WO2019237849A1 - Procédé formalisé d'analyse de vulnérabilités de code pouvant provoquer une attaque - Google Patents
Procédé formalisé d'analyse de vulnérabilités de code pouvant provoquer une attaque Download PDFInfo
- Publication number
- WO2019237849A1 WO2019237849A1 PCT/CN2019/085598 CN2019085598W WO2019237849A1 WO 2019237849 A1 WO2019237849 A1 WO 2019237849A1 CN 2019085598 W CN2019085598 W CN 2019085598W WO 2019237849 A1 WO2019237849 A1 WO 2019237849A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- executed
- statement
- file
- code
- searching
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
Definitions
- the method of searching for hidden code in the executable file is: when the executable program is loaded and executed, set TF in the EFLAGES register to 1, so that each time the executable program executes an instruction, a debug exception is generated, and the kernel debugs
- the exception service program can determine which file, line number, and statement belong to the instructions executed at the time according to the positioning information in the executable program, and record them.
- the system can count the file numbers, line numbers, and statement numbers of the statements corresponding to all the executed instructions, and use this information to compare with all the positioning information formed during compilation to determine. Which statements have not been executed, and those statements that have not been executed are code hiding.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
La présente invention se rapporte aux technologies de l'information, en particulier au domaine de la sécurité des informations. L'invention concerne un procédé formalisé d'analyse de vulnérabilités de code qui peuvent provoquer une attaque, consistant spécifiquement à rechercher des séquences d'exécution cachées et des codes de dissimulation, et rechercher des instructions privilégiées. En appliquant la solution fournie par la présente invention, des attaques telles qu'une vulnérabilité Dirty COW peuvent être évitées, et des opérations non autorisées effectuées pendant l'exécution en raison de l'existence d'instructions inutiles dans un fichier peuvent être évitées.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810605379.7 | 2018-06-12 | ||
CN201810605379.7A CN110598407A (zh) | 2018-06-12 | 2018-06-12 | 一种形式化的发现可能引发攻击风险的代码漏洞的分析方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019237849A1 true WO2019237849A1 (fr) | 2019-12-19 |
Family
ID=68841739
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/085598 WO2019237849A1 (fr) | 2018-06-12 | 2019-05-06 | Procédé formalisé d'analyse de vulnérabilités de code pouvant provoquer une attaque |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110598407A (fr) |
WO (1) | WO2019237849A1 (fr) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8312518B1 (en) * | 2007-09-27 | 2012-11-13 | Avaya Inc. | Island of trust in a service-oriented environment |
CN107193590A (zh) * | 2017-05-10 | 2017-09-22 | 北京海杭通讯科技有限公司 | 一种基于android的防root方法 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103246708A (zh) * | 2013-04-16 | 2013-08-14 | 康佳集团股份有限公司 | 一种基于智能终端的多屏互动搜索方法及其系统 |
CN106445803B (zh) * | 2016-08-17 | 2019-03-01 | 中国航空工业集团公司西安飞行自动控制研究所 | 一种安全关键嵌入式软件目标码覆盖率分析方法 |
CN107679402A (zh) * | 2017-09-28 | 2018-02-09 | 四川长虹电器股份有限公司 | 恶意代码行为特征提取方法 |
-
2018
- 2018-06-12 CN CN201810605379.7A patent/CN110598407A/zh active Pending
-
2019
- 2019-05-06 WO PCT/CN2019/085598 patent/WO2019237849A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8312518B1 (en) * | 2007-09-27 | 2012-11-13 | Avaya Inc. | Island of trust in a service-oriented environment |
CN107193590A (zh) * | 2017-05-10 | 2017-09-22 | 北京海杭通讯科技有限公司 | 一种基于android的防root方法 |
Non-Patent Citations (1)
Title |
---|
ROYAL, P. ET AL.: "PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware", COMPUTER SECURITY APPLICATIONS CONFERENCE, 2006. ACSAC '06. 22ND ANNUAL, 26 December 2006 (2006-12-26), pages 289 - 300, XP031033569, ISSN: 1063-9527 * |
Also Published As
Publication number | Publication date |
---|---|
CN110598407A (zh) | 2019-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xu et al. | Spain: security patch analysis for binaries towards understanding the pain and pills | |
US9715593B2 (en) | Software vulnerabilities detection system and methods | |
Bao et al. | {BYTEWEIGHT}: Learning to recognize functions in binary code | |
Bruschi et al. | Code normalization for self-mutating malware | |
Xue et al. | Accurate and scalable cross-architecture cross-os binary code search with emulation | |
US9824214B2 (en) | High performance software vulnerabilities detection system and methods | |
Tian et al. | Software plagiarism detection with birthmarks based on dynamic key instruction sequences | |
US10162966B1 (en) | Anti-malware system with evasion code detection and rectification | |
Ji et al. | The coming era of alphahacking?: A survey of automatic software vulnerability detection, exploitation and patching techniques | |
Bruschi et al. | Using code normalization for fighting self-mutating malware | |
Coppens et al. | Feedback-driven binary code diversification | |
CN105787305A (zh) | 一种抵抗符号执行和污点分析的软件保护方法 | |
Zhang et al. | A survey of software clone detection from security perspective | |
EP3495978B1 (fr) | Procédé pour détecter des vulnérabilités dans un logiciel | |
Muntean et al. | Intrepair: Informed repairing of integer overflows | |
Liao et al. | Smartdagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability | |
Kan et al. | Automated deobfuscation of Android native binary code | |
Fang et al. | Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts | |
Mouzarani et al. | A smart fuzzing method for detecting heap-based buffer overflow in executable codes | |
WO2019237849A1 (fr) | Procédé formalisé d'analyse de vulnérabilités de code pouvant provoquer une attaque | |
Ma et al. | Communication-based attacks detection in android applications | |
Li et al. | Chosen-instruction attack against commercial code virtualization obfuscators | |
Harzevili et al. | Automatic Static Vulnerability Detection for Machine Learning Libraries: Are We There Yet? | |
Liu et al. | Concspectre: Be aware of forthcoming malware hidden in concurrent programs | |
Shin et al. | Automatic static bug detection for machine learning libraries: Are we there yet? |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19818727 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19818727 Country of ref document: EP Kind code of ref document: A1 |