Supercharge Your Innovation With Domain-Expert AI Agents!

Program decomposing process

A technology of program decomposition and program, which is applied in the field of information security and software engineering, can solve security threats and other problems, achieve the effect of low complexity, reduce workload and improve efficiency

Inactive Publication Date: 2009-07-08
PEKING UNIV
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because network data is directly used in the function execv() will cause serious security threats, analysts need to strictly analyze this code to confirm whether there is a security problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program decomposing process
  • Program decomposing process
  • Program decomposing process

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] Embodiments of the present invention will be described in more detail below in conjunction with the accompanying drawings.

[0060] The program decomposition method used for vulnerability mining in this embodiment includes the following steps:

[0061] Step 1: Set the initial function and final function.

[0062] In this embodiment, fread is used as the initial function, and execv is used as the final function.

[0063] Step 2: Use the function set composed of the initial function and the function that directly or indirectly calls the initial function as Source; use the function set composed of the final function and the function that directly or indirectly calls the final function as Sinks.

[0064] For example, if figure 1 As shown, getline directly calls fread, so it is added to Source, and main indirectly calls execv through getline, so it is also added to Source.

[0065] In this example, the typical running results are:

[0066] Source={fread, getline, main} ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for analyzing a program, which belongs to the technical field of software engineering and information security. The method comprises the folowing steps: a) an initial function and a result function are set; b) a set including the initial function and a function directly or indirectly calling the initial function serves as a Source; and similarly, Sinks is set; c) the control flow charts of function which only belongs to Source and Sinks and a function in the intersection of sets of the two are respectively analyzed; and d) each control flow chart is connected in sequence,and a corresponding program is output. When the method is used for vulnerability mining, the initial function is selected from a contaminated data inducting function, such as a file read-in function, a network data read-in function and a format input function; and the result function is selected from a contaminated data sensitivity function, such as a memory operation function, a memory allocation function, a character string operation function and a process initiation function. The method of the invention ensures that a large scale program is decomposed into minor code snippets, and can be effectively applied to the technical field of vulnerability mining.

Description

technical field [0001] The invention relates to program analysis and program security audit, in particular to a program decomposition method and its application in loophole mining, belonging to the technical fields of software engineering and information security. Background technique [0002] As the scale of software is getting larger and the design is more and more complex, there are inevitably a large number of loopholes in the software; at the same time, the huge scale of software brings great difficulties to program analysis and code security audit. For example, the source code lines of Linux 2.6.27 kernel have exceeded 10 million lines, and the code size of Windows Vista operating system has exceeded 50 million lines. In order to analyze such a large-scale software, it is first necessary to decompose a large program into multiple smaller code fragments to make code security analysis feasible, so program decomposition technology has always been the focus of research in ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22G06F21/56
Inventor 王铁磊韦韬邹维毛剑李佳静赵新建张超戴帅夫
Owner PEKING UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com