Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Code audit method and device

A code auditing and source code technology, applied in the field of information security, can solve problems such as misdetection and missed detection of security vulnerabilities, inability to apply the scope of application, and inability to fully reflect security vulnerabilities, etc., to reduce the amount of calculation, improve accuracy, and improve efficiency Effect

Active Publication Date: 2009-10-07
SIEMENS CHINA
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, the determination of characteristic characters in keyword matching technology mainly relies on the analysis of security vulnerabilities that have been discovered. The determination of characteristic characters is only limited to the security vulnerabilities that have been analyzed, and cannot be applied to a wide range of applications to a large extent.
Therefore, the feature characters cannot fully reflect the characteristics of a security vulnerability, and there are often false detections and missed detections of security vulnerabilities during use.
[0004] Through a brief analysis of the existing technology, it is not difficult to conclude that because the keyword matching technology matches the characteristic characters corresponding to security vulnerabilities, in the process of actual use, false detection or missed detection often occurs, so it not only has a great impact This affects the accuracy of the code audit, and it cannot accurately reflect the security vulnerabilities in the source code.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code audit method and device
  • Code audit method and device
  • Code audit method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The inventors of the present invention have analyzed the situation that the program code is attacked and concluded that the reason why the program code has security holes and can be exploited by attackers is that some processing nodes in the source code often actively or passively perform some A processing operation that is not expected by itself.

[0044] Based on the above analysis of program code security vulnerabilities, the technical solution of the present invention mainly compares the security attribute of the processing node in the source code with the security attribute of the parent processing node of the processing node, when the security attribute of the parent processing node is the If the processing node's security attributes are a subset, the processing node does not have a security hole; if the parent processing node's security attributes are not a subset of the processing node's security attributes, the processing node has a security hole. That is, assu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a code audit method comprising the steps: tracking a variable in source codes to obtain all processing nodes of the variable; determining the parent processing node and the security attribute of each processing node; respectively comparing the security attribute of each processing node with the safety attribute of the parent processing node of each processing node and determining a processing node existing security vulnerability if the security attribute of the parent processing node of the processing node is not the subset of the safety attribute of the processing node. In addition, the invention further discloses a code audit device. In the invention, with the technical scheme that the processing logic of the variable is determined if the variable has vulnerability according to the processing nodes, the accuracy of code audit can be improved, so that the safety vulnerability existing in the source codes can be truly and accurately reflected.

Description

technical field [0001] The invention relates to information security technology, in particular to a method and device for code auditing. Background technique [0002] At present, the security of the program code used by the information system directly determines the security of the information system. Security loopholes in program codes are one of the main reasons for information systems to be unstable and vulnerable to attacks. When the security holes in the program code are exploited by the attacker, the attacker can gain access to important data, resources, or processes, and use these permissions to increase, change, or delete processes or control flows in the information system, resulting in the loss of important data. Problems such as leakage and system paralysis have caused huge losses to users of the information system, and they cannot obtain safe and reliable services. [0003] In the existing technology, keyword matching is a common technical means in code audit t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/57
CPCG06F11/3604G06F21/577
Inventor 胡建钧唐文隋爱芬
Owner SIEMENS CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com