WO2008117872A1 - ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 - Google Patents

ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 Download PDF

Info

Publication number
WO2008117872A1
WO2008117872A1 PCT/JP2008/056177 JP2008056177W WO2008117872A1 WO 2008117872 A1 WO2008117872 A1 WO 2008117872A1 JP 2008056177 W JP2008056177 W JP 2008056177W WO 2008117872 A1 WO2008117872 A1 WO 2008117872A1
Authority
WO
WIPO (PCT)
Prior art keywords
software behavior
software
modeling
verification
stack
Prior art date
Application number
PCT/JP2008/056177
Other languages
English (en)
French (fr)
Inventor
Takehiro Nakayama
Yuka Ikebe
Atsushi Takeshita
Kazuhiko Kato
Hirotake Abe
Katsuhiro Suzuki
Original Assignee
Ntt Docomo, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ntt Docomo, Inc. filed Critical Ntt Docomo, Inc.
Priority to EP08739295A priority Critical patent/EP2141598A4/en
Priority to CN200880010524.1A priority patent/CN101652755B/zh
Priority to US12/593,376 priority patent/US8407799B2/en
Publication of WO2008117872A1 publication Critical patent/WO2008117872A1/ja

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

 ソフトウェア挙動モデル化装置100は、ソフトウェアの実行中に発生した特定のイベントを示すイベント情報を取得するイベント情報取得部110と、特定のイベントが発生した時点において、コールスタックに格納されたスタック情報を取得するスタック情報取得部120と、スタック情報に含まれるリターンアドレスがコールスタックに格納されている格納位置に応じて、リターンアドレスにスコアを設定して、格納位置及びスコアを用いて、特定のイベントと要素との関係をモデル化して、ソフトウェアの挙動モデルを生成する挙動モデル生成部130とを備える。
PCT/JP2008/056177 2007-03-28 2008-03-28 ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 WO2008117872A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP08739295A EP2141598A4 (en) 2007-03-28 2008-03-28 SOFTWARE BEHAVIOR MODELING DEVICE, SOFTWARE BEHAVIOR MODELING METHOD, SOFTWARE BEHAVIOR VERIFICATION DEVICE, AND SOFTWARE BEHAVIOR VERIFICATION METHOD
CN200880010524.1A CN101652755B (zh) 2007-03-28 2008-03-28 软件行为模型化装置、软件行为模型化方法、软件行为验证装置以及软件行为验证方法
US12/593,376 US8407799B2 (en) 2007-03-28 2008-03-28 Software behavior modeling device, software behavior modeling method, software behavior verification device, and software behavior verification method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2007-085598 2007-03-28
JP2007085598A JP5081480B2 (ja) 2007-03-28 2007-03-28 ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法

Publications (1)

Publication Number Publication Date
WO2008117872A1 true WO2008117872A1 (ja) 2008-10-02

Family

ID=39788603

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2008/056177 WO2008117872A1 (ja) 2007-03-28 2008-03-28 ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法

Country Status (5)

Country Link
US (1) US8407799B2 (ja)
EP (1) EP2141598A4 (ja)
JP (1) JP5081480B2 (ja)
CN (1) CN101652755B (ja)
WO (1) WO2008117872A1 (ja)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2426618A1 (en) * 2009-04-27 2012-03-07 Fourteenforty Research Institute Inc. Information device, program, method for preventing execution of unauthorized program code, and computer readable recording medium

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745361B2 (en) 2008-12-02 2014-06-03 Microsoft Corporation Sandboxed execution of plug-ins
CN103577753B (zh) * 2012-08-01 2017-07-25 联想(北京)有限公司 一种提示伪装应用隐患的方法和电子设备
US9817742B2 (en) * 2013-06-25 2017-11-14 Dell International L.L.C. Detecting hardware and software problems in remote systems
CN103714456B (zh) * 2014-01-06 2015-08-19 同济大学 软件行为监控验证系统
CN111913875B (zh) 2014-10-24 2024-04-26 谷歌有限责任公司 用于基于软件执行跟踪自动加标签的方法和系统
US10467409B2 (en) * 2014-12-23 2019-11-05 Mcafee, Llc Identification of malicious execution of a process
KR20160099160A (ko) * 2015-02-11 2016-08-22 한국전자통신연구원 명령어 집합의 행위 패턴을 엔-그램 방식으로 모델링하는 방법, 그 방법으로 동작하는 컴퓨팅 장치, 및 그 방법을 컴퓨팅 장치에서 실행하도록 구성되는 기록 매체에 저장된 프로그램
US10091076B2 (en) 2015-08-25 2018-10-02 Google Llc Systems and methods for configuring a resource for network traffic analysis
US10019572B1 (en) * 2015-08-27 2018-07-10 Amazon Technologies, Inc. Detecting malicious activities by imported software packages
US10032031B1 (en) 2015-08-27 2018-07-24 Amazon Technologies, Inc. Detecting unknown software vulnerabilities and system compromises
RU2651196C1 (ru) * 2017-06-16 2018-04-18 Акционерное общество "Лаборатория Касперского" Способ обнаружения аномальных событий по популярности свертки события
RU2682003C1 (ru) * 2017-11-27 2019-03-14 Федеральное государственное бюджетное учреждение науки Институт системного программирования им. В.П. Иванникова Российской академии наук Способ верификации формальной автоматной модели поведения программной системы
JP6976365B2 (ja) * 2020-01-24 2021-12-08 三菱電機株式会社 車載制御装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003122599A (ja) * 2001-10-11 2003-04-25 Hitachi Ltd 計算機システムおよび計算機システムにおけるプログラム実行監視方法
JP2006031109A (ja) * 2004-07-12 2006-02-02 Ntt Docomo Inc 管理システム及び管理方法
JP2006053788A (ja) * 2004-08-12 2006-02-23 Ntt Docomo Inc ソフトウェア動作監視装置及びソフトウェア動作監視方法
JP2006146600A (ja) * 2004-11-19 2006-06-08 Ntt Docomo Inc 動作監視サーバ、端末装置及び動作監視システム
JP2006268775A (ja) * 2005-03-25 2006-10-05 Ntt Docomo Inc ソフトウェア動作モデル化装置及びソフトウェア動作監視装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004126854A (ja) 2002-10-01 2004-04-22 Mitsubishi Electric Corp 攻撃対策装置
CN1323351C (zh) * 2003-01-23 2007-06-27 中兴通讯股份有限公司 一种流程状态机的实现方法
US8108929B2 (en) * 2004-10-19 2012-01-31 Reflex Systems, LLC Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms
JP2006330864A (ja) 2005-05-24 2006-12-07 Hitachi Ltd サーバ計算機システムの制御方法
US7849509B2 (en) * 2005-10-07 2010-12-07 Microsoft Corporation Detection of security vulnerabilities in computer programs
JP4732874B2 (ja) * 2005-11-28 2011-07-27 株式会社エヌ・ティ・ティ・ドコモ ソフトウェア動作モデル化装置、ソフトウェア動作監視装置、ソフトウェア動作モデル化方法及びソフトウェア動作監視方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003122599A (ja) * 2001-10-11 2003-04-25 Hitachi Ltd 計算機システムおよび計算機システムにおけるプログラム実行監視方法
JP2006031109A (ja) * 2004-07-12 2006-02-02 Ntt Docomo Inc 管理システム及び管理方法
JP2006053788A (ja) * 2004-08-12 2006-02-23 Ntt Docomo Inc ソフトウェア動作監視装置及びソフトウェア動作監視方法
JP2006146600A (ja) * 2004-11-19 2006-06-08 Ntt Docomo Inc 動作監視サーバ、端末装置及び動作監視システム
JP2006268775A (ja) * 2005-03-25 2006-10-05 Ntt Docomo Inc ソフトウェア動作モデル化装置及びソフトウェア動作監視装置

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
ABE H. ET AL.: "Seiteki Kaiseki ni Motozuku Shinnyu Kenchi System no Saitekika", IPSJ COMPUTER SYSTEM SYMPOSIUM RONBUNSHU, INFORMATION PROCESSING SOCIETY OF JAPAN SYMPOSIUM SERIES, vol. 2003, no. 20, 11 December 2003 (2003-12-11), pages 7 - 16, XP008134589 *
ANDO R. ET AL.: "Kairyo Reigai Handler ni yoru Jitsujikan Overflow Bogyo System", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2005, no. 33, 23 March 2005 (2005-03-23), XP008137332 *
H. FENG ET AL.: "Anomaly Detection Using Call Stack Information", THE PROC. OF IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2003, pages 62, XP010639713
IKEBE Y. ET AL.: "Mobile Muke Ijo Kenchi Software", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2006, no. 120, 16 November 2006 (2006-11-16), pages 39 - 46, XP008137330 *
KINNO A. ET AL.: "Keitai Tanmatsu Muke Software Ijo Kenchi Gijutsu", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2006, no. 44, 12 May 2006 (2006-05-12), pages 1 - 8, XP008137331 *
SUZUKI K. ET AL.: "Stack Tansaku no Kanryakuka ni yoru Ijo Kenchi System no Kosokuka", IEICE TECHNICAL REPORT, vol. 106, no. 175, 13 July 2006 (2006-07-13), pages 183 - 190, XP008134588 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2426618A1 (en) * 2009-04-27 2012-03-07 Fourteenforty Research Institute Inc. Information device, program, method for preventing execution of unauthorized program code, and computer readable recording medium
EP2426618A4 (en) * 2009-04-27 2013-08-07 Fourteenforty Res Inst Inc INFORMATION DEVICE, PROGRAM, METHOD FOR AVOIDING THE PERFORMANCE OF AN UNAUTHORIZED PROGRAM CODE AND COMPUTER READABLE RECORDING MEDIUM
US9177136B2 (en) 2009-04-27 2015-11-03 Ffri, Inc. Information device, program, method, and computer readable recording medium for preventing execution of malicious program code

Also Published As

Publication number Publication date
CN101652755A (zh) 2010-02-17
JP2008243034A (ja) 2008-10-09
US20110154487A1 (en) 2011-06-23
CN101652755B (zh) 2013-03-27
EP2141598A1 (en) 2010-01-06
JP5081480B2 (ja) 2012-11-28
EP2141598A4 (en) 2012-11-21
US8407799B2 (en) 2013-03-26

Similar Documents

Publication Publication Date Title
WO2008117872A1 (ja) ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法
EP1834680A3 (en) Game apparatus and storage medium having game program stored thereon
WO2011020043A3 (en) Event-triggered server-side macros
WO2006094047A3 (en) Execution and real-time implementation of a temporary overrun scheduler
WO2007095552A3 (en) System and method for generating and executing a platform emulation based on a selected application
WO2007112162A3 (en) Selective instruction breakpoint generation
WO2007134242A3 (en) Method for generating decision trees integrated with petro-technical workflows
WO2007106426A3 (en) Systems and methods for software development
WO2009036356A3 (en) Dual cross-media relevance model for image annotation
WO2009035762A3 (en) User profile backup system for an infusion pump device
EP2068275A3 (en) Communication robot
GB2468091A (en) System and method for fast platform hibernate and resume
WO2011013945A3 (en) Mobile terminal and operation method for the same
WO2008146807A1 (ja) オントロジ処理装置、オントロジ処理方法、及びオントロジ処理プログラム
WO2008108232A1 (ja) 音声認識装置、音声認識方法及び音声認識プログラム
TW200834305A (en) Information processing apparatus and method, program, and recording medium
WO2007021513A3 (en) Exclusive access for secure audio progam
WO2008097816A3 (en) Direct access of language metadata
ATE406610T1 (de) Verfahren zur konfiguration eines computerprogramms
WO2010049391A3 (en) Performing a data write on a storage device
GB0921776D0 (en) Payment device
DE602007008804D1 (de) Fernkopien ausführendes Speichersystem
WO2009060829A1 (ja) 広告提示方法、広告提示システム及びプログラム
WO2006063919A3 (de) Erkennung und anzeige von modifikationen an softwareständen für motorsteuergerätesoftware
EP1672496A3 (en) Context save method, information processor and interrupt generator

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880010524.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08739295

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2008739295

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 12593376

Country of ref document: US