公开(公告)号：US20220284109A1

公开(公告)日：2022-09-08

申请号：US17636417

申请日：2019-08-27

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/57 ,  G06F8/75

Abstract: In a backdoor inspection apparatus, a specifying unit specifies a plurality of functional blocks respectively corresponding to a plurality of functions included in a target software. Inspection units executes inspection processing for each different type of backdoors. A distribution unit inputs the functional blocks specified by the specifying unit to at least some of the inspection units according to functions corresponding to each functional block specified by the specifying unit.

公开(公告)号：US20220277083A1

公开(公告)日：2022-09-01

申请号：US17632596

申请日：2020-07-06

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/57 ,  H04L9/32

Abstract: The present disclosure aims to provide a backdoor inspection device, a user device, a system, a method, and a non-transitory computer-readable medium that enable a third party to easily verify whether software contains a backdoor. A backdoor inspection device according to the present disclosure includes: a backdoor presuming means for analyzing a function and a structure of the software, performing backdoor inspection on the software, and identifying a presumed code that is presumed to be the backdoor from the software; and a certificate issuance means for issuing a certificate that includes information about the backdoor inspection and information that associates the information about the backdoor inspection with the software.

公开(公告)号：US20230252150A1

公开(公告)日：2023-08-10

申请号：US18008770

申请日：2020-06-09

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Takayuki SASAKI

IPC: G06F21/56 ,  G06F21/55

CPC classification number: G06F21/566 ,  G06F21/552 ,  G06F2221/033

Abstract: In a software correcting apparatus, a specification unit specifies a plurality of code blocks contained in a target software. A checking unit determines, for each of the specified code blocks, whether or not the specified code block is a code block that is possibly a backdoor, and specifies a code block that is determined to be possibly a backdoor as a backdoor block. A correction processing unit performs an execution-disabling process or a putting-under-surveillance process on the backdoor block contained in the target software. The execution-disabling process is a process for changing the state of the backdoor block into a state in which it cannot be executed. The putting-under-surveillance process is a process for handling the backdoor block as a subject that should be monitored when it is executed.

公开(公告)号：US20240403425A1

公开(公告)日：2024-12-05

申请号：US18698056

申请日：2021-10-13

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Nakul GHATE ,  Kohei TATARA

IPC: G06F21/56 ,  G06F8/75 ,  G06F21/57

Abstract: A fraud detection apparatus comprises: a function extraction part that refers to a target function list showing functions to be analyzed and analyzes a program to extract a target function; a structure extraction part that analyzes the program to extract an execution path and a conditional branch; a conditional branch scoring part that refers to a score list showing the probability of meeting the condition of a conditional branch and assigns a score to each of the extracted conditional branches to create a conditional branch score table; a reachability probability calculation part that calculates the probability of reaching the target function from the scores for conditional branches included in the execution path on the basis of the conditional branch score table; and a backdoor determination part that reports an execution path having a low reachability probability as a path with a high probability of being a backdoor execution path.

公开(公告)号：US20220277079A1

公开(公告)日：2022-09-01

申请号：US17632563

申请日：2019-08-09

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/57

Abstract: The present disclosure aims to provide a backdoor inspection device, a method, and a non-transitory computer-readable medium that are capable of detecting a code being highly likely to be a backdoor from software. A backdoor inspection device according to the present disclosure includes: a backdoor presuming means for analyzing a function and a structure of software and identifying a presumed code that is presumed to be a backdoor from the software; a data flow analysis means for analyzing a propagation state of confidential data in the software and identifying a confidential code that processes the confidential data; and a backdoor determination means for identifying a backdoor code that is more likely to be the backdoor than the presumed code, based on the presumed code and the confidential code.

公开(公告)号：US20240037215A1

公开(公告)日：2024-02-01

申请号：US18021001

申请日：2020-08-19

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Takayuki Sasaki

IPC: G06F21/51

CPC classification number: G06F21/51 ,  G06F2221/033

Abstract: A program analysis device including: code block extraction means for extracting code blocks having specific qualities from code blocks included in binary data of a program; backdoor score calculation means for calculating, for each code block extracted by the code block extraction means, based on the contents of operations in each code block, a backdoor score, which is a score indicating the possibility of each code block being a backdoor code or a score indicating the degree of impact of each code block on a system when it is executed; and output means for outputting the code blocks extracted by the code block extraction means and the backdoor score calculated for each of the extracted code blocks by the backdoor score calculation means.

公开(公告)号：US20240037010A1

公开(公告)日：2024-02-01

申请号：US18267684

申请日：2021-03-23

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Norio YAMAGAKI

IPC: G06F11/36

CPC classification number: G06F11/3604

Abstract: A program analysis apparatus includes a first code block extraction means for extracting a first code block having a specific property from codes included in a binary of a program, a second code block extraction means for extracting a second code block performing a predetermined sensitive operation from the codes included in the binary of the program, a relationship information acquisition means for acquiring relationship information indicating a relationship on a control flow between the first code block and the second code block, a backdoor score calculation means for calculating a backdoor score based on content of the predetermined sensitive operation in the first code block and performing addition and subtraction of the backdoor score with respect to the first code block based on the relationship information, and an output means for outputting the first code block and the backdoor score for the first code block.

公开(公告)号：US20220292201A1

公开(公告)日：2022-09-15

申请号：US17636420

申请日：2019-08-27

Applicant: NEC Corporation

Inventor： Takayuki SASAKI ,  Yusuke SHIMADA

IPC: G06F21/57 ,  H04L9/32

Abstract: In backdoor inspection apparatus, an inspection control unit controls whether or not to cause a target functional block to be input to an inspection unit according to trust of the target functional block. The inspection unit executes inspection processing for a backdoor on the input target functional block.

公开(公告)号：US20220276863A1

公开(公告)日：2022-09-01

申请号：US17631743

申请日：2019-08-08

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Takayuki SASAKI

IPC: G06F8/75 ,  G06F8/72

Abstract: A software analyzing device capable of extracting a candidate for an unauthorized feature or an unnecessary feature contained in a code of software is to be provided. The software analyzing device includes a feature identifying means for identifying a predetermined specific feature in a code of software, a control-flow identifying means for identifying a control flow connecting with the specific feature, and a candidate extracting means for extracting, as a candidate for an unauthorized feature or an unnecessary feature, a first code part the code of the software unreachable from the control flow connecting with the specific feature.

公开(公告)号：US20250077390A1

公开(公告)日：2025-03-06

申请号：US18795468

申请日：2024-08-06

Applicant: NEC Corporation

Inventor： Yusuke SHIMADA ,  Shunichi KINOSHITA ,  Daiki TANAKA ,  Daichi ARAI

IPC: G06F11/36

Abstract: A backdoor inspection apparatus and the like with improved inspection accuracy of a backdoor trigger are provided. A backdoor inspection apparatus includes: an acquisition unit acquiring a program to be analyzed and starting point information of analysis; a data flow analysis unit analyzing a data flow included in the program, based on the acquired program to be analyzed and starting point information of analysis, and outputting data flow analysis information; and a conditional branch extraction unit extracting, as a candidate of a backdoor trigger, a conditional branch in which external input data are directly propagated, by using the data flow analysis information.