摘要 |
A human-readable list of patch differences ranked by weight helps vulnerability analysts allocate their time. From binary code, identified source functions and recognized sink functions are used when assigning relative weights to changes caused by a patch. Source functions are identified using an export table, import table, and remote procedure call interface. Sink functions are recognized using blacklisted functions, patch-targeted functions, memory functions, string functions, and functions called with mismatched parameters. A change prioritizer assigns weights based on an architectural graph and a set of prioritization rules that specify what kind of change is made by a patch, and what kind of function is changed. Weight assignments may be additive. Rules may assign certain kinds of change a higher priority for subsequent scrutiny by an analyst. |