Software patch detection method and device based on data flow analysis
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of data flow analysis and detection method, applied in the computer field, can solve problems such as low efficiency, limited detection accuracy, and unsatisfactory practical applications
Active Publication Date: 2020-05-19
BEIHANG UNIV
View PDF7 Cites 6 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
However, due to the rapid iteration of software products and the differentiation of product release platforms, patch detection is very difficult to achieve
[0003] The current patch detection methods include: extracting the control flow of the binary code and performing embedding learning, and then using the learned feature vectors for discriminant analysis. Although the detection efficiency of this type of method is relatively high, the detection accuracy is greatly limited.
Another type of method uses a method based on symbolic execution combined with data flow analysis to detect patches in binary code. However, this type of method is extremely inefficient and cannot be applied to large-scale software product detection tasks.
These limit the efficiency and accuracy of existing patch detection tools
[0004] Efficient and accurate automated patch detection tools play an extremely important role in the security protection of IoT devices. However, the existing work and devices are far from meeting the needs of practical applications in terms of detection efficiency and accuracy.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0039] figure 1 It is a flowchart of a software patch detection method based on data flow analysis in an embodiment of the present invention, such as figure 1 As shown, a software patch detection method based on data flow analysis, including:
[0040] Step 1: Use Extractor to analyze the patch code, and select and detect the modification semantics of assignment statements and conditional statements, function call statements, type-related statements, and other types of statements in the patch code in sequence as the characteristics of the patch to be detected; establish a binary The mapping relationship between code and source code;
[0041] Step 2: Select VEX-IR as the intermediate code of the binary code promotion of the platform of the device in the Internet of Things environment, use the open source Angr to analyze the binary code, and extract the control flow, wherein the control flow is in the unit of function, Each of said functions contains a node as a basic block;
...
Embodiment 2
[0069] Such as Figure 5 As shown, a software patch detection device based on data flow analysis includes:
[0070] The selection unit is used to analyze the patch code by using the Extractor, select and detect the modification semantics of the assignment statement and the conditional statement, the function call statement, the type-related statement, and other types of statements in the patch code in sequence as the characteristics of the patch to be detected, and establish The mapping relationship between binary code and source code;
[0071] The analysis unit selects VEX-IR as the intermediate code for upgrading the binary code of the device firmware in the Internet of Things environment, uses the Optimizer to analyze the binary code using the open source Angr, extracts the control flow, and analyzes the data flow in the basic block and cross-basic The data flow of the block is analyzed;
[0072] The processing unit optimizes the extracted data flow; selects the ITL state...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention relates to a software patch detection method based on data flow analysis. The software patch detection method comprises the following steps of: analyzing a patch code by using Extractor,and sequentially selecting and detecting modified semantics of an assignment statement, a conditional statement, a function call statement, a type related statement and other types of statements in the patch code as features of a patch to be detected; establishing a mapping relationship between a binary code and a source code; selecting VEX-IR as an intermediate code for binary code promotion ofequipment firmware in an Internet of Things environment, analyzing the binary code by using the open-source Angr, and extracting a control flow, wherein the control flow takes functions as units, andeach function comprises a control flow with nodes as basic blocks and program skip semanteme as sides; analyzing the data flow in the basic blocks, reversely analyzing codes of the basic blocks one byone, and extracting a use chain of a variable in each statement; analyzing the data flow across the basic blocks; optimizing the extracted data stream; and acquiring the patch features from the basicblocks, and performing multi-stage matching on the patch features.
Description
technical field [0001] The invention relates to the field of computer technology, in particular to a software patch detection method and device based on data flow analysis. Background technique [0002] With the rapid development of IoT and the wide application of open source software in IoT devices, a large number of vulnerable devices are exposed to the Internet environment. According to a report released by Gartner, it is estimated that there will be 20 billion IoT devices worldwide by 2020. Although open source software regularly releases vulnerability patches, due to the lack of an effective software update mechanism and patch management mechanism, a large number of vulnerabilities remain unpatched. For example, the Heartbleed vulnerability that broke out in 2014 led to the risk of more than 200 million Android devices being attacked. Although OpenSSL released a patch for this vulnerability in a timely manner, as of 2017, the vulnerability in more than 200,000 devices ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more