Software patch comparison technology through semantic analysis on function
Patch comparison provides support for software vulnerability,and structural comparison has been developed.Based on summarizing binary files comparison and anti-comparison methods,comparison technology was proposed by semantic analysis on function to address the issue that structural comparison canno...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2019-10-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2019051 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530093639303168 |
|---|---|
| author | Yan CAO Long LIU Yu WANG Qingxian WANG |
| author_facet | Yan CAO Long LIU Yu WANG Qingxian WANG |
| author_sort | Yan CAO |
| collection | DOAJ |
| description | Patch comparison provides support for software vulnerability,and structural comparison has been developed.Based on summarizing binary files comparison and anti-comparison methods,comparison technology was proposed by semantic analysis on function to address the issue that structural comparison cannot carry on semantic analysis.Through traditional structural comparison,syntax differences in function-level were analyzed to find the maximum common subgraph.Then,the path cluster was built between the input and output of the function depend on program dependency analysis.Function output characteristics was established based on symbolic execution.Semantic differences of functions were compared by functional summaries.Based on the maximum isomorphic subgraph,the matched functions which there are possible semantic changes between was further analyzed.Ultimately,the experimental results showed the feasibility and advantages of the proposed method. |
| format | Article |
| id | doaj-art-e0e6a304950e4a7298d3ce08e886f7f5 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2019-10-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-e0e6a304950e4a7298d3ce08e886f7f52025-01-15T03:13:44ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2019-10-015566359556656Software patch comparison technology through semantic analysis on functionYan CAOLong LIUYu WANGQingxian WANGPatch comparison provides support for software vulnerability,and structural comparison has been developed.Based on summarizing binary files comparison and anti-comparison methods,comparison technology was proposed by semantic analysis on function to address the issue that structural comparison cannot carry on semantic analysis.Through traditional structural comparison,syntax differences in function-level were analyzed to find the maximum common subgraph.Then,the path cluster was built between the input and output of the function depend on program dependency analysis.Function output characteristics was established based on symbolic execution.Semantic differences of functions were compared by functional summaries.Based on the maximum isomorphic subgraph,the matched functions which there are possible semantic changes between was further analyzed.Ultimately,the experimental results showed the feasibility and advantages of the proposed method.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2019051vulnerability analysispatch comparisonsymbolic executionsemantic analysis |
| spellingShingle | Yan CAO Long LIU Yu WANG Qingxian WANG Software patch comparison technology through semantic analysis on function 网络与信息安全学报 vulnerability analysis patch comparison symbolic execution semantic analysis |
| title | Software patch comparison technology through semantic analysis on function |
| title_full | Software patch comparison technology through semantic analysis on function |
| title_fullStr | Software patch comparison technology through semantic analysis on function |
| title_full_unstemmed | Software patch comparison technology through semantic analysis on function |
| title_short | Software patch comparison technology through semantic analysis on function |
| title_sort | software patch comparison technology through semantic analysis on function |
| topic | vulnerability analysis patch comparison symbolic execution semantic analysis |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2019051 |
| work_keys_str_mv | AT yancao softwarepatchcomparisontechnologythroughsemanticanalysisonfunction AT longliu softwarepatchcomparisontechnologythroughsemanticanalysisonfunction AT yuwang softwarepatchcomparisontechnologythroughsemanticanalysisonfunction AT qingxianwang softwarepatchcomparisontechnologythroughsemanticanalysisonfunction |