RU2622622C1 - System to analyse software for absence of undeclared capabilities - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: control system of absence of undeclared capabilities in software, including a block of found control flow store for test software, an source software texts file storage block, a block of breakpoints setting to source files of software texts, a block for compiling source text files of software with set breakpoints, a block of execution of compiled software files, a block of a saved list of passed breakpoints, a block of storage of trails routes of compiled software files execution, a block of storage of a list of potentially dangerous software structures, a block of potentially dangerous software structures search in software source text files, a block of expert updating of automated analysis results, a block for potentially dangerous software structures testing, a block for saving results, wherein there are additional blocks: of initial state preservation of software source texts, of check for source texts redundancy, of analysis and of context information systematization.

EFFECT: increased reliability of software analysis results on absence of undeclared capabilities.

4 dwg

Description

The invention relates to computer technology, namely to information computer systems and networks, and can be used to protect the information resources of workstations and servers, their components, programs or data from unauthorized activity, as well as in the analysis of the source code of software (software), including during certification testing of software for the absence of undeclared capabilities (NDV).

Interpretation of terms used in the application:

undeclared features - software functionality that is not described or does not correspond to those described in the documentation, the use of which may violate the confidentiality, accessibility or integrity of the processed information (Guidance document “Protection against unauthorized access to information. 4.1. Software for information protection. Classification by level of control of the absence of undeclared opportunities ”). The implementation of undeclared features, in particular, are software bookmarks;

software bookmarks - functional objects intentionally introduced into the software that, under certain conditions (input data), initiate the execution of software functions not described in the documentation that lead to a violation of the confidentiality, accessibility or integrity of the processed information (Guidance document “Protection against unauthorized access to information. Part 1. Information security software - Classification by level of control of the absence of undeclared capabilities her").

A known control system for the absence of undeclared capabilities in software (RF Patent No. 2434272, CL G06F 17/00, publ. 20.11.2011. Bull. No. 32). The system comprises a unit for saving found control flows of the studied software, a unit for storing software source files, a unit for setting control points in source files, a unit for compiling source files with installed control points, a unit for executing compiled files, a unit for saving the list of passed control points, block for saving paths for compiled file execution routes, block for storing a list of potentially dangerous software structures , block for searching for potentially dangerous software structures in source files, block for expert correction of automated analysis results, block for saving final results, block for storing a complete list of possible classification signs of software, block for predicting software capabilities, block for storing a list of potential software features, block registration of software actions, unit for monitoring compliance of actions performed by software with A list of alleged software features.

The disadvantage of this system is the low reliability of the results due to the lack of procedures for fixing and monitoring the initial state and checking the redundancy of the source texts.

A known system for monitoring the absence of undeclared capabilities in software (RF Patent No. 2419135, CL G06F 12/16, G06F 11/30, published on 05/20/2011. Bull. No. 14). The system comprises a unit for storing found control flows of the software under study, a unit for storing software source files, a unit for setting control points in software source files, a compilation unit for software source files with installed control points, a unit for executing compiled software files, a unit saving the list of passed control points, the block for saving the routes of the execution routes compiled x software files, a block for storing a list of potentially dangerous software structures, a block for searching for potentially dangerous software structures in software source files, an expert correction block for automated analysis results, a block for saving final results, a Petri net building block for software source files, an analysis block and marking of branches of Petri nets that are excluded from further processing, a block for storing optimized source texts.

The disadvantages of this system are the low reliability of the results of the work due to the lack of a procedure for fixing and monitoring the initial state, incomplete static analysis (in particular, the analysis of the redundancy of the source texts is not carried out) and the discrepancy with the requirements for the static analysis of the source texts of the programs presented in the Guidance document “Protection from unauthorized access to information. Part 1. Information security software. Classification by level of control of the absence of undeclared opportunities. ”

The closest in its technical essence and functions performed analogue (prototype) to the claimed system is a system for monitoring the absence of undeclared capabilities in software (RF Patent No. 2434265, CL G06F 11/00, published on November 20, 2011, Bull. No. 32). The system comprises a unit for storing found control flows of the software under study, a unit for storing software source files, a unit for setting control points in software source files, a compilation unit for software source files with installed control points, a unit for executing compiled software files, a unit saving the list of passed control points, the block for saving the routes of the execution routes compiled x files, software, storage unit a list of potentially dangerous software designs, search block potentially dangerous software designs in the files of initial software texts, block peer adjusting the results of automated analysis, the unit of conservation outcomes, unit testing of potentially dangerous software designs.

The control of the absence of undeclared capabilities in the software consists in the fact that the source files of the software from input 12, after being saved in block 2, go to block 3, where the control points are set to files, as well as the procedures and functions of the source texts. After that, the source files of the software with the installed control points arrive in block 4, where they are compiled. Compiled source files go to block 5, where they are launched for execution, processing requests from compiled files and to them from other executable files, intercepting information about the found control flows of the studied software and transferring it to block 1 for saving, intercepting information about the passed control points and its transfer to block 6 for saving, intercepting information about the passed paths of the routes of execution of the compiled software files and its transfer to the bl to 7 to save. The source files go to block 9, where they search for potentially dangerous software constructs, the list of which comes from block 8. Then, in block 15, potentially dangerous software constructs are tested. A preliminary list of potentially dangerous software structures is generated from input 13. The results of automated analysis of source files come from blocks 1, 6, 7, and 15 to block 10, where they are adjusted using interactive interaction with experts. The resulting final results after saving in block 11 are output 14.

Thus, this system allows a partially automated analysis of source texts for the presence of undeclared features.

The disadvantage of the prototype system is the low reliability due to the lack of procedures for fixing the control of the initial state of the studied software, checking the redundancy of the source texts and searching for contextual information, which does not allow to compare the research results with the control copy (version) of the same software, which leads to high time spent on research, loss of productivity (due to the full cycle of checks of source files of various software versions), as well as a decrease in confidence in ultatam.

The objective of the invention is the creation of a software analysis system for the absence of undeclared capabilities, providing an extension of the functionality of the prototype system by increasing the reliability of the results of the software analysis by fixing the initial state, checking redundancy and analyzing contextual information in the source texts of the software under study. The technical result is to increase the reliability of the results of the analysis of the software for the absence of undeclared capabilities by fixing the initial state, checking the redundancy of the source texts and analyzing the contextual information in the source texts of the studied software.

The objective of the invention is solved in that in a software analysis system for the absence of undeclared capabilities, including a unit for storing found control flows of the studied software, a unit for storing software source files, a unit for setting control points in software source files, a compilation unit for source files software with set breakpoints, execution unit of compiled software files cross sections, a block for saving the list of passed control points, a block for saving paths of routes for executing compiled software files, a block for storing a list of potentially dangerous software structures, a block for searching for potentially dangerous software structures in the source files of software, an expert correction block for automated analysis results, a potential testing block dangerous software constructs, the unit for storing the final results, the input of the file storage unit the source code of the software is connected to the input to receive the files of the source texts of the software, the second output is connected to the input of the search unit for potentially dangerous software structures in the files of the source texts of the software. The output of the control point installation block to the software source files is connected to the input of the software source file compilation block with the installed control points, the output of which is connected to the input of the compiled software file execution block. The first output of the compiled software file execution unit is connected to the input of the storage unit of the found control flows of the studied software, the second output is the input of the storage unit of the list of passed control points, the third output is the input of the unit to save the paths of the paths of the execution of compiled software files. The output of the storage unit for the found control flows of the studied software is connected to the first input of the expert adjustment unit for the results of the automated analysis, the second input of which is connected to the output of the storage unit for the list of passed control points, the third input - with the output of the storage unit for route tracking of the execution of compiled software files, the output is with the input of the unit for saving the final results. The output of the unit for storing the final results is connected to the output of the output of the final results of the control, the second input of the unit for searching for potentially dangerous software structures in the source files of the software is connected to the output of the storage unit for the list of potentially dangerous program structures. The input of the storage block of the list of potentially dangerous software structures is connected to the input of the list of potentially dangerous software structures, the output of the search block of potentially dangerous software structures is connected to the testing block of potentially dangerous software structures, in the source files of the software. The output of the testing block of potentially dangerous software structures is connected to the fourth input of the expert adjustment block of intermediate results, according to the invention, between the first output of the storage block of the source files of the software and the input of the installation block of the control points in the source files of the software additionally entered block fixing the initial state of the source texts software, block checking the redundancy of source texts, block analysis and systematization to ntekstnoy information. The first output of the software source file storage unit is connected to the input of the initial state source fixing unit of the software source. The output of the block for fixing the initial state of the source codes of the software is connected to the input of the block for checking the redundancy of the source texts, the output of which is connected to the input of the block for setting control points in the source files of the software.

The listed set of essential features increases the reliability of the results of the analysis of the software for the absence of undeclared capabilities and provides the ability to use the results of the system when conducting certification testing of the software.

The analysis made it possible to establish that there are no analogues identical to the features of the claimed system, which indicates the compliance of the claimed system with the condition of patentability “novelty”.

Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the popularity of the impact provided by the essential features of the claimed invention, the transformations on the achievement of the specified technical result. Therefore, the claimed invention meets the condition of patentability "inventive step".

The claimed system objects are illustrated by drawings, which show:

FIG. 1 - A block diagram of a software analysis system for the absence of undeclared features.

FIG. 2 - Block diagram of the block fixing the initial state of the source code of the software.

FIG. 3 is a block diagram of a block for checking source redundancy.

Figure 4 - Block diagram of the block analysis and systematization of contextual information.

A diagram of the proposed software analysis system for the absence of undeclared features is shown in FIG. 1, contains a unit for storing the found control flows of the studied software 1, a unit for storing software source files 2, a unit for fixing the initial state of the source software 16, a unit for checking the redundancy of the source texts 17, an analysis and systematization unit for contextual information 18, a control installation unit points to the software source files 3, the compilation unit of the software source files with the set control points 4, the execution locus for compiled software files 5, the unit for saving the list of passed control points 6, the unit for saving paths of routes for executing compiled software files 7, the unit for storing the list of potentially dangerous software structures 8, the unit for searching for potentially dangerous software structures in the source files of software 9, block for expert adjustment of the results of automated analysis 10, block for testing potentially dangerous software designs 15, the unit for storing the final results 11, and the input of the storage unit of the source files of the software 2 is connected to the input of receiving the source files of the software 12, the first output is the input of the unit for fixing the initial state of the source texts of the software 16, the second output is the input of the search for potentially dangerous software structures in the source files of the software 9, the output of the block fixing the initial state of the source code of the software 16 is connected to in the course of the source redundancy check unit 17, the output of the source redundancy check unit 17 is connected to the input of the context analysis and systematization unit 18 whose output is connected to the input of the control point setting unit to the software source files 3, the output of which is connected to the input of the file compilation unit source codes of software with set control points 4, the output of which is connected to the input of the execution unit of compiled software files 5, the first output of which is connected to the input of the storage unit of the found control flows of the studied software 1, the second output - with the input of the storage unit of the list of passed control points 6, the third output - with the input of the storage unit of the trace route of the execution of compiled software files 7, the output of the block saving the found control flows of the investigated software 1 is connected to the first input of the expert adjustment unit of the results of the automated analysis 10, the second input to it is connected to the output of the block for saving the list of passed control points 6, the third input is to the output of the block for saving the routes of the routes for compiled software files 7, the output is to the input of the block for saving the final results 11, the output of which is connected to the output of the final results of the control 14, the second the input of the search block of potentially dangerous software structures in the source files of the software is connected 9 to the output of the storage block of the list of potentially dangerous software constants manual 8, the input of which is connected to the input for forming a list of potentially dangerous software structures 13, the output of the block for searching for potentially dangerous software structures 9 is connected to the block for testing potentially dangerous software structures in the source files of software 15, the output of the block for testing potentially dangerous software structures 15 is connected to the fourth input of the block expert adjustment of intermediate results 10.

Sources of the software under study may contain undeclared features. Control of the initial state of the software under study, control of the completeness and absence of redundancy of the source texts, as well as analysis of contextual information allows certification certification studies of software (according to clause 2 and subclause 3.1 of the list of requirements for control levels presented in the Guidance document “Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control of the absence of undeclared capabilities ").

Improving the reliability of the results of the study of the source texts by preventing the introduction of unauthorized changes to them is carried out by fixing the initial state of the files of the studied software. The initial state fixation unit is intended for calculating the checksums of the source texts of the studied software. This block implements the functions of calculating, comparing and storing checksums.

Checking the redundancy of the source texts of the investigated software at the file level is carried out using the assembly of a specialized version of the software containing pre-embedded identification data. These identification data are formed in such a way that when processing the executable files for each of them it would be possible to obtain a complete and break-even list of source files used in its assembly (from the composition provided for research). The use of this block increases the reliability of the results of the study of source texts by eliminating unused source files.

The block of analysis and systematization of contextual information is intended to conduct research on the information contained in the comments of the source texts. This block implements the functions of searching and storing information of comments on the source texts, as well as highlighting fragments of text in the code, which may indicate a description of destructive or undocumented functionality. The use of this block increases the reliability of the results of the study of the source texts due to the study of the narrative in the source code of the software.

The "industrial applicability" of the system is due to the availability of software on the basis of which these blocks can be performed.

A block diagram of a block for fixing an initial state of software source texts is shown in FIG. 2. This block consists of two elements: block 16.1, in which the checksums of the source files are calculated (Fig. 2), block 16.2 (Fig. 2), in which the checksums are compared with the reference ones (specified in the documentation supplied with the software under investigation), and block 16.3, in which the results of checksumming are saved to the report file (Fig. 2). The implementation of blocks 16.1 and 16.2, which are part of block 16, is possible on the basis of certified software, such as: “A fixation and control tool for the initial state of the FIX software package” [www.cbi-info.ru] or “PIK-Echelon” [www .npo-echelon.ru]. The checksum algorithms used by these software tools are widely known and described in the literature [GOST R 34.11-94; GOST R 34.11-2012; RFC 1321; RFC 3174; “The MD5 Message-Digest Algoritm” R. Rivest, MIT Laboratory for Computer Science and RSA Data Security, Inc. 1992].

The block diagram of the source redundancy checker is shown in FIG. 3. This block consists of three elements: block 17.1, this block searches for unused sections of code in the source files of the software under study (Fig. 3), block 17.2 - analyzes the detected redundancy (Fig. 3) and block 17.3, in which a decision is made on the impact of the criticality of the identified redundancy on the possibility and expediency of further checks (Fig. 3). The implementation of block 17.1 in terms of searching for unused sections of source texts is possible using various tools, including using means of fixing the fact of access to files. On Linux, this uses the script to check the “access time” parameter (this parameter shows the last access time to the file) of the corresponding file, on Windows it is Process Monitor (this program displays real-time activity of the file system, registry, and processes and threads) [https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx] in conjunction with the compiler (for example, gcc) [https://gcc.gnu.org]. After that, the identified redundancy is transmitted to the input of block 17.2 in which the operator carries out its expert analysis, based on the results of which a decision is made in block 17.3.

A block diagram of a block for analyzing and organizing contextual information is presented in FIG. 4. This block consists of three elements: block 18.1 (in this block, contextual information is searched in the studied source files of Fig. 4), block 18.2 (in this block, analysis and systematization of the revealed contextual information of Fig. 4 is performed) and block 18.3 ( in this block, a conclusion is drawn about the presence in the contextual information of indications of potentially dangerous sections of the code of Fig. 4). The search for contextual information in the studied source files (block 18.1) is performed using tools (scripts) specialized for a particular operating system that implement the search functions for comments in source files, as well as selecting fragments of texts in the code that may indicate a description of negative functionality . After that, the identified comments are transmitted to the input of block 18.2, in which the operator carries out their expert analysis, based on the results of which a decision is made in block 18.3.

The claimed system operates as follows. The source files of the software from input 12, after being saved in block 2, go to block 16, where the initial state of the source files of the studied software is fixed. After that, the source files are sent to block 17, where the redundancy of the source texts is checked, and then transferred to block 18 for analysis and systematization of contextual information. The next step is the processing of the source files in block 3, where the installation of control points in the files, as well as the procedures and functions of the sources. After that, the source files of the software with the installed control points arrive in block 4, where they are compiled. Compiled source files go to block 5, where they are launched for execution, processing requests from compiled files and to them from other executable files, intercepting information about the found control flows of the studied software and transferring it to block 1 for saving, intercepting information about the passed control points and its transfer to block 6 for saving, intercepting information about the passed paths of the routes of execution of the compiled software files and its transfer to the bl to 7 to save. In addition, source files go to block 9, where they search for potentially dangerous software constructs, the list of which comes from block 8. A preliminary list of potentially dangerous software constructs is created from input 13. The results of the automated analysis of source files come from blocks 1, 6, 7 and 9 to block 10, where they are adjusted using interactive interaction with experts. The resulting final results after saving in block 11 are output 14.

Thus, the claimed technical result is achieved by introducing blocks of fixing the initial state, checking redundancy and analyzing contextual information in the source texts of the studied software, the use of which increases the reliability of the results of the analysis of the software for the absence of undeclared capabilities and allows certification certification studies according to paragraph 2 and subclause 3.1 of the list of requirements for control levels presented in the Guidance document “Protection against unauthorized access to information. Part 1. Information security software. Classification by level of control of the absence of undeclared opportunities. ”

Claims (1)

A control system for the absence of undeclared capabilities in the software, including a unit for storing found control flows of the software under study, a unit for storing software source files, a unit for setting checkpoints in software source files, a compilation unit for software source files with set control points, a block for executing compiled software files; a block for saving the list is passed control points, a unit for saving paths of routes for executing compiled software files, a unit for storing a list of potentially dangerous software structures, a block for searching for potentially dangerous software structures in software source files, an expert analysis block for automated analysis, a block for testing potentially dangerous software structures, a block save the final results, and the input of the block storage of source files of software software is connected to the input source for receiving the source files of software, the first output - with the input of the installation block of the control points in the files of the source texts of the software, the second output - with the input of the search unit of potentially dangerous software structures in the files of the source texts of the software, the output of the installation of control points in the source files of the software is connected to the input of the compilation unit of the source files of the software with installed control points, the output of which is connected to the input of the execution unit of the compiled software files, the first output of which is connected to the input of the storage unit of the found control flows of the studied software, the second output - with the input of the storage unit of the list of passed control points, the third output - with the input of the storage unit of route routes execution of the compiled software files, the output of the storage unit of the found control flows of the studied software is connected to the first input of the expert adjustment block of the results of automated analysis, the second input of which is connected to the output of the block for saving the list of passed control points, the third input - with the output of the block for saving the routes of the routes for compiled software files, the output - with the input of the block for saving the final results, the output of which is connected to the output of the output of the final control results, the second input of the search block for potentially dangerous software structures in the source files of the software The software is connected to the output of the storage block of the list of potentially dangerous software structures, the input of which is connected to the input of the list of potentially dangerous software structures, the output of the search block of potentially dangerous software structures is connected to the testing block of potentially dangerous software structures, in the source files of the software, the output of the testing block potentially hazardous software constructs connected to the fourth input of the block expert adjustment intermediate результатов results, characterized in that an additional unit for fixing the initial state of the source codes of the software, a unit for checking the redundancy of the source texts, a unit for analyzing and organizing contextual information, the output of the block for storing files of the source texts of the software is connected to the input of the block for fixing the initial state of the source texts of the software software, the output of the block fixing the initial state of the source code of the software is connected to the input of the check unit redundant In the case of source code, the output of the source redundancy check unit is connected to the input of the context analysis and systematization unit, the output of which is connected to the input of the control point installation unit to the software source files.

Images