Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching

A static detection and intermediate model technology, applied in software testing/debugging, etc., can solve problems such as the inability to guarantee the discovery of software security vulnerabilities

Inactive Publication Date: 2014-04-23
DALIAN UNIV OF TECH
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The dynamic testing method finds errors in the software through the actual execution of the software. Since only limited test cases can be checked, it is not guaranteed to find all the security vulnerabilities of the software.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching
  • Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching
  • Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0089] The specific implementation manner of the present invention will be described in detail below in combination with the technical scheme and accompanying drawings.

[0090] Algorithm 1 below describes the generation process of the syntax tree.

[0091] Algorithm 1.

[0092] Input: CFG G=(V N , VT , S, P) and statement flow Statements=s 1 the s 2 ...s n , where s i = t 1i t 2i ...t mi .

[0093] Output: Tree id and Tree stmt

[0094] Process: RST ree (G,s)

[0095] 1 begins

[0096] 2

[0097] 3 procedure CreateStmt{construct Stmt tree}

[0098] 4 for i:=1 to n do

[0099] 5 procedure CreateId{construct Id tree}

[0100] 6 for j:=1 to m do

[0101] 7 begin / * begin of CreateId * /

[0102] 8 on current state P k :=y , d), Tree stmt (s i-1 , h)>

[0103] 9 gettoken;

[0104] 10 if d≠h then

[0105] 11 d=h;

[0106] 12 if X∈V N then

[0107] 13 goto P h (P h ∈P, h≠k): =id (t y , d), Tree stmt (s i-1 , h)>

[0108] 14 else if X∈V T ’ ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of software safety and relates to a static state detecting system based on an XML (Extensive Makeup Language) middle model and defect mode matching. The static state detecting system is characterized in that a relation syntax tree based on a relation storage mode and a middle data storage model based on an XML format are constructed; a to-be-detected source code file is analyzed by a pre-processing module, a lexical analysis module and a syntax analysis module, thereby extracting all the safety determinant attribute information of a program code; an XML generating module is utilized to store the safety determinant attribute information into an XML middle file; and a vulnerability detecting module is used for extracting a corresponding rule in a rule base according to the rule configuration file and performing rule detection on the XML middle file generated at the front end.

Description

technical field [0001] The invention belongs to the technical field of software detection and relates to a static detection method based on XML intermediate model and defect pattern matching. Background technique [0002] At present, the methods for detecting software security vulnerabilities mainly include dynamic testing and static analysis. [0003] The dynamic testing method finds the errors in the software through the actual execution of the software. Since it can only check the limited test cases, it cannot guarantee to find all the security holes of the software. [0004] Static analysis does not compile and run the program, but analyzes the source code of the program to find errors, and can find 30% to 70% of the security holes introduced by logic design and coding defects in the early stage. By checking the source code, the static analysis technology can often find hidden security problems in the early development of the software and improve the reliability and rob...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 周宽久赖晓晨王洁闫旭袁柱王喆汤乐敏
Owner DALIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products