Title:
VULNERABILITY DETECTION DEVICE, VULNERABILITY DETECTION METHOD, AND VULNERABILITY DETECTION PROGRAM
Document Type and Number:
WIPO Patent Application WO/2024/079803
Kind Code:
A1
Abstract:
A vulnerability detection device (10) comprises: a virtual machine analysis unit (121) that analyzes a VM of a script engine; an instruction set architecture analysis unit (122) that analyzes an instruction set architecture, which is a VM instruction system, that collects VM instructions, and that determines the instruction content of the collected VM instructions; a calculation unit (123) that, on the basis of the architecture information acquired by the virtual machine analysis unit (121) and the instruction set architecture analysis unit (122), constructs a first control flow graph indicating an overall path; and a vulnerability detection unit (124) that alters an input value, that constructs a second control flow graph indicating a path which is executed as a test and in which the altered input value input to an analysis target script, that calculates code coverage, and that, on the basis of the code coverage calculation result, selects a value to input and performs fuzzing of the analysis target script executed on the VM.
Inventors:
USUI TOSHINORI (JP)
KAWAKOYA YUHEI (JP)
IWAMURA MAKOTO (JP)
KAWAKOYA YUHEI (JP)
IWAMURA MAKOTO (JP)
Application Number:
PCT/JP2022/037943
Publication Date:
April 18, 2024
Filing Date:
October 11, 2022
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/57
Domestic Patent References:
| WO2022180702A1 | 2022-09-01 |
Other References:
USUI, TOSHINORI ET AL.: "Automatically Appending Execution Stall/Stop Prevention to Vanilla Script Engines", IPSJ SYMPOSIUM COMPUTER SECURITY SYMPOSIUM, 19 October 2021 (2021-10-19), pages 794 - 801
USUI TOSHINOBU, FURUKAWA WAKI, OTSUKI HAYATO, KAWAFURUYA YUHEI, IWAMURA SEI, MIYOSHI JUN, MATSUURA KANTA MATSUURA: "Automatically appending multi-path execution functionality to vanilla script engines", PROCEEDINGS OF COMPUTER SECURITY SYMPOSIUM 2019; OCTOBER 21-24, 2019, IPSJ, JAPAN, 14 October 2019 (2019-10-14) - 24 October 2019 (2019-10-24), Japan , pages 961 - 968, XP009539387
HIRAMATSU, HAYATO ET AL.: "A Fuzzing Method Specialized in the In-Kernel Interpreter", IPSJ SYMPOSIUM COMPUTER SECURITY SYMPOSIUM, 19 October 2021 (2021-10-19), pages 395 - 402
USUI TOSHINOBU, FURUKAWA WAKI, OTSUKI HAYATO, KAWAFURUYA YUHEI, IWAMURA SEI, MIYOSHI JUN, MATSUURA KANTA MATSUURA: "Automatically appending multi-path execution functionality to vanilla script engines", PROCEEDINGS OF COMPUTER SECURITY SYMPOSIUM 2019; OCTOBER 21-24, 2019, IPSJ, JAPAN, 14 October 2019 (2019-10-14) - 24 October 2019 (2019-10-24), Japan , pages 961 - 968, XP009539387
HIRAMATSU, HAYATO ET AL.: "A Fuzzing Method Specialized in the In-Kernel Interpreter", IPSJ SYMPOSIUM COMPUTER SECURITY SYMPOSIUM, 19 October 2021 (2021-10-19), pages 395 - 402
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF: