Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software security vulnerability discovery method and system, storage medium and computer device

A software security and vulnerability technology, applied in the fields of mining methods, software security vulnerability mining systems, non-volatile computer-readable storage media and computer equipment, can solve the problem of low efficiency of mining methods, difficulty in comprehensively and accurately determining software security loopholes and other issues to achieve the effect of improving efficiency

Active Publication Date: 2019-09-03
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Existing methods for discovering software security vulnerabilities are mainly through manual analysis, which depends on the experience and level of analysts, and it is difficult to comprehensively and accurately Identify software security vulnerabilities
In addition, the efficiency of the manual analysis method is relatively low, which increases the difficulty of software security vulnerability discovery.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software security vulnerability discovery method and system, storage medium and computer device
  • Software security vulnerability discovery method and system, storage medium and computer device
  • Software security vulnerability discovery method and system, storage medium and computer device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

[0032] In the description of the present invention, it should be understood that the terms "first" and "second" are used for description purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly indicating the quantity of indicated technical features. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of said features. In the description of the present invention, "plurality" means two or more, unless otherwise specifically defined.

[0033] In the descr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software security vulnerability discovery method. The mining method comprises the following steps: converting to-be-analyzed software into a program code package in an intermediate language form; constructing a control flow graph and identifying a current function name according to the program code package; determining a stain source function and a stain source accordingto the current function name; determining a safety critical function according to the current function name and the safety critical function library; obtaining statements related to the stain source function and / or the security critical function to serve as to-be-analyzed code segments; carrying out symbol execution and stain analysis on the to-be-analyzed code segment; and when the stain source is propagated to the security critical function, generating alarm information of the software security vulnerability. The invention further discloses a discovery system, a computer readable storage medium and a computer device. According to the discovery method, the discovery system, the computer readable storage medium and the computer device, the warning information of the software security holecan be directly generated according to the program code of the to-be-analyzed software, the process is full-automatic, and manual participation is not needed.

Description

technical field [0001] The invention relates to the field of software engineering, in particular to a method for discovering software security loopholes, a system for discovering software security loopholes, a non-volatile computer-readable storage medium and computer equipment. Background technique [0002] Existing methods for discovering software security vulnerabilities are mainly through manual analysis, which depends on the experience and level of analysts, and it is difficult to fully and accurately determine software security vulnerabilities. In addition, the efficiency of the manual analysis method is relatively low, which increases the difficulty of software security vulnerability discovery. Contents of the invention [0003] Embodiments of the present invention provide a method for discovering software security loopholes, a system for discovering software security loopholes, a non-volatile computer-readable storage medium, and computer equipment. [0004] The e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F11/36
CPCG06F21/577G06F11/3604
Inventor 廖崇粮
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products