Invention Grant
- Patent Title: Method and apparatus for identifying security vulnerability in binary and location of cause of security vulnerability
-
Application No.: US16036396Application Date: 2018-07-16
-
Publication No.: US10339322B2Publication Date: 2019-07-02
- Inventor: Hwan Kuk Kim , Tae Eun Kim , Sang Hwan Oh , Soo Jin Yoon , Jee Soo Jurn , Geon Bae Na
- Applicant: KOREA INTERNET & SECURITY AGENCY
- Applicant Address: KR Jeollan-Do
- Assignee: KOREA INTERNET AND SECURITY AGENCY
- Current Assignee: KOREA INTERNET AND SECURITY AGENCY
- Current Assignee Address: KR Jeollan-Do
- Agency: K&L Gates LLP
- Priority: KR10-2017-0152288 20171115
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00 ; G06F21/57
Abstract:
Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.
Public/Granted literature
Information query
