Source library mode Java security vulnerability detection method based on value dependency graph

A vulnerability detection and dependency graph technology, applied in the field of program analysis, can solve problems such as unfriendly Java source code, false positives, lack of source program and framework support, etc., and achieve the effect of fast detection speed and high accuracy

Active Publication Date: 2021-11-30
北京鸿渐科技有限公司
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The existing taint analysis technology includes the Source-Sink (source library) mode, which is widely used in data leakage detection, system security vulnerability mining and other fields, but it cannot provide a comprehensive solution for different platforms, languages ​​and frameworks. This is a general solution, which needs to be customized for the above problems. In addition, the existing security vulnerability detection method using Java bytecode as the input source uses a relational database to store the function call graph information of the program, and finds vulnerabilities from the database. Pattern mark pollutes data. This method cannot handle Java source code that has not been compiled in a friendly manner. It lacks sufficient expression for source program and framework support, and cannot provide detailed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source library mode Java security vulnerability detection method based on value dependency graph
  • Source library mode Java security vulnerability detection method based on value dependency graph
  • Source library mode Java security vulnerability detection method based on value dependency graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0026] In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer" etc. The indicated orientation or positional relationship is based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the present invention and simplifying the description, rather than indicating or implying that the referred device...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a source library mode Java security vulnerability detection method based on a value dependency graph. The method comprises the following steps: extracting a vulnerability mode, constructing a Java value dependency graph and realizing security vulnerability detection. According to the method, Java language characteristics and third-party library characteristics are considered, technologies such as context sensitivity and object sensitivity are combined, the program expression capability of the value dependency graph is improved, the method has the advantages of being high in detection speed and accuracy, according to the completeness degree of the extracted universal jar package, the Source-Sink template and the Filter template, the false report and missing report conditions of the detection result are different, developers and testers can use the method to search most of the vulnerabilities of the Java input verification class in the detected program.

Description

technical field [0001] The invention relates to the technical field of program analysis, in particular to a Java security loophole detection method based on a value dependency graph. Background technique [0002] Value dependency analysis technology is an in-depth study of data flow analysis methods in static program analysis, which is used to achieve a balance between accuracy and efficiency. An accurate description form in the form of a graph, so that it can support the correct detection of various defects. In the defect description stage, focus on the accurate expression of the defect mode and the completeness of the mode, thereby improving the coverage of defect detection. In the detection phase, based on the concept of guard analysis, the detection accuracy and speed can be improved. The construction of the Java value dependency graph is the application of the value dependency analysis technology to the Java language. During the construction process, the characteristics...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F8/71
Inventor 徐善彤孙永杰于微王强王博任望
Owner 北京鸿渐科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap