at least one processor,

An instruction executable by the at least one processor is stored in the memory, and the instruction is executed by the at least one processor, so that the at least one processor can perform the method according to the first aspect.

According to a fourth aspect, there is provided a non-transitory computer-readable storage medium storing computer instructions, the computer instructions causing the computer to perform the method according to the first aspect.

According to a fifth aspect, a computer program stored in a computer-readable storage medium is provided, wherein at least one processor of the electronic device can read the computer program from the readable storage medium, and the at least one processor is the computer By executing a program, the electronic device performs the method according to the first aspect.

It should be understood that the content described in this section is not intended to specify the core or important features of the embodiments of the present application, and does not limit the scope of the present application. Other features of the present application can be easily understood from the following specification.

The present invention can improve the efficiency of obtaining the vulnerability characteristics by acquiring the vulnerability characteristics of the vulnerability online.

The accompanying drawings are provided to sufficiently understand the present scheme, and are not limited to the present application.
1 is a diagram showing an application scenario of the present application;
2 is a flowchart of Embodiment 1 of a method for obtaining a vulnerability characteristic according to the present application.
3 is a flowchart of Embodiment 2 of a method for obtaining a vulnerability characteristic according to the present application.
4 is a flowchart of Embodiment 3 of a method for acquiring a vulnerability characteristic according to the present application.
5 is a flowchart of Embodiment 4 of a method for acquiring vulnerability characteristics according to the present application.
6 is a structural diagram of an apparatus for acquiring a vulnerability feature according to the present application.
7 is a structural diagram of an apparatus for acquiring a vulnerability feature according to the present application.
8 is a structural diagram of a device for acquiring a vulnerability feature according to the present application.
9 is a block diagram of an electronic device for implementing a method of obtaining a vulnerability characteristic according to an embodiment of the present application.

Hereinafter, exemplary embodiments of the present application will be described in conjunction with the accompanying drawings, and various details of the embodiments of the present application are included in order to aid understanding, and these should be regarded as merely exemplary. Therefore, it should be understood that those of ordinary skill in the art may make various changes and modifications to the embodiments described herein, which do not depart from the scope and spirit of the present application. Likewise, for clarity and conciseness, descriptions of known functions and structures are omitted in the following description.

In the embodiments of the present application, terms such as "exemplary" or "for example" should be understood as exemplifying, for example, proving or explaining, and "exemplarily" in the embodiments of the present application. It is not to be understood that any embodiment or solution described as or “for example” has more desirable or superior advantages over other embodiments or solutions. More specifically, terms such as “exemplarily” or “for example” are intended to represent related concepts in a specific manner.

The method of acquiring the vulnerability characteristics in the prior art artificially analyzes the vulnerability characteristics of the vulnerability, and if the vulnerability that appears in the system is updated, the vulnerability characteristics must be analyzed again. Therefore, the efficiency of obtaining the vulnerability characteristics is low, and the vulnerability library The maintenance cost is higher. In order to solve this problem, the present application provides a method, a device, and an electronic device for acquiring vulnerability characteristics, and builds different vulnerability analysis engines based on different types of vulnerabilities in advance, After analyzing and extracting the vulnerability features using another vulnerability analysis engine, obtaining the vulnerability patch information of the vulnerability, determining the type of the vulnerability based on the vulnerability patch information, and using the vulnerability analysis engine corresponding to the vulnerability type By extracting at least one vulnerability feature of the vulnerability, and sending at least one vulnerability feature of the vulnerability to an electronic device, it is used to detect the vulnerability of the electronic device. Accordingly, it is possible to acquire the vulnerability features of the vulnerability online, improve the efficiency of obtaining the vulnerability features, and reduce the maintenance cost of the system vulnerability library. Hereinafter, a detailed implementation process of a method for obtaining a vulnerability characteristic in an embodiment of the present application will be described in detail through specific embodiments in conjunction with the accompanying drawings.

First, partial terms in the embodiments of the present application will be interpreted and described below, so that those skilled in the art can easily understand.

1. Vulnerability characteristic is information to indicate vulnerability, when the vulnerability is a code type vulnerability, the vulnerability characteristic is information on the difference between the source code of the vulnerability and the recovery code of the vulnerability, and when the vulnerability is a non-code type vulnerability, Vulnerability characteristics are information on changes in the source file of the vulnerability and the recovery file of the vulnerability.

2. The operating entity is a corresponding application (APP) or system software when the code file is executed on the Android system, and the application is various types of applications, such as social applications, shopping applications, and the like.

3. The drone cluster under test is a tester for testing vulnerability features built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions as multiple test target drones. Corresponds to one Android system version, one processor architecture platform and one safety patch version.

1 is a diagram showing an application scenario of the present application. As shown in Fig. 1, the apparatus for obtaining a vulnerability characteristic according to the present application is for obtaining an operation entity corresponding to each of the vulnerability characteristics of a known vulnerability or the vulnerability characteristics and the vulnerability characteristics of a known vulnerability, and the operation entity is an application ( APP) or system software, where the application is for example a social application, a shopping application, and the like. Known vulnerabilities are, for example, vulnerabilities in Android systems scanned through vulnerability scanning software, or vulnerabilities in public announcements on the Android official site. The vulnerability feature of the vulnerability acquired by the vulnerability feature acquisition device or the operational entity that corresponds to the vulnerability feature can be used for vulnerability detection, and is implemented in the overall vulnerability feature drive mode, including Java reflection mechanism, decompilation (oatdump), etc. can do. Specifically, an existing detection method can be used.For example, when detecting each vulnerability feature, the corresponding feature detection code is compiled based on the vulnerability feature, and the feature detection code is operated correspondingly on the electronic device to be measured. It executes on the entity (if there is no operational entity, executes sequentially on each operational entity on the electronic device), detects the presence or absence of a vulnerability feature, and achieves the purpose of detecting the vulnerability. Here, the electronic device to be detected may be an electronic device using an Android software system, such as a mobile phone, a portable computer, or a vehicle device. The vulnerability feature acquisition device according to the present application can acquire the vulnerability features of the known vulnerabilities of the Android system online, and if a vulnerability appearing in the Android system is updated, it acquires the vulnerability features of the updated vulnerability in real time, and the vulnerability features It can improve the acquisition efficiency of the system and reduce the maintenance cost of the system vulnerability library. In the following, the process of acquiring the vulnerability characteristics will be described in detail by combining the accompanying drawings.

2 is a flowchart of Embodiment 1 of a method for obtaining a vulnerability characteristic according to the present application. In the present embodiment, the execution subject may be the device for obtaining a vulnerability feature shown in FIG. 1, and the device for obtaining the vulnerability feature may be a hardware device or a software module. As shown in FIG. 2, the method of this embodiment is as follows. It may include steps.

S101, After acquiring the vulnerability patch information of the vulnerability, the type of the vulnerability is determined based on the vulnerability patch information, but the type includes the vulnerability of the code type and the vulnerability of the non-code type.

Here, obtaining the vulnerability patch information of the vulnerability can be obtained from the Android official site safety notice information, and specifically, the Android official site safety notice information is the identifier of a vulnerability such as Common Vulnerabilities and Exposures (CVE). , Reference number, type, severity, and updated Android Open-Source Project (AOSP) version information, etc. may be included, for example, Table 1 below is an example of the contents of the safety notice information. Here, the reference number carries the link of the vulnerability patch information, the type is remote command/code execute vulnerability (RCE), and the severity includes high and medium low.

CVE Reference number type Serious
Degree Updated
AOSP version CVE-2019-1986 A-1178 RCE High 9 CVE-2019-1987 A-1181 RCE High 7.0, 7.1.1 CVE-2019-1988 A-1837 RCE medium 8.0, 8.1, 9

Regarding obtaining the vulnerability patch information of the vulnerability, first, a corresponding reference number is determined based on the vulnerability identifier, and the corresponding vulnerability patch information is obtained based on the reference number. After obtaining the vulnerability patch information of the vulnerability, it is possible to determine whether the type of the vulnerability is a code type vulnerability or a non-code type vulnerability. If the vulnerability patch information of the vulnerability includes the source code of the vulnerability and the recovery code of the vulnerability, the type of the vulnerability can be determined as a code type vulnerability; If the vulnerability patch information of the vulnerability includes the source file of the vulnerability and the recovery file of the vulnerability, it can be determined that the type of vulnerability is the non-code type as the vulnerability.

Specifically, if the safety notification information includes a plurality of vulnerabilities, vulnerability patch information of a plurality of vulnerabilities can be obtained at once, and vulnerability characteristics of each vulnerability are obtained for each vulnerability. If one vulnerability is updated in the safety notice information within a certain period of time, the vulnerability patch information of the one vulnerability is acquired at a time, and further, the vulnerability characteristic of the one vulnerability is acquired by performing the subsequent process.

Optionally, the vulnerability patch information of the vulnerability among the safety notification information may be periodically acquired according to a preset time, and the preset time may be half a month, one month, three months, or six months. If an updated vulnerability exists, the updated vulnerability patch information may be obtained by following the safety notice information in real time, and then the vulnerability characteristics of the updated vulnerability may be obtained by performing a subsequent process.

S102, on the basis of the vulnerability analysis engine corresponding to the type of vulnerability, at least one vulnerability feature of the vulnerability is extracted.

Specifically, different types of vulnerabilities correspond to different types of vulnerability analysis engines, and code types corresponding to vulnerabilities are code analysis engines, and codes of different languages are different code analysis engines, for example C/ Corresponds to C++ code analysis engine, Java code analysis engine and kernel code analysis engine. Corresponding to non-code type vulnerabilities is a file analysis engine, for example a configuration file analysis engine.

Specifically, if the vulnerability analysis engine corresponding to the type of vulnerability is a C/C++ code analysis engine, the vulnerability patch information of the vulnerability is analyzed through the C/C++ code analysis engine, and features of the vulnerability are extracted; If the vulnerability analysis engine corresponding to the type of vulnerability is a Java code analysis engine, the vulnerability patch information of the vulnerability is analyzed through the Java code analysis engine, and features of the vulnerability are extracted; If the vulnerability analysis engine corresponding to the type of vulnerability is a kernel code analysis engine, the vulnerability patch information of the vulnerability is analyzed through the kernel code analysis engine, and the vulnerability features are extracted; If the vulnerability analysis engine corresponding to the type of vulnerability is a configuration file analysis engine, the vulnerability patch information of the vulnerability is analyzed through the configuration file analysis engine, and the features of the vulnerability are extracted. Different vulnerability analysis engines analyze and extract the vulnerability characteristics of vulnerabilities in different processes.

One vulnerability has at least one vulnerability characteristic, and if there are multiple vulnerabilities, the vulnerability characteristics of the plurality of vulnerabilities form one vulnerability characteristic set.

Here, with respect to the vulnerability of the code type, the vulnerability characteristic may be, for example, an increase or decrease in the definition of a function code, a class, or a class display member, an increase or decrease in a string having uniqueness among the code files, and a change in the code execution flow For example, adding a jump to the library function XX). For non-code type vulnerabilities, the vulnerability characteristic may be any one of, for example, an increase in character string characteristics, deletion of character string characteristics, modification of character string characteristics, increase or deletion of files, and deletion of files. May be an increase or deletion of a library.

S103, at least one vulnerability feature of the vulnerability is sent to the electronic device.

Specifically, at least one vulnerability feature of the vulnerability is sent to the electronic device so that the electronic device detects the vulnerability.

In the method for obtaining vulnerability characteristics according to the present embodiment, after obtaining the vulnerability patch information of the vulnerability, determining whether the vulnerability is a code-type vulnerability or a non-code type vulnerability based on the vulnerability patch information, and then responds to the type of vulnerability. At least one vulnerability feature of the vulnerability is extracted based on the vulnerability analysis engine, and finally, at least one vulnerability feature of the vulnerability is sent to the electronic device. Different types of vulnerabilities correspond to different types of vulnerability analysis engines, and since the vulnerability analysis engine is pre-built based on different types of vulnerabilities, the vulnerability features of the vulnerability can be acquired online and the efficiency of obtaining the vulnerability features It is possible to reduce the maintenance cost of the system vulnerability library without the need to artificially analyze and acquire the vulnerability characteristics.

3 is a flowchart of Embodiment 2 of a method for obtaining a vulnerability characteristic according to the present application. In the present embodiment, the execution subject may be the device for obtaining a vulnerability feature shown in FIG. 1, and as shown in FIG. 3, the method of this embodiment is based on the method shown in FIG. 2, and additionally, before S103. It may further include the following steps.

S104, For each vulnerability characteristic among at least one vulnerability characteristic of the vulnerability, the operating entity of the vulnerability characteristic is determined based on the source code of the vulnerability characteristic or the code file in which the source file is located, and the vulnerability characteristic and the operating entity of the vulnerability are identified. Acquire.

Specifically, the operating entity is the corresponding application (APP) or system software when the code file is executed on the Android system, and if only the vulnerability feature is sent to the electronic device, the operating entity should be attempted upon detection, and detection is slower. , Vulnerability characteristics of the vulnerability are obtained through S102, the operation entity of each vulnerability characteristic is determined, and used for subsequent vulnerability detection, and each vulnerability determines the corresponding operation entity, and accordingly, the vulnerability detection efficiency Can improve. The source code or source file of the vulnerability can be obtained based on the vulnerability patch information of the vulnerability, the source code corresponds to the vulnerability of the code type, and the source file corresponds to the vulnerability of the non-code type. Specifically, when a plurality of vulnerability features of one vulnerability exist, the operating entities of the plurality of vulnerability features may be the same or may be different from each other.

Correspondingly, S103 may specifically be a step (S103') of sending an operating entity corresponding to the at least one vulnerability characteristic of the vulnerability to an electronic device.

In the method for obtaining vulnerability characteristics according to the present embodiment, after obtaining the vulnerability patch information of the vulnerability, it determines whether the vulnerability is a code type vulnerability or a non-code type vulnerability based on the vulnerability patch information, and further responds to the type of vulnerability. At least one vulnerability feature of the vulnerability is extracted based on the vulnerability analysis engine, and then each of the extracted vulnerability features determines the operating entity of the vulnerability feature based on the source code of the vulnerability feature or the code file in which the source file is located. Finally, an operational entity corresponding to at least one vulnerability characteristic of the vulnerability is sent to the electronic device. Since different types of vulnerabilities correspond to different types of vulnerability analysis engines, and the vulnerability analysis engine is built in advance based on different types of vulnerabilities, by obtaining online the operational entity rules corresponding to the vulnerability characteristics of the vulnerability, It is possible to reduce the maintenance cost of the system vulnerability library because it improves the efficiency of acquiring the vulnerability features and does not need to be acquired by artificially analyzing the vulnerability features.

4 is a flowchart of Embodiment 3 of a method for obtaining a vulnerability characteristic according to the present application. In the present embodiment, the execution subject may be the device for acquiring the vulnerability characteristics shown in FIG. 1, and as shown in FIG. 4, the method of the present embodiment may include the following steps.

S201, After obtaining the vulnerability patch information of the vulnerability, the type of the vulnerability is determined based on the vulnerability patch information, but the type includes the vulnerability of the code type and the vulnerability of the non-code type.

Here, the acquisition of the vulnerability patch information of the vulnerability may be obtained from the safety announcement information on the Android official site, and the description of S101 may be referred to for a specific acquisition process, and duplicate descriptions are omitted here. If the vulnerability patch information of the vulnerability includes the source code of the vulnerability and the recovery code of the vulnerability, it can be determined that the type of vulnerability is the vulnerability of the code type, and S202 is performed; If the vulnerability patch information of the vulnerability includes the source file of the vulnerability and the recovery file of the vulnerability, it can be determined that the type of vulnerability is a non-code type vulnerability, and S203 is performed.

S202, at least one vulnerability feature of the vulnerability is extracted based on the vulnerability analysis engine corresponding to the vulnerability of the code type.

Here, the code analysis engine corresponds to the vulnerability of the code type, and codes of different languages correspond to different code analysis engines, for example, C/C++ code analysis engines, Java code analysis engines, and kernel code analysis engines.

In one possible embodiment, S202 may be to perform the following operation through the vulnerability analysis engine corresponding to the vulnerability of the code type.

S2021, Parsing of the corresponding coding language for the source code of the vulnerability and the recovery code of the vulnerability is performed, and at least one difference information between the source code of the vulnerability and the recovery code of the vulnerability is determined based on the parsing result, but the difference The information may be, for example, the increase or decrease of the function code, the class or the class display member definition, the increase or decrease of the string having uniqueness in the code file, or the change of the code execution flow (e.g., adding a jump to the library function XX) It could also be.

S2022, Based on at least one difference information, the vulnerability characteristics of the vulnerability are determined, and one difference information corresponds to one vulnerability characteristic, that is, after determining the difference information, one difference information is determined as one vulnerability characteristic. do.

Vulnerability patch information of a vulnerability to be described later is given as an example.

---a/src/android、SkAandroidFrameworkUtils.cpp

+++b src/android、SkAandroidFrameworkUtils.cpp

@@-17,7+17,9@@

#include"effects/GrDisableColorXP.h"

#endif//SK_SUPPORT_GPU

-#ifdef SK_BUILD_FOR_ANDROID

+#ifdef SK_BUILD_FOR_ANDROID_FRAMWORK

+

+# include<log/log.h>

#if SK_ SUPPORT_GPU

Bool SkAndroidFrameworkUtils::clipWithStencil(skcanvas*canvas)｛

@@-52,5 +54,9@@

｝

# end if//SK_SUPPORT_GPU

-end if// SK_BUILD_FOR_ANDROID

+void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)

｛

+ android_errorwritelog(0x534e4554,bugNumber);

+｝

+

+#end if// SK_BUILD_FOR_ANDROID_FRAMWORK

In the vulnerability patch information of the above described vulnerability, the code with "-" in front of the code is the source code of the vulnerability, and the code with "+" in front of the code is the recovery code for the vulnerability, and some of them "

-end if// SK_BUILD_FOR_ANDROID

+void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)

｛

+ android_errorwritelog(0x534e4554,bugNumber);"

"

Based on, it can be analyzed that the method "void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)" has been increased in the corresponding class implementation, and the corresponding method "void SKAndroidFrameworkUtils::safet8Netlog(const char*bugNumber)" is just one It is a vulnerability characteristic.

In this embodiment, the source code of the vulnerability and the recovery code of the vulnerability are parsed for the corresponding coding language through the vulnerability analysis engine corresponding to the vulnerability of the code type, and based on the result of the parsing analysis, the source code and the vulnerability of the vulnerability It is possible to implement at least one difference information of the recovery code of the code and determine the difference information as one vulnerability feature to acquire the vulnerability features of the vulnerability of the code type online, and improve the efficiency of obtaining the vulnerability features. Let it.

S203, At least one vulnerability feature of the vulnerability is extracted based on the vulnerability analysis engine corresponding to the non-code type vulnerability.

Corresponding to non-code type vulnerabilities is a file analysis engine, such as a configuration file analysis engine. In one possible embodiment, S203 may be to perform the following operation through a vulnerability analysis engine corresponding to a non-code type vulnerability.

S2031, at least one change information of the source file of the vulnerability and the recovery file of the vulnerability is determined, and the change information is any one of increase of character string feature, deletion of character string feature, modification of character string feature, increase of file and deletion of file Including, wherein the increase or deletion of a file may be an increase or deletion of a library.

In step S2032, a code file in which the source file of the vulnerability is located is determined, and in the code file in which the source file of the vulnerability is located, it is searched whether each change information has uniqueness among at least one change information.

S2033, change information with uniqueness is determined as the vulnerability characteristic of the vulnerability.

In this embodiment, the change information between the source file of the vulnerability and the recovery file of the vulnerability is determined through the vulnerability analysis engine corresponding to the vulnerability of the non-code type, and each change information is unique in the code file where the source file of the vulnerability is located. It is determined whether or not is provided, and the change information having uniqueness is determined as the vulnerability characteristic of the vulnerability. Accordingly, the purpose of acquiring the vulnerability characteristics of non-code type vulnerabilities online can be achieved, and the efficiency of acquiring the vulnerability characteristics is improved.

S204, for each vulnerability characteristic among the at least one vulnerability characteristic of the vulnerability, by determining the operating entity of the vulnerability characteristic based on the source code of the vulnerability characteristic or the code file in which the source file is located, the vulnerability characteristic and the operating entity of the vulnerability To obtain.

Here, in one possible embodiment, determining the operating entity of the vulnerability feature based on the source code of the vulnerability feature or the code file in which the source file is located is specifically:

S2041, the source code of the vulnerability feature or the code file in which the source file is located is determined.

S2042, the operation entity of the code file is searched for from the compilation configuration file of the code file, and the operation entity of the vulnerability characteristic is determined based on the operation entity of the code file.

Here, each version of the system corresponds to one compilation configuration file, and the compilation configuration file stores the mapping relationship between the code file and the corresponding operation entity, so the operation entity of the code file from the compilation configuration file of the code file And, based on the operating entity of the code file, the operating entity of the vulnerability characteristic can be determined. By determining the operational entity of the vulnerability feature, it facilitates subsequent vulnerability detection. Specifically, when each vulnerability feature is detected, the corresponding feature detection code is compiled based on the vulnerability feature, and the feature detection code is executed on the corresponding operating entity on the detection target electronic device to determine whether the vulnerability feature exists. By detecting, the purpose of detecting fragility can be achieved and detection efficiency can be improved.

On the basis of the embodiment shown in any one of FIGS. 2 to 4, additionally, by verifying the acquired vulnerability features, it is possible to improve the accuracy of obtaining the vulnerability features. Taking the method shown in FIG. 5 as an example, FIG. 5 is a flowchart of Embodiment 4 of a method for obtaining vulnerability features according to the present application. As shown in Fig. 5, the method of this embodiment may further include the following steps after S204.

S205, at least one vulnerability feature of the vulnerability is passed through a pre-built test target drone cluster to perform a test verification to obtain the verified vulnerability feature, but the test target drone cluster is connected to the test target drone from which the vulnerability has been restored. Includes drones under test for which vulnerabilities have not been repaired.

Here, the test target drone cluster is a plurality of test target drones built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions, and the test target drone cluster is the test target drone and the vulnerability from which the vulnerability has been restored. Including the unrecovered test target drone, the test target drone whose vulnerability has been restored cannot detect the vulnerability feature, and the test drone whose vulnerability has not been restored can detect the vulnerability feature. Only in this way, the accuracy of the acquired vulnerability characteristics can be ensured, and the drone to be tested can be configured in common with a virtual machine (for example, Gen8motion virtual machine) and a real machine, where the Gen8motion virtual machine is an Android simulator and provides an Android simulation environment. . The drone cluster under test is built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions, and each test drone has one Android system version, one processor architecture platform, and one safety patch. Since it corresponds to the version, it is possible to secure the completeness and accuracy of the verification accordingly.

S206, The vulnerability characteristics that have passed verification are determined as the vulnerability characteristics of the vulnerability.

The acquired vulnerability features are tested and verified in a pre-built test target drone cluster, and the vulnerability features and operational entities that pass verification are the final vulnerability features of the vulnerability, improving the accuracy of vulnerability acquisition and improving the probability of false alarms of the vulnerability features. I can make it.

Optionally, when a vulnerability feature that has not passed the verification is acquired in S205, the method of the present embodiment may further include displaying the vulnerability feature that has not passed the verification (S207).

Vulnerability features that did not pass verification are displayed to the user, the user (i.e. developer) analyzes the cause of the vulnerability features that did not pass verification, and the cause of the vulnerability feature that did not pass verification is found by the operational entity. It may include any one of not, the vulnerability feature not found from the corresponding operational entity, the vulnerability feature does not show a difference in the contrast version of the corresponding operational entity, and a lack of execution privileges. After analyzing the cause, the user can enter the cause of the vulnerability feature that did not pass verification. Additionally, the method of this embodiment may further include the following steps.

S208, the cause of the vulnerability feature that did not pass the verification entered by the user is received, and the vulnerability analysis engine is increased or the vulnerability analysis engine is modified based on the cause of the vulnerability feature that did not pass the verification. It can assist in acquiring accurate vulnerability features, additionally improves the accuracy of vulnerability acquisition, and lowers the probability of false alarms of the vulnerability features.

In the method for acquiring vulnerability features according to the present embodiment, the acquired vulnerability features are tested and verified in a pre-built test target drone cluster, and the vulnerability features and operation entities that pass the verification are the final vulnerability features and operation entities, For the vulnerability features that did not pass the verification, the vulnerability analysis engine can be increased based on the cause of the vulnerability feature that did not pass the verification entered by the user, or the vulnerability analysis engine can be modified to assist in acquiring accurate vulnerability features. In addition, it improves the accuracy of acquiring vulnerabilities and lowers the probability of false alarms of vulnerability features.

6 is a structural diagram of an apparatus for acquiring a vulnerability feature according to the present application. As shown in Fig. 6, the vulnerability characteristic acquisition device 100 of the present embodiment may include an acquisition module 11, a determination module 12, an extraction module 13, and a sending module 14, where, The acquisition module 11 is for acquiring the vulnerability patch information of the vulnerability, the determination module 12 is for determining the type of vulnerability based on the vulnerability patch information, and the type is the vulnerability of the code type and the vulnerability of the non-code type. Including, the extraction module 13 is for extracting at least one vulnerability feature of the vulnerability based on the vulnerability analysis engine corresponding to the type of vulnerability, and the sending module 14 is for extracting at least one vulnerability feature of the vulnerability. It is intended to be sent to electronic devices.

In addition, the determination module 12 is also configured to determine the operating entity of the vulnerability characteristic based on the source code of the vulnerability characteristic or a code file in which the source file is located, for each vulnerability characteristic among the at least one vulnerability characteristic of the vulnerability. will be.

Correspondingly, the sending module is for sending the operating entity corresponding to the at least one vulnerability characteristic of the vulnerability to the electronic device.

Optionally, the vulnerability patch information of the vulnerability includes the source code of the vulnerability and the recovery code of the vulnerability, and the extraction module 12 is through a vulnerability analysis engine corresponding to the type of vulnerability,

Parsing a corresponding coding language for the vulnerability source code and the vulnerability recovery code;

At least one difference information between the source code of the vulnerability and the recovery code of the vulnerability is determined based on the result of the syntax analysis, the vulnerability characteristics of the vulnerability are determined based on the at least one difference information, and the difference information is one vulnerability characteristic Corresponding to; To perform the operation.

Optionally, the vulnerability patch information of the vulnerability includes a source file of the vulnerability and a recovery file of the vulnerability, and the extraction module 12,

Through the vulnerability analysis engine corresponding to the type of vulnerability,

At least one change information of the source file of the vulnerability and the recovery wave of the vulnerability is determined, and the change information includes any one of increase of character string, deletion of character string, modification of character string, increase of file, and deletion of file. and;

Determine a code file in which the source file of the vulnerability is located, and determine whether each change information of the at least one change information has uniqueness in the code file in which the source file of the vulnerability is located;

Determining change information having uniqueness as a vulnerability characteristic of the vulnerability; To perform the operation.

Additionally, the determination module 12 is specifically,

Determine the source code of the vulnerability feature or a code file in which the source file is located;

This is to search for an operating entity of the code file from the compilation configuration file of the code file, and to determine the operating entity of the vulnerability feature based on the operating entity of the code file.

The apparatus of the present embodiment can perform the technical solution of the method embodiment shown in Fig. 2 or 3 or 4, and the implementation principle and technical effect are similar, and thus a redundant description is omitted here.

7 is a structural diagram of an apparatus for acquiring a vulnerability feature according to the present application. As shown in FIG. 7, the apparatus 200 for obtaining vulnerability characteristics according to the present embodiment may further include a verification module 15 on the basis of the apparatus shown in FIG. 6.

The verification module 15 is for performing test verification by passing at least one vulnerability feature of the vulnerability through a pre-built test target drone cluster to obtain a vulnerability feature that has passed the verification, and the test target drone cluster This includes drones under test that have recovered vulnerabilities and drones under test with no vulnerabilities recovered.

The determination module 14 is also for determining the vulnerability characteristic that has passed the verification as the vulnerability characteristic of the vulnerability.

Optionally, the drone cluster under test is built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions.

The apparatus of the present embodiment can perform the technical solution of the method embodiment shown in FIG. 5, and the implementation principle and technical effect are similar, and thus, a redundant description is omitted here.

8 is a structural diagram of an apparatus for acquiring a vulnerability feature according to the present application. As shown in FIG. 8, the apparatus 300 for obtaining vulnerability characteristics according to the present embodiment may further include a display module 16 on the basis of the apparatus shown in FIG. 7. The corresponding display module 16 is for displaying a vulnerability feature that has not passed the verification when a vulnerability feature that has not passed the verification is acquired.

Additionally, it may further include a receiving module 17 and a processing module 18, where the receiving module 18 is for receiving the cause of the vulnerability characteristic that did not pass the verification input by the user, and the processing module (19) is to increase the vulnerability analysis engine or modify the vulnerability analysis engine based on the cause of the vulnerability feature that did not pass verification.

The apparatus of the present embodiment can perform the technical solution of the method embodiment shown in FIG. 5, and the implementation principle and technical effect are similar, and thus, a redundant description is omitted here.

According to an embodiment of the present application, the present application further provides a computer program stored in a computer-readable storage medium, at least one processor of the electronic device can read computer instructions from the readable storage medium, and at least one processor Executes a computer program to cause the electronic device to perform the method according to any of the above-described embodiments.

According to an embodiment of the present application, the present application further provides an electronic device and a readable storage medium.

Referring to FIG. 9, FIG. 9 is a block diagram of an electronic device for a method of obtaining a vulnerability characteristic according to an embodiment of the present application. Electronic devices refer to various types of digital computers, such as laptop computers, desktop computers, workstations, personal information terminals, servers, blade servers, large computers, and other suitable computers. Electronic devices may refer to various types of mobile devices, such as personal information terminals, cell phones, smart phones, wearable devices, and other similar computing devices. The members disclosed herein, their connections and relationships, and their functions are merely exemplary, and are not intended to limit the implementation of the present application as disclosed and/or required by the text.

As shown in Fig. 9, the electronic device includes one or more processors 801, a memory 802, and an interface including a high-speed interface and a low-speed interface for connecting each member. Each member is connected to each other through a different bus, and can be mounted on a common main board or mounted in other ways according to demand. The processor may process commands executed in the electronic device, and is stored in or on the memory to provide commands to display graphic information of the GUI on an external input/output device (eg, a display device coupled to an interface). Can include. In other embodiments, a plurality of processors and/or a plurality of buses and a plurality of memories may be used together, depending on demand. Likewise, it is possible to connect multiple electronic devices, each of which provides some necessary operation (eg, as a server array, a set of blade servers, or as a multiprocessor system). 9 shows one processor 801 as an example.

The memory 802 is a non-transitory computer-readable storage medium according to the present application. Here, the memory stores instructions that can be executed by at least one processor, so that at least one processor performs the method for obtaining vulnerability characteristics according to the present application. The non-transitory computer-readable storage medium of the present application stores computer instructions, and the computer instructions cause the computer to perform the method for obtaining vulnerability characteristics according to the present application.

The memory 802 is a non-transitory computer-readable storage medium, such as a non-transitory software program, a non-transitory computer executable program and module, for example, a program instruction/module corresponding to the method for obtaining vulnerability characteristics according to the embodiment of the present application (for example, For example, the acquisition module 11, the determination module 12, the extraction module 13, and the sending module 14 shown in FIG. 6 may be stored. The processor 801 executes non-transitory software programs, instructions, and modules stored in the memory 802 to perform various functional applications and data processing of the server. That is, a method of obtaining a vulnerability characteristic among the above-described method embodiments is implemented.

The memory 802 may include a program storage area and a data storage area. Here, the program storage area may store an operating system and an application program required for at least one function. The data storage area may store data configured according to the use of electronic devices. Meanwhile, the memory 802 may include a high-speed random access memory, and may include, for example, a non-transitory memory such as at least one magnetic storage device, a flash memory, or other non-transitory solid state storage device. In some embodiments, memory 802 may optionally include memory that is installed remotely to processor 801. These remote memories can be connected to electronic devices through a network. Examples of the above-described network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and a combination thereof.

The electronic device for the method of obtaining the vulnerability characteristic may further include an input device 803 and an output device 804. The processor 801, the memory 802, the input device 803, and the output device 804 may be connected by a bus or other method, and FIG. 9 illustrates the connection through a bus.

The input device 803 may receive input number or character code information, and may generate a key signal input for user setting and function control of an electronic device. For example, there are input devices such as a touch screen, a keypad, a mouse, a track pad, a touch panel, an instruction lever, one or more mouse buttons, a track ball, and a control lever. The output device 804 may include a display device, an auxiliary lighting device (eg, an LED), a tactile feedback device (eg, a vibration motor), and the like. The display device may include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display, and a plasma display. In some embodiments, the display device may be a touch screen.

Various embodiments of the systems and technologies described herein may be implemented in digital electronic circuit systems, integrated circuit systems, dedicated ASICs (dedicated integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or a plurality of computer programs, and the one or a plurality of computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, and the corresponding programmable The processor may be a dedicated or general purpose programmable processor, and may receive data and commands from a storage system, at least one input device, and at least one output device, and transmit data and commands to the storage system and at least one input device. , And transmits to the at least one output device.

Such computer programs (also referred to as programs, software, software applications, or code) contain mechanical instructions of a programmable processor, and use high-level process and/or object-oriented programming languages, and/or assembly/mechanical languages to execute such computer programs. You can do it. For example, the terms "machine-readable medium" and "computer-readable medium" as used herein refer to any computer program product, device, and/or device (e.g., A magnetic disk, an optical disk, a memory, a programmable logic device (PLD)) and a machine-readable medium for receiving mechanical instructions that are machine-readable signals. The term “machine-readable signal” refers to any signal for providing mechanical instructions and/or data to a programmable processor.

In order to provide interaction with the user, the systems and techniques described herein can be implemented on a computer, and the computer can be used with a display device (e.g., CRT (cathode tube) or LCD ( Liquid crystal display) monitor); And a keyboard and a pointing device (eg, a mouse or a trackball), and a user may provide an input to the computer through the keyboard and the corresponding pointing device. Other types of devices may also provide interactions with users. For example, the feedback provided to the user can be any form of sensing feedback (eg, visual feedback, auditory feedback, or tactile feedback); Input from the user may be received through any form (sound input, voice input, or tactile input).

The systems and technologies described herein include computing systems including background members (e.g., as a data server), or computing systems including intermediate members (e.g., application servers), or computing including front-end members. System (e.g., a user computer having a graphical user interface or an Internet browser, the user may interact with the embodiments of the systems and technologies described herein through a corresponding graphical user interface or an Internet browser), or such a background It can be implemented in any combination of computing systems including members, intermediate members, or front end members. The members of the system can be interconnected through digital data communication (eg, a communication network) in any form or medium. Examples of communication networks include a local area network (LAN), a wide area network (WAN), and the Internet.

The computer system can include clients and servers. Clients and servers are generally far apart from each other and typically interact over a communication network. A client-server relationship is created through a computer program that runs on the corresponding computer and has a client-server relationship with each other.

According to the technical solution of the embodiment of the present application, after acquiring the vulnerability patch information of the vulnerability, it is determined whether the vulnerability is a code type vulnerability or a non-code type vulnerability based on the vulnerability patch information, and then Extracts at least one vulnerability feature of the vulnerability based on the vulnerability analysis engine, and, for each of the last extracted vulnerability features, determines the operating entity of the vulnerability feature based on the source code of the vulnerability feature or the code file in which the source file is located. In this way, the vulnerability characteristics and operational entities of the vulnerability are acquired. Different types of vulnerabilities correspond to different types of vulnerability analysis engines, and the vulnerability analysis engines are built in advance based on different types of vulnerabilities. It is possible to obtain vulnerability features online, improve the efficiency of obtaining vulnerability features, and reduce the maintenance cost of a system vulnerability library without the need to artificially analyze and obtain the vulnerability features.

Steps can be rearranged, added, or deleted using the various types of processes described above. For example, each step described in the present application may be performed in parallel, may be performed sequentially, or may be performed in a different order, and if the technical solution disclosed in the present application can obtain the desired result, the text is It is not limited about.

The specific embodiments described above are not limited to the scope of protection of the present application. Those of ordinary skill in the art will appreciate that various modifications, combinations, sub-combinations and substitutions can be made based on design needs and other factors. All modifications, equivalent substitutions and improvements made within the spirit and principle of this application should be considered to fall within the scope of protection of this application.

Claims (22)

After acquiring the vulnerability patch information of the vulnerability, determining the type of the vulnerability based on the vulnerability patch information, the type including a vulnerability of a code type and a vulnerability of a non-code type;
Extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability;
And sending at least one vulnerability feature of the vulnerability to an electronic device.
The method of claim 1, wherein the method comprises:
For each vulnerability characteristic among the at least one vulnerability characteristic of the vulnerability, determining an operation entity of the vulnerability characteristic based on a source code of the vulnerability characteristic or a code file in which the source file is located; further comprising
The step of sending at least one vulnerability feature of the vulnerability to an electronic device,
And sending an operational entity corresponding to the at least one vulnerability characteristic of the vulnerability to an electronic device.
The method of claim 1,
The vulnerability patch information of the vulnerability includes the source code of the vulnerability and the repair code of the vulnerability, and the step of extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability,
Through the vulnerability analysis engine corresponding to the type of vulnerability,
Parsing a corresponding coding language for the vulnerability source code and the vulnerability recovery code;
At least one difference information between the source code of the vulnerability and the recovery code of the vulnerability is determined based on a result of the syntax analysis, and the vulnerability characteristic of the vulnerability is determined based on the at least one difference information, but the difference information is Corresponding to one vulnerability feature; A method comprising the step of performing an operation.
The method of claim 1,
The vulnerability patch information of the vulnerability includes the source file of the vulnerability and the recovery file of the vulnerability, and the step of extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability,
Through the vulnerability analysis engine corresponding to the type of vulnerability,
At least one change information of the source file of the vulnerability and the recovery file of the vulnerability is determined, and the change information is any of an increase in character string feature, deletion of character string feature, modification of character string feature, increase of file, Contains one;
Determining a code file in which the source file of the vulnerability is located, and searching whether each change information among the at least one change information has uniqueness in the code file in which the source file of the vulnerability is located;
And determining change information having uniqueness as a vulnerability characteristic of the vulnerability; performing an operation.
The method of claim 2,
The step of determining the operation entity of the vulnerability characteristic based on the source code of the vulnerability characteristic or a code file in which the source file is located,
Determining a source code of the vulnerability feature or a code file in which the source file is located;
And retrieving an operating entity of the code file from a compilation configuration file of the code file, and determining an operating entity of the vulnerability feature based on the operating entity of the code file.
The method of claim 2,
The step of determining the operation entity of the vulnerability characteristic based on the source code of the vulnerability characteristic or a code file in which the source file is located,
Determining a source code of the vulnerability feature or a code file in which the source file is located;
And retrieving an operating entity of the code file from a compilation configuration file of the code file, and determining an operating entity of the vulnerability feature based on the operating entity of the code file.
The method of claim 6,
The method of claim 1, wherein the test target drone cluster is built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions.
The method of claim 6, wherein the method,
And when a vulnerability feature that does not pass verification is obtained, displaying the vulnerability feature that does not pass verification.
The method of claim 8, wherein the method comprises:
Receiving a cause of a vulnerability feature that fails to pass the verification input from a user;
And increasing the vulnerability analysis engine or modifying the vulnerability analysis engine based on the cause of the vulnerability feature that did not pass the verification.
An acquisition module for acquiring vulnerability patch information of a vulnerability;
A determination module determining the type of vulnerability based on the vulnerability patch information, the type including a code type vulnerability and a non-code type vulnerability;
An extraction module for extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability;
And a sending module for sending at least one vulnerability feature of the vulnerability to an electronic device.
The method of claim 10,
The determination module also,
For each of the at least one vulnerability feature of the vulnerability, determining an operating entity of the vulnerability feature based on a source code of the vulnerability feature or a code file in which the source file is located;
The sending module,
And sending an operating entity corresponding to the at least one vulnerability characteristic of the vulnerability to an electronic device.
The method of claim 10,
The vulnerability patch information of the vulnerability includes a source code of the vulnerability and a recovery code of the vulnerability, and the extraction module,
Through the vulnerability analysis engine corresponding to the type of vulnerability,
Parsing a corresponding coding language for the vulnerability source code and the vulnerability recovery code;
At least one difference information between the source code of the vulnerability and the recovery code of the vulnerability is determined based on a result of the syntax analysis, and the vulnerability characteristic of the vulnerability is determined based on the at least one difference information, but the difference information is Corresponding to one vulnerability feature; A device, characterized in that it performs an operation.
The method of claim 10,
The vulnerability patch information of the vulnerability includes a source file of the vulnerability and a recovery file of the vulnerability, and the extraction module,
Through the vulnerability analysis engine corresponding to the type of vulnerability,
At least one change information of the source file of the vulnerability and the recovery file of the vulnerability is determined, and the change information is any of an increase in character string feature, deletion of character string feature, modification of character string feature, increase of file, Contains one;
Determining a code file in which the source file of the vulnerability is located, and searching whether each change information among the at least one change information has uniqueness in the code file in which the source file of the vulnerability is located;
And determining change information having uniqueness as a vulnerability characteristic of the vulnerability; and performing an operation.
The method of claim 11, wherein the determination module,
Determining a source code of the vulnerability feature or a code file in which the source file is located;
And searching for an operating entity of the code file from a compilation configuration file of the code file, and determining an operating entity of the vulnerability characteristic based on the operating entity of the code file.
The method according to any one of claims 10 to 14, wherein the device,
Test verification is performed by passing at least one vulnerability feature of the vulnerability through a pre-built test target drone cluster to obtain a vulnerability feature that has passed the verification, but the test target drone cluster is Further comprising a verification module including the drone to be tested for which the vulnerability has not been recovered;
And the determination module further determines the vulnerability feature that has passed the verification as the vulnerability feature of the vulnerability.
The method of claim 15,
The device, wherein the test target drone cluster is built on the basis of different Android system versions, different processor architecture platforms, and different safety patch versions.
The method of claim 15, wherein the device,
The apparatus further comprising a display module configured to display the vulnerability feature that has not passed the verification when a vulnerability feature that has not passed the verification is acquired.
The method of claim 17, wherein the device,
A receiving module configured to receive a cause of a vulnerability feature that fails to pass the verification input from a user;
And a processing module for increasing the vulnerability analysis engine or modifying the vulnerability analysis engine based on the cause of the vulnerability feature that has not passed the verification.
At least one processor; And
Including; a memory that is communicatively connected to the at least one processor,
The method according to any one of claims 1 to 9, wherein an instruction executable by the at least one processor is stored in the memory, and the instruction is executed by the at least one processor. Electronic device, characterized in that to be able to perform.
A non-transitory computer-readable storage medium having computer instructions stored thereon, wherein the computer instructions enable the computer to perform the method according to any one of claims 1 to 9.
After acquiring the vulnerability patch information of the vulnerability, determining the type of the vulnerability based on the vulnerability patch information;
Extracting at least one vulnerability feature of the vulnerability based on a vulnerability analysis engine corresponding to the type of vulnerability;
And sending at least one vulnerability feature of the vulnerability to an electronic device.
In the computer program stored in a computer-readable storage medium,
A computer program implementing the method according to any one of claims 1 to 9 when the computer program is executed by a processor.

Images