Title:
VULNERABILITY DISCOVERING DEVICE, VULNERABILITY DISCOVERING METHOD, AND VULNERABILITY DISCOVERING PROGRAM
Document Type and Number:
WIPO Patent Application WO/2017/061270
Kind Code:
A1
Abstract:
This vulnerability discovering device (10) is provided with: a vulnerable part extracting unit (13) which extracts a first program code corresponding to an uncorrected vulnerable part of software; a normalization processing unit (14) which normalizes a parameter changed by a compile environment, from among parameters included in the extracted first program code and a second program code of the software, which is to be inspected for the vulnerable part; a similarity calculating unit (15) which calculates similarity with the first program code by taking, as a subject for comparison, an arbitrary part of the second program code after the normalization; and a determining unit (16) which determines whether a part of the second program code, the calculated similarity of which is greater than a prescribed threshold, is an unknown vulnerable part by referring to vulnerability-related information.
More Like This:
| JP2007172485 | DATA DISPLAY AND DATA DISPLAY METHOD |
| JPH06282527 | NETWORK CONTROL SYSTEM |
| WO/2024/010695 | CLOUD-BASED ELECTRICAL GRID COMPONENT VALIDATION |
Inventors:
NAKAJIMA ASUKA (JP)
IWAMURA MAKOTO (JP)
YADA TAKESHI (JP)
IWAMURA MAKOTO (JP)
YADA TAKESHI (JP)
Application Number:
PCT/JP2016/077738
Publication Date:
April 13, 2017
Filing Date:
September 20, 2016
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/57
Foreign References:
| JP2011086147A | 2011-04-28 | |||
| US6282698B1 | 2001-08-28 | |||
| US8819856B1 | 2014-08-26 |
Other References:
J. PEWNY ET AL.: "Cross-Architecture Bug search in Binary executables", 36TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 18 May 2015 (2015-05-18), pages 709 - 724, XP055371769, Retrieved from the Internet [retrieved on 20161020]
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF: