Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Firmware vulnerability discrimination method and system based on open source component version identification

A discrimination method and vulnerability technology, which is applied in the field of firmware vulnerability discrimination based on open source component version identification, can solve the problems of high false positive rate of correlation results and low correlation efficiency, and achieve the goal of improving efficiency, accuracy and high reliability Effect

Active Publication Date: 2020-07-10
INST OF INFORMATION ENG CAS
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these security vulnerability correlation techniques for large-scale firmware have problems such as low correlation efficiency and high false positive rate of correlation results, which makes the security analysis technology for large-scale firmware vulnerabilities still in continuous exploration.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firmware vulnerability discrimination method and system based on open source component version identification
  • Firmware vulnerability discrimination method and system based on open source component version identification
  • Firmware vulnerability discrimination method and system based on open source component version identification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0056] When developing firmware, firmware developers often reuse open source software codes and use third-party SDKs extensively in order to pursue development efficiency and have high requirements for the running speed and security performance of firmware in smart devices. Widely used in the firmware of IoT devices, when a certain version of an o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a firmware vulnerability discrimination method and system based on open source component version identification, and the method comprises the steps: scanning afirmware decoding package library, and obtaining a first path list of a to-be-analyzed component; traversing the first path list of the to-be-analyzed component, and associating and verifying the to-be-analyzed component and the open source component string database to obtain a second path list of the to-be-analyzed component; carrying out the version identification on the to-be-analyzed component to obtain a firmware open source component version number corresponding to the to-be-analyzed component; traversing the open source component version vulnerability dictionary, and if a firmware opensource component version number exists in the open source component version vulnerability dictionary, judging and knowing that the to-be-analyzed component is a suspicious vulnerability component; performing vulnerability verification on the suspicious vulnerability component, and storing the to-be-analyzed component passing the vulnerability verification into a firmware vulnerability component library. According to the embodiment of the invention, suspicious vulnerabilities can be efficiently searched, the reliability of firmware security evaluation is high, and the vulnerability discovery efficiency and accuracy are improved.

Description

technical field [0001] The present invention relates to the technical fields of Internet of Things device firmware security, binary vulnerability discovery, and security emergency response, and in particular to a firmware vulnerability identification method and system based on open source component version identification. Background technique [0002] With the transformation of the Internet era, the rise of the Internet of Things industry and the steady advancement of the Industrial Internet, embedded system equipment is becoming more and more networked, and Internet of Things devices are widely used in people's production and life. Smart devices such as routers, switches, network cameras, drones, and robots, while bringing convenience and improving work efficiency to people, also pose unprecedented challenges to the security of smart device systems and even the entire cyberspace. Different from traditional PC systems, IoT device systems usually contain specific underlying s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F16/903
CPCG06F21/577G06F16/90344
Inventor 石志强张国栋杨寿国黄晋涛李志李红孙利民
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com