KR-102960243-B1 - ELECTRONIC APPARATUS AND METHOD FOR CONTROLLING THEREOF

Abstract

A method for controlling an electronic device is disclosed. The control method according to the present disclosure comprises: a step of obtaining trace data for a target program; a step of obtaining at least one first function based on the trace data; a step of identifying a second function corresponding to a first basic block where fuzzing begins among the at least one first function; a step of obtaining a third function by abstracting the second function; and a step of performing fuzzing based on the trace data and the third function.

Inventors

• 차상길
• 김도혁
• 김수민
• 김홍식

Assignees

• 삼성전자주식회사
• 한국과학기술원

Dates

Publication Date

20260508

Application Date

20200319

Claims (15)

1. In a method for controlling a fuzzing electronic device, A step of acquiring trace data for a target program; A step of obtaining at least one first function based on the above trace data; A step of identifying a second function corresponding to a first basic block where fuzzing begins among at least one first function; A step of obtaining a third function by abstracting the second function above; and The method includes the step of performing fuzzing based on the trace data and the third function; The above trace data includes at least one snapshot data for the target program, and The step of performing the above-mentioned purging is, A step of identifying a snapshot data among the at least one snapshot data that corresponds to the execution time of the second function, and loading the identified snapshot data; A step comprising obtaining a first input value for the first basic block based on the third function, and inputting the first input value into the first basic block to detect a crash. Control method.
2. delete
3. In Article 1, If the above crash is detected, the method further includes a step of verifying the crash detection based on the first input value and location information regarding the crash; The above verification step is, A step of obtaining location information for the second basic block where the above crash was detected, A step of obtaining a second input value for the target program based on the first input value and the third function, and A step of verifying the crash detection based on location information for the second basic block and the second input value. Control method.
4. In Paragraph 3, The step of verifying the above crash detection is, When the above second input value is input into the target program and a crash is detected in the above second basic block, the crash detection is determined to be a true detection. Control method.
5. In Paragraph 3, The step of verifying the above crash detection is, If the above second input value is input into the target program and a crash is not detected in the above second basic block, the crash detection is determined to be a false detection. Control method.
6. In Article 1, The step of obtaining the above third function is, Obtain the solution of the above second function, Generating a third function based on the solution of the second function obtained above Control method.
7. In a method for controlling a fuzzing electronic device, A step of acquiring trace data for a target program; A step of obtaining at least one first function based on the above trace data; A step of identifying a second function corresponding to a first basic block where fuzzing begins among at least one first function; A step of obtaining a third function by abstracting the second function above; and The method includes the step of performing fuzzing based on the trace data and the third function; The step of obtaining the above-mentioned first function is, A step of identifying at least one constraint included in the trace data, and A step of obtaining the first function based on the identified constraints. Control method.
8. In an electronic device that performs fuzzing, Memory for storing at least one instruction; and Includes a processor; The above processor is, Acquire trace data for the target program, and Based on the above trace data, at least one first function is obtained, and Identifying a second function corresponding to a first basic block where fuzzing starts among at least one first function, and Obtain a third function by abstracting the above second function, and Fuzzing is performed based on the above trace data and the above third function, and The above trace data includes at least one snapshot data for the target program, and The above processor is, Identifying snapshot data among the at least one snapshot data that corresponds to the execution time of the second function, and loading the identified snapshot data, Based on the third function above, a first input value for the first basic block is obtained, and the first input value is input into the first basic block to detect a crash. Electronic device.
9. delete
10. In Article 8, The above processor is, If the above crash is detected, Verify the crash detection based on the first input value and location information regarding the crash, Obtain location information for the second basic block where the above crash was detected, and Based on the first input value and the third function, a second input value for the target program is obtained, and Verifying the crash detection based on the location information for the second basic block and the second input value Electronic device.
11. In Article 10, The above processor is, When the above second input value is input into the target program and a crash is detected in the above second basic block, the crash detection is determined to be a true detection. Electronic device.
12. ◈Claim 12 was waived upon payment of the establishment registration fee.◈ In Article 10, The above processor is, If the above second input value is input into the target program and a crash is not detected in the above second basic block, the crash detection is determined to be a false detection. Electronic device.
13. ◈Claim 13 was waived upon payment of the establishment registration fee.◈ In Article 8, The above processor is, Obtain the solution of the above second function and Generating a third function based on the solution of the second function obtained above Electronic device.
14. ◈Claim 14 was waived upon payment of the establishment registration fee.◈ In Article 8, The above processor is, Identify at least one constraint included in the above trace data, and Obtaining the first function based on the above identified constraints Electronic device.
15. In Article 8, The above second function is, Corresponding to the upper branch connected to the above-mentioned first basic block Electronic device.

Description

ELECTRONIC APPARATUS AND METHOD FOR CONTROLLING THEREOF The present disclosure relates to an electronic device and a method for controlling the same, and more specifically, to an electronic device and a method for controlling the same that perform fuzzing on a target program. Recently, due to the proliferation of internet-connected devices such as smart devices and IoT devices, software attack factors have been increasing. Consequently, research on technologies for finding software (or device) vulnerabilities is actively underway. One known method for finding vulnerabilities is fuzzing, which involves inputting various values into the software to verify whether the device processes those values properly without vulnerabilities. Meanwhile, in-memory fuzzing is being utilized recently as a method to perform fuzzing more effectively. In-memory fuzzing is a method designed to avoid the overhead associated with traditional fuzzing methods, which involve running the software from scratch every time fuzzing is performed. It involves saving a snapshot of the memory state at the time a specific function is executed, and when running a new test case, restoring the memory snapshot to input values into the base block corresponding to that function to perform the fuzzing. However, even if a user identifies the input value that caused the crash during the fuzzing operation through this in-memory fuzzing method, there is a problem with a high false positive rate for vulnerabilities, such as the crash not being reproduced when that input value is entered into the program. Accordingly, there is a growing need for technology to reduce the false positive rate regarding vulnerabilities in in-memory fuzzing methods. * Prior art Published Patent Application No. 10-2019-0051301 (May 15, 2019) Registered Patent Publication No. 10-1904911 (October 8, 2018) FIG. 1 is a flowchart for explaining the operation of an electronic device according to one embodiment of the present disclosure. FIG. 2 is a configuration diagram of a target program according to one embodiment of the present disclosure. FIG. 3 is a diagram illustrating the function abstraction operation of an electronic device according to one embodiment of the present disclosure. FIG. 4 is a drawing for explaining a purging operation according to one embodiment of the present disclosure. FIG. 5 is a block diagram illustrating the configuration of an electronic device according to one embodiment of the present disclosure. FIG. 6 is a flowchart illustrating a method for controlling an electronic device according to one embodiment of the present disclosure. The terms used in this specification will be briefly explained, and the present disclosure will be described in detail. The terms used in the embodiments of this disclosure have been selected to be as widely used as possible, taking into account their functions within this disclosure; however, these terms may vary depending on the intent of those skilled in the art, case law, the emergence of new technologies, etc. Additionally, in specific cases, terms have been arbitrarily selected by the applicant, and in such cases, their meanings will be described in detail in the relevant explanatory section of this disclosure. Therefore, terms used in this disclosure should be defined not merely by their names, but based on their meanings and the overall content of this disclosure. The embodiments of the present disclosure are subject to various modifications and may have various embodiments; therefore, specific embodiments are illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the scope of specific embodiments, and it should be understood that it includes all modifications, equivalents, and substitutions that fall within the scope of the disclosed spirit and technology. In describing the embodiments, if it is determined that a detailed description of related prior art may obscure the essence, such detailed description is omitted. Terms such as "first," "second," etc., may be used to describe various components, but components should not be limited by these terms. Terms are used solely for the purpose of distinguishing one component from another. The singular expression includes the plural expression unless the context clearly indicates otherwise. In this application, terms such as "comprising" or "consisting of" are intended to specify the existence of the features, numbers, steps, actions, components, parts, or combinations thereof described in the specification, and should be understood as not precluding the existence or addition of one or more other features, numbers, steps, actions, components, parts, or combinations thereof. Embodiments of the present disclosure are described below with reference to the attached drawings so that those skilled in the art can easily implement them. However, the present disclosure may be embodied in various different forms and is no