首页> 外国专利> APPARATUS AND METHOD FOR ANALYZING EMBEDED SOFTWARE VULNERABILITY BASED ON BINARY CODE

APPARATUS AND METHOD FOR ANALYZING EMBEDED SOFTWARE VULNERABILITY BASED ON BINARY CODE

机译：基于二进制代码的嵌入式软件易损性分析的装置和方法

页面导航

摘要
著录项
相似文献

摘要

The present invention relates to an apparatus and method for analyzing an embedded software vulnerability based on binary code, and an apparatus for analyzing a vulnerability of an embedded software based on a binary code according to an embodiment of the present invention includes: extracting architecture information from a binary code, A binary analyzing unit for checking the input data; An intermediate representation conversion unit for converting the binary code into an intermediate representation code according to the result of the check; An intermediate expression analyzer for extracting a function call graph and a control flow graph from the intermediate representation code to select a function to be subjected to vulnerability analysis; A static vulnerability analyzer for generating a static vulnerability detection list by determining whether there is a security vulnerability corresponding to a Common Weakness Enumeration (CWE) vulnerability list for the vulnerability analysis target function; And a dynamic vulnerability analyzer for generating a test case for a function having a vulnerability selected from the static vulnerability detection list and executing the preference operation.

机译：本发明涉及一种基于二进制代码的嵌入式软件漏洞分析装置和方法，以及一种基于二进制代码的嵌入式软件漏洞分析装置，包括：从中提取架构信息。二进制代码，用于检查输入数据的二进制分析单元;中间表示转换单元，用于根据检查结果将二进制代码转换为中间表示代码;中间表达式分析器，用于从中间表示代码中提取函数调用图和控制流程图，以选择要进行漏洞分析的函数;静态漏洞分析器，用于通过确定是否存在与漏洞分析目标功能的通用弱点枚举（CWE）漏洞列表相对应的安全漏洞来生成静态漏洞检测列表;一种动态漏洞分析器，用于为具有从静态漏洞检测列表中选择的漏洞的功能生成测试用例，并执行偏好操作。

著录项

公开/公告号KR101906004B1

专利类型
公开/公告日2018-10-10

原文格式PDF
申请/专利权人 한국전력공사;
展开▼

申请/专利号KR20160160035
发明设计人 임용훈;권유진;
展开▼

申请日2016-11-29
分类号G06F21/57;
国家 KR
入库时间 2022-08-21 12:37:01

相似文献

专利
外文文献
中文文献