Patent · US Active

Method and apparatus for identifying security vulnerability in binary and location of cause of security vulnerability

US10339322B2 · kind B2 · utility

4Cited by

4References

13Claims

0Family size

Assignee

Korea Internet & Security Agency · KR

Inventors

Hwan Kuk Kim · Sani-myeon, KR
Tae-Eun Kim · Anyang-si, KR
Sang Hwan Oh · Anyang-si, KR
Soo Jin Yoon · Naju-si, KR
Jee Soo Jurn · Seoul, KR
Geon Bae Na · Sani-myeon, KR

Key dates

Filing date	Jul 16, 2018
Grant date	Jul 2, 2019
Priority date	—
Expiry date	Jul 16, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.