METHODS OF IDENTIFYING ACTIVEX CONTROL DISTRIBUTION SITE, DETECTING SECURITY VULNERABILITY IN ACTIVEX CONTROL AND IMMUNIZING THE SAME
First Claim
Patent Images
1. A method of identifying an ActiveX control distribution site, comprising:
- performing a search engine query input from a distribution site identification server to obtain URLs to be tested, and executing a web browser for each of the URLs to access the URLs;
determining whether or not each of the accessed URLs uses an ActiveX control;
collecting information on the ActiveX control and recording the information in a distribution status DB when each accessed URL uses an ActiveX control; and
identifying the ActiveX control distribution site based on the distribution status DB.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method of identifying an ActiveX control distribution site, detecting a security vulnerability in an ActiveX control and immunizing the same. A security vulnerability existing in an ActiveX control may be automatically detected, effects brought on by the corresponding security vulnerability may be measured, and abuse of the detected security vulnerability in a user PC to be protected may be immediately prevented. Therefore, since the user PC may be protected regardless of a security patch, it is anticipated that security problems in the Internet environment caused by imprudent use of the ActiveX control may be significantly enhanced.
-
Citations
18 Claims
-
1. A method of identifying an ActiveX control distribution site, comprising:
-
performing a search engine query input from a distribution site identification server to obtain URLs to be tested, and executing a web browser for each of the URLs to access the URLs; determining whether or not each of the accessed URLs uses an ActiveX control; collecting information on the ActiveX control and recording the information in a distribution status DB when each accessed URL uses an ActiveX control; and identifying the ActiveX control distribution site based on the distribution status DB. - View Dependent Claims (2, 3, 4)
-
-
5. A method of detecting a security vulnerability in an ActiveX control, comprising:
-
installing an ActiveX control to be tested from a security vulnerability detection server to a testing PC that operates in a virtual machine; generating combinations of test input values for testing the ActiveX control; generating a test web page using the generated combinations of test input values; executing a web browser to access the generated test web page, monitoring activities of the web browser, and recording a debugging log caused by abnormal termination of the web browser and a resource access log caused by a resource access in a security vulnerability DB; and detecting a security vulnerability in the ActiveX control based on the security vulnerability DB. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of immunizing a security vulnerability in an ActiveX control, comprising:
-
updating an exploit pattern DB in which an exploit pattern that is an abnormal use pattern of an ActiveX control at a user PC is recorded, and hooking a function call path of an ActiveX control to be monitored; monitoring a call of a function of the ActiveX control to be monitored using the hooked code; measuring a degree of similarity between a transfer factor and the exploit pattern with respect to each function call when the function call of the ActiveX control to be monitored is made; determining use of the exploit pattern and interrupting the function call when the measured degree of similarity exceeds a predefined threshold, and determining non-use of the exploit pattern and allowing the function call when the measured degree of similarity does not exceed a predefined threshold; and collecting information on abuse of a vulnerability and transferring the collected information to a security vulnerability detection server when the use of the exploit pattern causes the function call to be blocked. - View Dependent Claims (16, 17, 18)
-
Specification