WO2008117872A1 - ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 - Google Patents
ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 Download PDFInfo
- Publication number
- WO2008117872A1 WO2008117872A1 PCT/JP2008/056177 JP2008056177W WO2008117872A1 WO 2008117872 A1 WO2008117872 A1 WO 2008117872A1 JP 2008056177 W JP2008056177 W JP 2008056177W WO 2008117872 A1 WO2008117872 A1 WO 2008117872A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- software behavior
- software
- modeling
- verification
- stack
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
ソフトウェア挙動モデル化装置100は、ソフトウェアの実行中に発生した特定のイベントを示すイベント情報を取得するイベント情報取得部110と、特定のイベントが発生した時点において、コールスタックに格納されたスタック情報を取得するスタック情報取得部120と、スタック情報に含まれるリターンアドレスがコールスタックに格納されている格納位置に応じて、リターンアドレスにスコアを設定して、格納位置及びスコアを用いて、特定のイベントと要素との関係をモデル化して、ソフトウェアの挙動モデルを生成する挙動モデル生成部130とを備える。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08739295A EP2141598A4 (en) | 2007-03-28 | 2008-03-28 | SOFTWARE BEHAVIOR MODELING DEVICE, SOFTWARE BEHAVIOR MODELING METHOD, SOFTWARE BEHAVIOR VERIFICATION DEVICE, AND SOFTWARE BEHAVIOR VERIFICATION METHOD |
CN200880010524.1A CN101652755B (zh) | 2007-03-28 | 2008-03-28 | 软件行为模型化装置、软件行为模型化方法、软件行为验证装置以及软件行为验证方法 |
US12/593,376 US8407799B2 (en) | 2007-03-28 | 2008-03-28 | Software behavior modeling device, software behavior modeling method, software behavior verification device, and software behavior verification method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007-085598 | 2007-03-28 | ||
JP2007085598A JP5081480B2 (ja) | 2007-03-28 | 2007-03-28 | ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008117872A1 true WO2008117872A1 (ja) | 2008-10-02 |
Family
ID=39788603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2008/056177 WO2008117872A1 (ja) | 2007-03-28 | 2008-03-28 | ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8407799B2 (ja) |
EP (1) | EP2141598A4 (ja) |
JP (1) | JP5081480B2 (ja) |
CN (1) | CN101652755B (ja) |
WO (1) | WO2008117872A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2426618A1 (en) * | 2009-04-27 | 2012-03-07 | Fourteenforty Research Institute Inc. | Information device, program, method for preventing execution of unauthorized program code, and computer readable recording medium |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8745361B2 (en) | 2008-12-02 | 2014-06-03 | Microsoft Corporation | Sandboxed execution of plug-ins |
CN103577753B (zh) * | 2012-08-01 | 2017-07-25 | 联想(北京)有限公司 | 一种提示伪装应用隐患的方法和电子设备 |
US9817742B2 (en) * | 2013-06-25 | 2017-11-14 | Dell International L.L.C. | Detecting hardware and software problems in remote systems |
CN103714456B (zh) * | 2014-01-06 | 2015-08-19 | 同济大学 | 软件行为监控验证系统 |
CN111913875B (zh) | 2014-10-24 | 2024-04-26 | 谷歌有限责任公司 | 用于基于软件执行跟踪自动加标签的方法和系统 |
US10467409B2 (en) * | 2014-12-23 | 2019-11-05 | Mcafee, Llc | Identification of malicious execution of a process |
KR20160099160A (ko) * | 2015-02-11 | 2016-08-22 | 한국전자통신연구원 | 명령어 집합의 행위 패턴을 엔-그램 방식으로 모델링하는 방법, 그 방법으로 동작하는 컴퓨팅 장치, 및 그 방법을 컴퓨팅 장치에서 실행하도록 구성되는 기록 매체에 저장된 프로그램 |
US10091076B2 (en) | 2015-08-25 | 2018-10-02 | Google Llc | Systems and methods for configuring a resource for network traffic analysis |
US10019572B1 (en) * | 2015-08-27 | 2018-07-10 | Amazon Technologies, Inc. | Detecting malicious activities by imported software packages |
US10032031B1 (en) | 2015-08-27 | 2018-07-24 | Amazon Technologies, Inc. | Detecting unknown software vulnerabilities and system compromises |
RU2651196C1 (ru) * | 2017-06-16 | 2018-04-18 | Акционерное общество "Лаборатория Касперского" | Способ обнаружения аномальных событий по популярности свертки события |
RU2682003C1 (ru) * | 2017-11-27 | 2019-03-14 | Федеральное государственное бюджетное учреждение науки Институт системного программирования им. В.П. Иванникова Российской академии наук | Способ верификации формальной автоматной модели поведения программной системы |
JP6976365B2 (ja) * | 2020-01-24 | 2021-12-08 | 三菱電機株式会社 | 車載制御装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003122599A (ja) * | 2001-10-11 | 2003-04-25 | Hitachi Ltd | 計算機システムおよび計算機システムにおけるプログラム実行監視方法 |
JP2006031109A (ja) * | 2004-07-12 | 2006-02-02 | Ntt Docomo Inc | 管理システム及び管理方法 |
JP2006053788A (ja) * | 2004-08-12 | 2006-02-23 | Ntt Docomo Inc | ソフトウェア動作監視装置及びソフトウェア動作監視方法 |
JP2006146600A (ja) * | 2004-11-19 | 2006-06-08 | Ntt Docomo Inc | 動作監視サーバ、端末装置及び動作監視システム |
JP2006268775A (ja) * | 2005-03-25 | 2006-10-05 | Ntt Docomo Inc | ソフトウェア動作モデル化装置及びソフトウェア動作監視装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004126854A (ja) | 2002-10-01 | 2004-04-22 | Mitsubishi Electric Corp | 攻撃対策装置 |
CN1323351C (zh) * | 2003-01-23 | 2007-06-27 | 中兴通讯股份有限公司 | 一种流程状态机的实现方法 |
US8108929B2 (en) * | 2004-10-19 | 2012-01-31 | Reflex Systems, LLC | Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms |
JP2006330864A (ja) | 2005-05-24 | 2006-12-07 | Hitachi Ltd | サーバ計算機システムの制御方法 |
US7849509B2 (en) * | 2005-10-07 | 2010-12-07 | Microsoft Corporation | Detection of security vulnerabilities in computer programs |
JP4732874B2 (ja) * | 2005-11-28 | 2011-07-27 | 株式会社エヌ・ティ・ティ・ドコモ | ソフトウェア動作モデル化装置、ソフトウェア動作監視装置、ソフトウェア動作モデル化方法及びソフトウェア動作監視方法 |
-
2007
- 2007-03-28 JP JP2007085598A patent/JP5081480B2/ja active Active
-
2008
- 2008-03-28 EP EP08739295A patent/EP2141598A4/en not_active Withdrawn
- 2008-03-28 CN CN200880010524.1A patent/CN101652755B/zh not_active Expired - Fee Related
- 2008-03-28 WO PCT/JP2008/056177 patent/WO2008117872A1/ja active Application Filing
- 2008-03-28 US US12/593,376 patent/US8407799B2/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003122599A (ja) * | 2001-10-11 | 2003-04-25 | Hitachi Ltd | 計算機システムおよび計算機システムにおけるプログラム実行監視方法 |
JP2006031109A (ja) * | 2004-07-12 | 2006-02-02 | Ntt Docomo Inc | 管理システム及び管理方法 |
JP2006053788A (ja) * | 2004-08-12 | 2006-02-23 | Ntt Docomo Inc | ソフトウェア動作監視装置及びソフトウェア動作監視方法 |
JP2006146600A (ja) * | 2004-11-19 | 2006-06-08 | Ntt Docomo Inc | 動作監視サーバ、端末装置及び動作監視システム |
JP2006268775A (ja) * | 2005-03-25 | 2006-10-05 | Ntt Docomo Inc | ソフトウェア動作モデル化装置及びソフトウェア動作監視装置 |
Non-Patent Citations (6)
Title |
---|
ABE H. ET AL.: "Seiteki Kaiseki ni Motozuku Shinnyu Kenchi System no Saitekika", IPSJ COMPUTER SYSTEM SYMPOSIUM RONBUNSHU, INFORMATION PROCESSING SOCIETY OF JAPAN SYMPOSIUM SERIES, vol. 2003, no. 20, 11 December 2003 (2003-12-11), pages 7 - 16, XP008134589 * |
ANDO R. ET AL.: "Kairyo Reigai Handler ni yoru Jitsujikan Overflow Bogyo System", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2005, no. 33, 23 March 2005 (2005-03-23), XP008137332 * |
H. FENG ET AL.: "Anomaly Detection Using Call Stack Information", THE PROC. OF IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2003, pages 62, XP010639713 |
IKEBE Y. ET AL.: "Mobile Muke Ijo Kenchi Software", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2006, no. 120, 16 November 2006 (2006-11-16), pages 39 - 46, XP008137330 * |
KINNO A. ET AL.: "Keitai Tanmatsu Muke Software Ijo Kenchi Gijutsu", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2006, no. 44, 12 May 2006 (2006-05-12), pages 1 - 8, XP008137331 * |
SUZUKI K. ET AL.: "Stack Tansaku no Kanryakuka ni yoru Ijo Kenchi System no Kosokuka", IEICE TECHNICAL REPORT, vol. 106, no. 175, 13 July 2006 (2006-07-13), pages 183 - 190, XP008134588 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2426618A1 (en) * | 2009-04-27 | 2012-03-07 | Fourteenforty Research Institute Inc. | Information device, program, method for preventing execution of unauthorized program code, and computer readable recording medium |
EP2426618A4 (en) * | 2009-04-27 | 2013-08-07 | Fourteenforty Res Inst Inc | INFORMATION DEVICE, PROGRAM, METHOD FOR AVOIDING THE PERFORMANCE OF AN UNAUTHORIZED PROGRAM CODE AND COMPUTER READABLE RECORDING MEDIUM |
US9177136B2 (en) | 2009-04-27 | 2015-11-03 | Ffri, Inc. | Information device, program, method, and computer readable recording medium for preventing execution of malicious program code |
Also Published As
Publication number | Publication date |
---|---|
CN101652755A (zh) | 2010-02-17 |
JP2008243034A (ja) | 2008-10-09 |
US20110154487A1 (en) | 2011-06-23 |
CN101652755B (zh) | 2013-03-27 |
EP2141598A1 (en) | 2010-01-06 |
JP5081480B2 (ja) | 2012-11-28 |
EP2141598A4 (en) | 2012-11-21 |
US8407799B2 (en) | 2013-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008117872A1 (ja) | ソフトウェア挙動モデル化装置、ソフトウェア挙動モデル化方法、ソフトウェア挙動検証装置及びソフトウェア挙動検証方法 | |
EP1834680A3 (en) | Game apparatus and storage medium having game program stored thereon | |
WO2011020043A3 (en) | Event-triggered server-side macros | |
WO2006094047A3 (en) | Execution and real-time implementation of a temporary overrun scheduler | |
WO2007095552A3 (en) | System and method for generating and executing a platform emulation based on a selected application | |
WO2007112162A3 (en) | Selective instruction breakpoint generation | |
WO2007134242A3 (en) | Method for generating decision trees integrated with petro-technical workflows | |
WO2007106426A3 (en) | Systems and methods for software development | |
WO2009036356A3 (en) | Dual cross-media relevance model for image annotation | |
WO2009035762A3 (en) | User profile backup system for an infusion pump device | |
EP2068275A3 (en) | Communication robot | |
GB2468091A (en) | System and method for fast platform hibernate and resume | |
WO2011013945A3 (en) | Mobile terminal and operation method for the same | |
WO2008146807A1 (ja) | オントロジ処理装置、オントロジ処理方法、及びオントロジ処理プログラム | |
WO2008108232A1 (ja) | 音声認識装置、音声認識方法及び音声認識プログラム | |
TW200834305A (en) | Information processing apparatus and method, program, and recording medium | |
WO2007021513A3 (en) | Exclusive access for secure audio progam | |
WO2008097816A3 (en) | Direct access of language metadata | |
ATE406610T1 (de) | Verfahren zur konfiguration eines computerprogramms | |
WO2010049391A3 (en) | Performing a data write on a storage device | |
GB0921776D0 (en) | Payment device | |
DE602007008804D1 (de) | Fernkopien ausführendes Speichersystem | |
WO2009060829A1 (ja) | 広告提示方法、広告提示システム及びプログラム | |
WO2006063919A3 (de) | Erkennung und anzeige von modifikationen an softwareständen für motorsteuergerätesoftware | |
EP1672496A3 (en) | Context save method, information processor and interrupt generator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200880010524.1 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08739295 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008739295 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12593376 Country of ref document: US |