Threadsafe use of non-threadsafe libraries with multi-threaded processes
US-2017277562-A1 · Sep 28, 2017 · US
Method and system for identifying functional attributes that change the intended operation of a compiled binary extracted from a target system
US2019180037A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019180037-A1 |
| Application number | US-201816171753-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 26, 2018 |
| Priority date | Dec 13, 2017 |
| Publication date | Jun 13, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Vulnerable code allows outside actors to interfere with the normal operation of current systems. To help defend against these outside actors, it is desirable to identify vulnerabilities in existing systems, including systems where the original source code is not available for study. Described herein are methods for identifying functional attributes that change the intended operation of a compiled binary extracted from a target system.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method of securing a target system by automatically detecting vulnerabilities in the target system by identifying functional attributes that change intended operation of a compiled binary extracted from the target system, the method comprising: receiving a translated intermediate representation input (TIRI) of each function from the compiled binary, the translated intermediate representation input being produced from a function prototype corresponding to metadata identified for each function of the complied binary based on an earlier machine independent intermediate representation (MIIR); and applying at least one analyzer on the translated intermediate representation input of the compiled binary to identify at least one functional attribute that changes intended operation of the compiled binary. 2 . The method of claim 1 , wherein the function prototype corresponding to the identified metadata for each function of the compiled binary is derived from a current context for each function of the compiled binary based on the machine independent intermediate representation (MIIR) of each function of the compiled binary, the method comprising: generating a function prototype by emulating execution of the function to provide a prototyped function; recording the emulated execution states in the context for the prototyped function of the compiled binary; updating the function prototype for the prototyped function based on the emulated execution of the function and the context for the prototyped function; when the prototyped function is referenced by at least one other function of the compiled binary, updating the metadata of the function; and recursively emitting a function prototype of the at least one other function. 3 . The method of claim 1 , comprising: retrieving a previously emitted function prototype when metadata for a next function in the compiled binary has been previously identified and a corresponding function prototype exists. 4 . The method of claim 1 , wherein the function prototype provides a function signature. 5 . The method of claim 2 , wherein the function prototype changes a context of the function, the changes to the context of the function being recorded in the function prototype and the context for each function. 6 . The method of claim 2 , wherein the function prototype for a plurality of functions of the compiled binary are grouped into a functional block. 7 . The method of claim 2 , comprising: creating a new context for the function with a changed control flow when the function changes control flow, the new context being derived from the current context. 8 . The method of claim 2 , wherein the emulated execution states include register accesses, memory accesses, and calls to other functions. 9 . The method of claim 1 , wherein the machine independent intermediate representation (MIIR) of each function of the compiled binary from which the translated intermediate representation input (TIRI) of each function of the compiled binary is produced by a method which comprises: creating a function context for each function in the translated intermediate representation input (TIRI) based on a function prototype in the machine independent intermediate representation (MIIR); when the machine independent intermediate representation (MIIR) of each function uses global data objects, mapping the global data from the function context to data in the translated intermediate representation input (TIRI); and converting instructions from the machine independent intermediate representation (MIIR) into corresponding instructions in the translated intermediate representation input TIRI). 10 . The method of claim 9 , wherein the converting of the instructions from the machine independent intermediate representation (MIIR) into corresponding instructions in the translated intermediate representation input (TRI) is at least partially based on the metadata identified using the machine independent intermediate representation (MIIR) of the compiled binary.
Assignees
Inventors
Classifications
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
Decompilation; Disassembly · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Test or assess software · CPC title
Compilation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019180037A1 cover?
- Vulnerable code allows outside actors to interfere with the normal operation of current systems. To help defend against these outside actors, it is desirable to identify vulnerabilities in existing systems, including systems where the original source code is not available for study. Described herein are methods for identifying functional attributes that change the intended operation of a compil…
- Who is the assignee on this patent?
- Booz Allen Hamilton Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jun 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).