发明名称 |
SOFTWARE VULNERABILITY ANALYSIS METHOD AND DEVICE |
摘要 |
The present disclosure includes: searching a code clone corresponding to a used source code from any analysis target source code; detecting a security sink and sensitive data of the security sink on the basis of patch information in the searched code clone; acquiring a source code which is from the user input point the a security sink by backwardly tracing the sensitive data detected in the analysis target source code; and verifying whether the searched code clone is a vulnerability in the analysis target source code by performing a concolic testing on the basis of a path from the input point to the security sink. |
申请公布号 |
US2016188885(A1) |
申请公布日期 |
2016.06.30 |
申请号 |
US201514978300 |
申请日期 |
2015.12.22 |
申请人 |
Korea University Research and Business Foundation |
发明人 |
Lee Heejo;Li Hongzhe;Kwon Jonghoon;Kwon Hyuck-Min |
分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
1. A software vulnerability analysis method in an analysis device, comprising:
searching a code clone corresponding to a used source code from any analysis target source code; detecting a security sink and sensitive data of the security sink on the basis of patch information in the searched code clone after the searching; acquiring a source code which is from the user input point to the security sink by backwardly tracing the sensitive data detected in the analysis target source code after the detecting; and verifying whether the searched code clone is a vulnerability in the analysis target source code by performing a concolic testing on the basis of a path from the input point to the security sink after the acquiring a source code. |
地址 |
Seoul KR |