Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A software patch detection method and device based on data flow analysis

A data flow analysis and detection method technology, applied in the computer field, can solve the problems of the efficiency and accuracy of the patch detection tool, the detection accuracy limitation, and the inability to meet the practical application, so as to improve the detection efficiency and accuracy, and eliminate the code syntax differences. , to achieve the effect of efficiency and precision

Active Publication Date: 2022-06-21
BEIHANG UNIV
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the rapid iteration of software products and the differentiation of product release platforms, patch detection is very difficult to achieve
[0003] The current patch detection methods include: extracting the control flow of the binary code and performing embedding learning, and then using the learned feature vectors for discriminant analysis. Although the detection efficiency of this type of method is relatively high, the detection accuracy is greatly limited.
Another type of method uses a method based on symbolic execution combined with data flow analysis to detect patches in binary code. However, this type of method is extremely inefficient and cannot be applied to large-scale software product detection tasks.
These limit the efficiency and accuracy of existing patch detection tools
[0004] Efficient and accurate automated patch detection tools play an extremely important role in the security protection of IoT devices. However, the existing work and devices are far from meeting the needs of practical applications in terms of detection efficiency and accuracy.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A software patch detection method and device based on data flow analysis
  • A software patch detection method and device based on data flow analysis
  • A software patch detection method and device based on data flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] figure 1 It is a flowchart of the software patch detection method based on data flow analysis according to the embodiment of the present invention, such as figure 1 As shown, a software patch detection method based on data flow analysis includes:

[0040] Step 1: Use Extractor to parse the patch code, and sequentially select and detect the modification semantics of assignment statements and conditional statements, function call statements, type-related statements, and other types of statements in the patch code as features of the patch to be detected; build a binary The mapping relationship between code and source code;

[0041] Step 2: Select VEX-IR as the intermediate code of the binary code improvement of the platform of the device in the Internet of Things environment, use the open source Angr to analyze the binary code, and extract the control flow, wherein the control flow is in the unit of function, Each of said functions contains a node as a basic block;

[0...

Embodiment 2

[0069] like Figure 5 As shown, a software patch detection device based on data flow analysis includes:

[0070] The selection unit is used to analyze the patch code by using Extractor, select and detect the modification semantics of assignment statements and conditional statements, function call statements, type-related statements, and other types of statements in the patch code in sequence as the characteristics of the patch to be detected, and establish The mapping relationship between binary code and source code;

[0071] The analysis unit selects VEX-IR as the intermediate code for upgrading the binary code of the device firmware in the IoT environment, uses the Optimizer to analyze the binary code using the open source Angr, extracts the control flow, and analyzes the data flow in the basic block and the cross-basic code. block data flow for analysis;

[0072] The processing unit optimizes the extracted data stream; selects the ITL statement, the assignment statement a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A software patch detection method based on data flow analysis, using Extractor to analyze the patch code, and sequentially select and detect the modification semantics of assignment statements and conditional statements, function call statements, type-related statements, and other types of statements in the patch code. It is the feature of the patch to be detected; the mapping relationship between the binary code and the source code is established; VEX‑IR is selected as the intermediate code of the binary code promotion of the device firmware in the Internet of Things environment, and the binary code is analyzed using the open source Angr to extract the Control flow, the control flow takes functions as units, each of the functions includes nodes as basic blocks, and the control flow of program jump semantics as edges; the data flow in the basic block is analyzed, and the basic block The code is reversely analyzed one by one, and the use chain of variables in each statement is extracted; the data flow across the basic block is analyzed; the extracted data flow is optimized; the patch feature is obtained from the basic block, and it is multi-stage match.

Description

technical field [0001] The present invention relates to the field of computer technology, and in particular, to a software patch detection method and device based on data flow analysis. Background technique [0002] With the rapid development of IoT and the wide application of open source software in IoT devices, a large number of vulnerable devices are exposed to the Internet environment. According to a report released by Gartner, it is estimated that there will be 20 billion IoT devices worldwide by 2020. Although open source software regularly releases vulnerability patches, due to the lack of an effective software update mechanism and patch management mechanism, a large number of vulnerabilities have not been patched. Although OpenSSL released a patch for the vulnerability in a timely manner, as of 2017 there were still more than 200,000 devices with the vulnerability unpatched. Therefore, both for security researchers and enterprise software product maintainers, effic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 李建欣孙佩源邵明来周睿邰振赢
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products