公开(公告)号：US12141279B2

公开(公告)日：2024-11-12

申请号：US17636444

申请日：2019-08-29

Applicant: NEC Corporation

Inventor： Takayuki Sasaki ,  Yusuke Shimada

IPC: G06F21/54 ,  G06F21/55

Abstract: In a backdoor inspection apparatus, a static analysis unit executes static analysis processing for a backdoor on each code block included in target software to be inspected to thereby specify a first code block and a condition, the first code possibly being the backdoor and the first code block being executed under the condition. Next, the static analysis unit outputs the target software to which first information indicating the specified first code block is added and second information indicating the specified condition to a dynamic analysis unit. The dynamic analysis unit controls dynamic analysis processing for the backdoor performed on the target software to which the first information is added based on the first information and the second information.

公开(公告)号：US20240045973A1

公开(公告)日：2024-02-08

申请号：US18267690

申请日：2021-03-23

Applicant: NEC Corporation

Inventor： Yusuke Shimada ,  Norio Yamagaki

IPC: G06F21/57 ,  G06F8/75

CPC classification number: G06F21/577 ,  G06F8/75

Abstract: A symbol narrowing-down apparatus includes a symbol extraction means for extracting a plurality of predetermined symbols from codes included in a binary of a program, a first code block extraction means for extracting a code block having a specific property as a first code block to be analyzed as to whether the code block is a backdoor, a second code block extraction means for extracting, as a plurality of second code blocks, a plurality of code blocks that access the plurality of respective predetermined symbols, a symbol narrowing-down means for extracting, from the plurality of predetermined symbols, a symbol to be accessed by the second code block satisfying a condition on a control flow according to a type of the backdoor to be analyzed among the plurality of second code blocks, and a symbol output means for outputting the symbol extracted by the symbol narrowing-down means.

公开(公告)号：US20250077203A1

公开(公告)日：2025-03-06

申请号：US18754341

申请日：2024-06-26

Applicant: NEC Corporation

Inventor： Shunichi KINOSHITA ,  Yusuke Shimada ,  Daiki Tanaka ,  Daichi Arai

IPC: G06F8/41

Abstract: An information processing apparatus includes: a dependency analysis unit configured to execute a flow analysis on an inspection target program and analyze dependency relationships between variables in a process flow included in the inspection target program, the dependency relationships including a data dependency relationship and a control dependency relationship; and a directed graph generation unit configured to generate, based on results of analyzing the dependency relationships, a directed graph having a part of the inspection target program which generates the control dependency relationship as a node regarding the process flow.

公开(公告)号：US11868744B2

公开(公告)日：2024-01-09

申请号：US17631044

申请日：2019-08-08

Applicant: NEC Corporation

Inventor： Yusuke Shimada ,  Takayuki Sasaki

IPC: G06F8/30 ,  G06F40/205

CPC classification number: G06F8/37 ,  G06F40/205

Abstract: A feature estimating device includes a parser identifying means for identifying a parser, the parser being contained in software, for parsing user input and executing a relevant command, a dividing means for extracting commands form a character string in the parser and clustering control flows connecting with the extracted commands as starting points to divide a code of the software for each feature, and a feature estimating means for estimating, based on a characteristic part of each divided code, a feature for each divided code.

公开(公告)号：US20250085939A1

公开(公告)日：2025-03-13

申请号：US18756017

申请日：2024-06-27

Applicant: NEC Corporation

Inventor： Daiki TANAKA ,  Shunichi Kinoshita ,  Yusuke Shimada ,  Daichi Arai

IPC: G06F8/41 ,  G06Q10/08

Abstract: An information processing apparatus capable of performing an analysis appropriately depending on a resource to be operated by a function in an inspection target program is provided. The information processing apparatus includes: an extraction unit configured to extract function call parts each indicating a part of an inspection target program from which a function is called; a specifying unit configured to specify an operation target resource to be operated by the function; and a narrowing unit configured to narrow down, based on the content of the operation of the function on the operation target resource, analysis target parts on which a process flow analysis is performed from the function call parts. The inspection target program includes variable definition processing for defining a variable indicating the operation target resource. The specifying unit specifies an operation target resource indicated by the variable defined in the variable definition processing.

公开(公告)号：US12164648B2

公开(公告)日：2024-12-10

申请号：US17632596

申请日：2020-07-06

Applicant: NEC Corporation

Inventor： Takayuki Sasaki ,  Yusuke Shimada

IPC: G06F21/57 ,  H04L9/32

Abstract: The present disclosure aims to provide a backdoor inspection device, a user device, a system, a method, and a non-transitory computer-readable medium that enable a third party to easily verify whether software contains a backdoor. A backdoor inspection device according to the present disclosure includes: a backdoor presuming means for analyzing a function and a structure of the software, performing backdoor inspection on the software, and identifying a presumed code that is presumed to be the backdoor from the software; and a certificate issuance means for issuing a certificate that includes information about the backdoor inspection and information that associates the information about the backdoor inspection with the software.

公开(公告)号：US20230229783A1

公开(公告)日：2023-07-20

申请号：US18007779

申请日：2020-06-05

Applicant: NEC Corporation

Inventor： Takayuki Sasaki ,  Yusuke Shimada

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: The present disclosure aims to provide a backdoor inspection device, a user device, a system, a method, and a non-transitory computer-readable medium that can increase trustability of software as to whether or not there is a backdoor in the software. A system according to the present disclosure includes: a plurality of backdoor inspection devices; a plurality of databases; and a user device, in which the backdoor inspection device includes: a backdoor presuming means for performing backdoor inspection on a prescribed software installed in a counterpart device that communicates with the user device and presumes whether or not there is a backdoor in the prescribed software; a certificate issuance means for issuing a backdoor inspection certificate including a result of the backdoor inspection, the database includes: a registration means for registering the backdoor inspection certificate; and a transmission means for transmitting the backdoor inspection certificate.

公开(公告)号：US20230229766A1

公开(公告)日：2023-07-20

申请号：US18007629

申请日：2020-06-03

Applicant: NEC Corporation

Inventor： Takayuki Sasaki ,  Yusuke Shimada

IPC: G06F21/55 ,  G06F21/14 ,  G06F21/57

CPC classification number: G06F21/556 ,  G06F21/14 ,  G06F21/577 ,  G06F2221/033

Abstract: An identifying unit identifies, in a backdoor inspection device, a plurality of code blocks included in software to be inspected. An inspection unit executes backdoor inspection processing on the software to be inspected for the plurality of the code blocks that are identified by the identifying unit. An adjustment processing unit executes adjustment processing including obfuscation processing on the software to be inspected. A certificate generation unit generates a first certificate containing at least information on a result of the backdoor inspection processing. An output unit outputs the software to be inspected on which the adjustment processing has been performed together with the first certificate.