Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System call white list generation method for interpreted language source program

An interpreted language, source program technology, applied in program control devices, creation/generation of source code, software engineering design, etc., can solve problems such as inability to cover branches, system calls cannot be analyzed, etc., to achieve the effect of enhancing security

Pending Publication Date: 2022-05-27
PEKING UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the limitation of dynamic analysis is that it cannot cover all the branches in the program. If some functions are not called during the running of the program, the system calls required for these function calls will not be analyzed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System call white list generation method for interpreted language source program
  • System call white list generation method for interpreted language source program
  • System call white list generation method for interpreted language source program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The Python system call analysis part has three main parts. Python source program analysis, C source program analysis, and binary file analysis. The Python version used in the experiments is Python 3.6.

[0040] Python source program analysis

[0041] Python source program analysis process such as figure 1 shown. In order to find out the function written in C used in the source file, we need to visit each function call node on the syntax tree, and use the inference function of astroid to infer the relevant information of the function call. If the function is a builtin function, then directly It is added to the result set in the form of "builtin + function name"; if the function is a method in a certain class, it is also necessary to judge whether its function body in the syntax tree is empty, if it is empty, it indicates that it is in C language The function written, this type of function also needs to be added to the result set, in the form of "module name + class n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an interpreted language source program-oriented system call white list generation method. The white list generation method comprises the following steps: 1) for a source code of an application to be analyzed, selecting a corresponding target interpreter according to a compiling language of the source code; (2) acquiring system calling during operation of the source code by utilizing the selected target interpreter; and 3) compiling a test program by utilizing the compiling language of the source code, running the test program, acquiring system call required for running the test program as system call required for initializing the target interpreter, and then combining the system call with the system call obtained in the step 2) to obtain a system call white list of the to-be-analyzed application. And when running on the container, the application is only allowed to call the system call on the white list, so that the security is greatly enhanced.

Description

technical field [0001] The invention belongs to the field of system security and container security, and in particular relates to a method for generating a whitelist of system calls oriented to an interpreted language source program. Background technique [0002] With the widespread use of cloud computing technology, applications are increasingly deployed in container environments represented by Docker. Unlike each virtual machine, which can obtain a virtual operating system, the container does not need to package resources such as the kernel and virtual hardware, but directly utilizes the kernel of the host. Each containerized application will share the kernel of the host. The user space of each container is isolated from each other. Therefore, containers have the advantages of consuming less resources and starting faster. At the same time, since different containers share the kernel of the host, how to ensure the security of the container and the kernel will become a con...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/448G06F8/30
CPCG06F9/449G06F8/315
Inventor 沈晴霓王旭豪胡兆杰周慕贤戈通
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com