WO2012032660A1 - Mobile code testing device, method of mobile code testing and program for mobile code testing - Google Patents

Abstract

A mobile code test device automatically cycles through a cycling route previously defined by a tester, and extracts input function information inputted into a virtual machine from a browser. Next, the mobile code test device, in a test cycle, locates unauthorized input function information having a function name matching the function name of the input function information, and embeds unauthorized argument information. Then, the mobile code test device locates unauthorized output function information having a function name matching the function name of an output function information outputted from the virtual machine, and determines there is a vulnerability in the mobile code when unauthorized argument information inputted during the test cycle is included in the argument information for the located unauthorized output function information.

Description

Mobile code test apparatus, mobile code test method, and mobile code test program

The present invention relates to a mobile code test apparatus, a mobile code test method, and a mobile code test program. More specifically, the present invention relates to a mobile code test apparatus, a mobile code test method, and a mobile code test program that can automatically determine vulnerabilities in mobile code.

A general computer is installed with an OS (Operating System) having a role of mediating control in hardware and a function of providing an interface environment in consideration of user operability. Yes. Furthermore, when a user performs various processes using a computer, it is necessary to install a program (application software) necessary for the process in the computer.

However, application programs that can receive various services by accessing a predetermined server via the Internet or the like instead of directly installing the program on a computer are widely known today. Such an application program is generally called a web application program. A web application program is run on a server connected via the Internet, and a user operating a computer accesses various pages provided by the server by accessing a corresponding page of the server using a browser (browser program). Service is available.

In recent years, services provided by browsers are no longer limited to simple text information and image information. Various programs such as videos, videos, and games are automatically downloaded from the server and automatically downloaded from the server. Content can be enjoyed. In this way, a program that is automatically downloaded and executed without the user's awareness is called mobile code.

As mobile codes, for example, Flash (registered trademark), Java (registered trademark), Silverlight (registered trademark), and the like are known. By using these mobile codes, the user can enjoy various programs on the browser without depending on the OS of the computer.

However, since mobile code is often automatically downloaded from a highly anonymous site on the Internet and executed on a computer, malicious mobile code or malicious mobile code is downloaded and executed. There are cases. If malicious and malicious mobile code is downloaded without the user's knowledge and executed on the computer, personal information recorded on the computer will be leaked by the executed mobile code. , There was a risk of unexpected disadvantage to the user.

FIG. 16 shows an example of using an embed element of HTML (HyperText 音 声 Markup Language) (a tag used to embed audio and video in a web page), to display an illegal mobile on a web page displayed on the user's browser. This is an example of embedding a code. By using the HTML embed tag, the web creator can execute the mobile code without being noticed by the viewer of the corresponding web page.

The width attribute included in the HTML embed tag shown in FIG. 16 indicates the width of the plug-in area where the mobile code is displayed, and the height attribute indicates the height of the plug-in area where the mobile code is displayed. Then, a mobile code (movie.swf corresponds to an invalid mobile code in the case of FIG. 16) is designated in the src attribute. In this way, when a user views a web page in which an invalid mobile code designation destination is recorded by an embed element (embed tag) with a browser, the mobile code is automatically downloaded and executed on the computer.

Also, the mobile code is not necessarily specified only by the embed element (embed tag) in HTML. For example, in the field where the user specifies the URL (Uniform Resource Locator) of the browser,
http://www.example.com/movie.swf
As shown in the above, the mobile code is automatically downloaded and executed by directly entering and accessing the address of the mobile code (movie.swf corresponds to the mobile code in the above case) Is possible.

If there is no sufficient countermeasure against such mobile code, there is a possibility that processing unintended by the web creator is executed by the mobile code.

[0005] There is known a method of performing an attack using a mobile code vulnerability on a website (web application) where such a mobile code vulnerability exists. For example, parameter injection, cross-site scripting, and the like are typical examples.

Parameter injection is an attack method specific to mobile code in which an illegal attack is injected by the mobile code by setting an invalid parameter in the mobile code from the outside of the mobile code. For example, this attack includes unauthorized network access and cross-site scripting.

“Unauthorized network access” is an attack that executes parameters input by parameter injection to receive data from unauthorized sites or send data to unauthorized sites. For example, this illegal network access causes damage such as downloading a video that is not intended by the user.

ク ロ ス Cross-site scripting is an attack that executes scripts injected through parameter injection when mobile code is executed. For example, this cross-site scripting may cause damage such as an attacker taking the user's cookie information and impersonating the user.

Security measures against these attack methods include, for example, a method of improving computer security using a sandbox, and the reliability of mobile codes by using digital signature technology. A method to be executed by a user has been proposed (see, for example, Patent Document 1 and Patent Document 2).

Japanese Patent Publication No. 2008-500653 International Publication No. WO00 / 042498 Pamphlet

However, when using a sandbox to increase security, it is necessary for an administrator or developer to set a policy file that defines the execution range of the mobile code (sandbox control target). For this reason, if there is an incomplete description in the policy file set by the administrator, etc., it is not possible to restrict the execution of unauthorized mobile code, making it difficult to ensure security. there were.

Even when the process of determining the reliability of mobile code is performed using digital signature technology, it is often difficult to ensure sufficient security if the mobile code itself is vulnerable. .

For this reason, even in the case of using the security technology as described above, at present, a test operation in which a tester directly operates a browser or the like and inputs tests indicating various aggressiveness related to mobile code is performed. A penetration test is performed to determine vulnerabilities to mobile code by visually checking the response (output) state on the browser for this test operation.

However, in the method in which the tester directly operates the browser to perform the test, the test amount per unit time is limited, so the test efficiency is low, and furthermore, when trying to increase the comprehensiveness of the vulnerability test in the test operation, There was a problem that it took an enormous amount of time.

Furthermore, in the method of visually checking the test result, it is not possible to check what operation is being performed inside the browser, so the tester may overlook the discovery of the vulnerability.

The present invention has been made in view of the above problems, and it is an object of the present invention to provide a mobile code test device, a mobile code test method, and a mobile code test program capable of automatically detecting vulnerabilities in mobile code. And

In order to solve the above-described problem, a mobile code test apparatus according to the present invention is a plug-in that inputs and outputs function information between a browser and a virtual machine that executes mobile code, from the browser to the virtual machine. First plug-in wrapper means for extracting input function information to be inputted, and traveling means for executing an operation process in the mobile code based on the traveling path information in which an operation procedure in the mobile code is preset as the traveling path information. And argument information changing means capable of changing the argument information of the input function information extracted by the first plug-in wrapper means to other argument information, and illegal processing based on the mobile code, The function name of the illegal input function information that can be executed in the virtual machine and the illegal processing Test generation pattern recording means in which illegal argument information set in the argument information of the illegal input function information is recorded, and the first plug-in wrapper means includes the mobile code by the circulating means. The input function information input from the browser to the virtual machine in accordance with the operation process is extracted, and the argument information changing means is the input function information extracted by the first plug-in wrapper means. Find out the input function information having a function name that matches the function name of the illegal input function information recorded in the test generation pattern recording means, and further find the argument information of the found input function information in the test generation pattern recording means The illegal argument information recorded in (1) is changed.

In the mobile code test apparatus described above, in the plug-in, the argument information is output by the second plug-in wrapper means for extracting output function information output from the virtual machine to the browser, and the argument information changing means. The illegal input function information input means capable of causing the virtual machine to input the illegal input function information changed to the illegal argument information, and the output function extracted by the second plug-in wrapper means Vulnerability determination means for determining vulnerability to the mobile code based on the function name of the information and the content of the argument information of the output function information, and the second plug-in wrapper means includes the unauthorized input Corresponding to the illegal input function information input to the virtual machine by the function information input means, it is output from the virtual machine. And the output function information output from the virtual machine corresponding to the input function information input from the browser to the virtual machine in accordance with the browser operation processing in the patrol means. The vulnerability determination means finds out illegal output function information having a function name that matches the function name of the output function information from the illegal output function information, and argument information of the found illegal output function information Further, when the invalid argument information changed by the argument information changing means is included, it may be determined that there is a vulnerability to the mobile code.

In the mobile code test apparatus described above, in the plug-in, the argument information is output by the second plug-in wrapper means for extracting output function information output from the virtual machine to the browser, and the argument information changing means. The illegal input function information input means capable of causing the virtual machine to input the illegal input function information changed to the illegal argument information, and the output function extracted by the second plug-in wrapper means Vulnerability determination means for determining vulnerability to the mobile code based on the function name of the information and the content of the argument information of the output function information, and the vulnerability that can be determined that the vulnerability to the mobile code exists The function name of the output function information and the argument information of the vulnerable output function information, where the vulnerability exists Vulnerability determination pattern recording means recorded with vulnerability argument information that can be determined as, the second plug-in wrapper means the unauthorized input input to the virtual machine by the unauthorized input function information input means The fraudulent output function information output from the virtual machine corresponding to the function information is extracted, and the vulnerability judgment means records the vulnerability recorded in the vulnerability judgment pattern recording means from the fraudulent output function information. The illegal output function information having a function name that matches the function name of the output function information is found, and the argument information of the detected illegal output function information includes the vulnerable argument information recorded in the vulnerability determination pattern recording unit In such a case, it may be determined that there is a vulnerability to the mobile code.

Meanwhile, a mobile code test method according to the present invention is a mobile code test method for determining vulnerabilities of a virtual machine on which mobile code is executed, and a cyclic route showing an operation procedure in the mobile code. Based on the information, a circulating step in which the circulating means executes an operation process in the mobile code, and input function information input from the browser to the virtual machine according to the mobile code operation process in the cyclic step, An input function information extracting step in which a plug-in wrapper means extracts a plug-in that inputs and outputs function information between the virtual machine and the browser; and the input function extracted in the input function information extracting step From the information, illegal processing based on the mobile code is performed in the virtual The input function information detecting step in which the argument information changing means finds input function information having a function name that matches the function name of the illegal input function information that can be executed in the thin, and the input function information detecting step. The argument information changing means for changing the argument information of the input function information to the invalid argument information set as the argument information of the illegal input function information when the illegal processing is performed. It is characterized by that.

In the mobile code test method described above, the output function information output from the virtual machine corresponding to the input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code, Two plug-in wrapper means to extract the output function information extracted in the plug-in, and to input the illegal input function information in which the argument information is changed to the invalid argument information in the invalid argument information change step In response to the illegal input function information input to the virtual machine in the illegal input function information input step, the illegal input function information input step to be input to the virtual machine in the plug-in, from the virtual machine The second plug-in wrapper means outputs the illegal output function information that has been output. The output function extracted by the vulnerability determination means in the output function information extraction step from the unauthorized output function information extraction step to be extracted in IN and the unauthorized output function information extracted in the unauthorized output function information extraction step An illegal output function information detection step for finding illegal output function information having a function name that matches the function name of the information, and the invalid argument in the invalid output function information found in the illegal output function information detection step The vulnerability determination unit may include a vulnerability determination step of determining that there is a vulnerability to the mobile code when the illegal argument information changed in the information change step is included. .

Further, in the mobile code test method described above, the output function information output from the virtual machine corresponding to the input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code, Two plug-in wrapper means to extract the output function information extracted in the plug-in, and to input the illegal input function information in which the argument information is changed to the invalid argument information in the invalid argument information change step In response to the illegal input function information input to the virtual machine in the illegal input function information input step, the illegal input function information input step to be input to the virtual machine in the plug-in, from the virtual machine The second plug-in wrapper means outputs the illegal output function information that has been output. From the unauthorized output function information extraction step to be extracted in the login, and the unauthorized output function information extracted in the unauthorized output function information extraction step, the vulnerability determination means determines that there is a vulnerability to the mobile code Illegal output function information detection step for finding illegal output function information having a function name that matches the function name of the vulnerable output function information that can be performed, and argument information of the illegal output function information found in the illegal output function information detection step A vulnerability determination step in which the vulnerability determination means determines that there is a vulnerability to the mobile code when vulnerability argument information that can be determined that the vulnerability exists is included in It may be.

The mobile code test program according to the present invention is a mobile code test program for performing vulnerability determination of a virtual machine in which execution of mobile code is performed in a computer, and the computer performs an operation procedure in the mobile code. A cyclic function for executing an operation process in the mobile code based on the cyclic route information indicated by the input, and an input function input to the virtual machine from the browser according to the mobile code operation process based on the cyclic function An input function information extraction function that extracts information in a plug-in that inputs and outputs function information between the virtual machine and the browser, and the input function information extracted based on the input function information extraction function From the virtual machine, illegal processing based on the mobile code is performed. An input function information detection function for finding input function information having a function name that matches the function name of the illegal input function information that can be executed in the function, and input function information found based on the input function information detection function It is a mobile code test program for realizing an invalid argument information changing function for changing argument information to illegal argument information set as argument information of the illegal input function information when performing the illegal processing. Features.

Further, the mobile code test program described above is output to the computer from the virtual machine in response to input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code. Output function information extraction function for extracting function information in the plug-in, and the illegal input function information in which the argument information is changed to the invalid argument information based on the illegal argument information change function, in the plug-in An unauthorized input function information input function to be input to the virtual machine, and an unauthorized output function output from the virtual machine in response to the unauthorized input function information input to the virtual machine based on the unauthorized input function information input function An illegal output function information extraction function for extracting information in the plug-in, and the illegal output function Incorrect output function information having a function name that matches the function name of the output function information extracted based on the output function information extraction function from among the unauthorized output function information extracted based on the information extraction function The argument information of the output function information detection function and the illegal output function information found based on the illegal output function information detection function includes the invalid argument information changed based on the illegal argument information change function. In some cases, it may be a mobile code test program for realizing a vulnerability determination function for determining that there is a vulnerability to the mobile code.

The mobile code test program described above is output to the computer from the virtual machine in response to input function information input from the browser to the virtual machine in accordance with the mobile code operation process. Output function information extraction function for extracting function information in the plug-in, and the illegal input function information in which the argument information is changed to the invalid argument information based on the illegal argument information change function, in the plug-in An unauthorized input function information input function to be input to the virtual machine, and an unauthorized output function output from the virtual machine in response to the unauthorized input function information input to the virtual machine based on the unauthorized input function information input function Information output function for extracting information in the plug-in, and the illegal output function information Among the unauthorized output function information extracted based on the extraction function, the unauthorized output function information having a function name that matches the function name of the vulnerable output function information that can be determined to be vulnerable to the mobile code. The illegal output function information detection function to be found and the argument information of the illegal output function information found based on the illegal output function information detection function includes vulnerable argument information that can be determined that the vulnerability exists. In some cases, it may be a mobile code test program for realizing a vulnerability determination function for determining that there is a vulnerability to the mobile code.

In the mobile code test apparatus, the mobile code test method, and the mobile code test program according to the present invention, the function name of the illegal input function information matches the input function information input to the virtual machine based on the browser operation processing. By detecting the input function having the function name and changing the argument information of the found input function information to invalid argument information, it is possible to automatically generate illegal input function information for use in mobile code vulnerability determination it can.

The mobile code test apparatus, mobile code test method, and mobile code test program according to the present invention have a function name that matches the function name of the extracted output function information from the extracted illegal output function information. When illegal output function information is found, and invalid argument information is included in the argument information of the found illegal output function information, it is possible to determine that there is a vulnerability to mobile code.

It is the schematic which showed a mode that the test apparatus which concerns on this Embodiment was connected to the server via the network. It is the block diagram which showed schematic structure of the test apparatus based on this Embodiment. It is the figure which showed the functional block for demonstrating the processing function of the mobile code | cord | chord in the test apparatus which concerns on this Embodiment. It is the table which illustrated the list of the plug-in functions of the plug-in side in the test device concerning this embodiment. It is the table which illustrated the list of the browser side plug-in functions in the test device concerning this embodiment. It is the figure which showed the processing content in case the control part which concerns on this Embodiment performs a mobile code test process according to the program recorded on a data storage part with the functional block for every processing function. (A) is a table illustrating the plug-in function on the plug-in side recorded in the cyclic input database according to the present embodiment, and (b) is recorded in the cyclic output database according to the present embodiment. It is the table which illustrated the plug-in function on the browser side. (A) is an example in which an invalid parameter is embedded in HTML of a web page, and (b) is a table illustrating a test generation pattern database according to the present embodiment. (A) is a table illustrating the plug-in function and its argument information recorded in the test database according to the present embodiment, and (b) corresponds to the plug-in function shown in (a). It is the table which illustrated the contents of the output database at the time of the test input where the plug-in function outputted from the virtual machine and the function argument information were recorded. 4 is a table showing an output function name monitored by a vulnerability determination unit according to the present embodiment and a vulnerability determination method based on the output function in order to perform a vulnerability determination of unauthorized network access. 4 is a table showing output function names monitored by a vulnerability determination unit according to the present embodiment and vulnerability determination methods based on the output functions in order to perform vulnerability determinations for cross-site scripting. (A) is a table exemplifying output function names indicating vulnerabilities and identifiers indicating vulnerabilities recorded in the vulnerability determination database, and (b) relates to vulnerabilities determined by the vulnerability determination unit. It is the table which illustrated the contents of the test result database where a test result is recorded, and (c) is a figure showing an example of ActionScript with a vulnerability set in a test setting part. It is the flowchart which showed the test processing content of the mobile code | cord | chord by the control part of the test apparatus which concerns on this Embodiment. Step S. of the flowchart shown in FIG. 5 is a table exemplifying contents recorded in the test database by the test generation unit in the test database, the plug-in function used during the test tour, the tour argument information, and the test argument information. 14A shows an output function corresponding to the plug-in function in the column whose test ID is 1 in FIG. 14, and FIG. 14B shows an output function corresponding to the plug-in function in the column whose test ID is 2 in FIG. (C) shows an example of the test result finally recorded in the test result database. It is the figure which illustrated HTML when improper mobile code is embedded in a web page using an embed tag.

Hereinafter, the mobile code test apparatus according to the present invention will be described in detail with reference to the drawings while showing an example thereof. FIG. 1 is a schematic diagram showing a mobile code test device (hereinafter referred to as a test device) connected to a server via a network. The test apparatus 1 has a network connection function (such as a communication unit to be described later). By using this network connection function, various types of web information (web pages, moving images) are transmitted to the server 3 connected via the network 2. , Music, etc.) and web information can be acquired from the server 3.

The network 2 is widely open worldwide, and may be the Internet capable of transmitting / receiving information to / from a large number of people, and the transmission / reception of information is limited to certain users. LAN (local area network) may be used.

The server 3 is a so-called web server, and has a role of providing web information to the test apparatus 1 via the network 2. Further, it has a function of downloading a mobile code or the like in response to a request from the test apparatus 1.

In FIG. 1, for convenience of explanation, only one test apparatus 1 and one server 3 are shown, but the number of connected test apparatuses 1 and servers 3 is not limited to one each. It may be connected one by one.

FIG. 2 is a block diagram showing a schematic configuration of the test apparatus 1. The test apparatus 1 is roughly configured by a main body unit 10, a display unit 11, and an operation unit 12. As shown in FIG. 2, the main body unit 10 includes a control unit 20, a data storage unit 21, and a communication unit 22.

The data storage unit 21 is configured by an auxiliary storage device such as a hard disk or SSD (Solid State Drive). The data storage unit 21 stores a program related to a mobile code test process executed by the control unit 20. Further, the data storage unit 21 includes a cyclic route information database 50, a test generation pattern database (test generation pattern recording means) 54, a test database 55, a cyclic input database 51, a cyclic output database 52, and a test input time shown in FIG. The output database 53, the vulnerability determination database (vulnerability determination pattern recording means) 56, and the test result database 57 have a role of recording various information. Details thereof will be described later.

The communication unit 22 has a role of transmitting necessary information to the server 3 via the network 2 in accordance with an instruction from the control unit 20 and recording information received from the server 3 in the data storage unit 21. The communication unit 22 is configured by a general NIC (Network Interface Card) such as a LAN board or a LAN card.

The control unit 20 has a role of performing a mobile code test process to be described later in accordance with a program recorded in the data storage unit 21. In addition, the control unit 20 can start and end the browser according to the program recorded in the data storage unit 21, and further transmits / receives data based on the browser operation via the communication unit 22. It is possible to do.

The control unit 20 includes a CPU (Central Processing Unit) (not shown) and a RAM (Random Access Memory). The CPU has a role of substantially executing the mobile code test process in the control unit 20. The RAM is used as a work area used for CPU processing.

The display unit 11 has a role of displaying information such as an application image such as a browser (browser program) executed by the control unit 20 and information such as a processing process and a processing result in the mobile code test processing so as to be visible to the user. Have. A general display device such as a liquid crystal display or a CRT display is used for the display unit 11.

The operation unit 12 is used for operations in which a user inputs settings and conditions necessary for the mobile code test process, and changes data in various databases recorded in the data storage unit 21. The operation unit 12 includes a general keyboard, a mouse, and the like.

FIG. 3 is a diagram showing functional blocks for explaining the mobile code processing function in the test apparatus 1. When the control unit 20 activates the browser and executes the process using the mobile code in accordance with the program recorded in the data storage unit 21, the process using the mobile code is virtually performed via the plug-in 31 as shown in FIG. Executed by machine 32.

Specifically, as shown in FIG. 3, the test apparatus 1 performs control processing of the hardware 35 via an OS (Operating System) 34 such as Windows (registered trademark), and the virtual machine 32 is operated in the OS 34. Is in operation. The virtual machine 32 transmits / receives information to / from the browser 30 via an extended function unit called a plug-in 31 related to browser processing.

Specifically, the plug-in 31 is an environment for executing a mobile code in a shared object format. In the plug-in 31 according to the present embodiment, the plug-in 31 is standardized and based on Netscape Plugin Interface used in various browsers. The processing is defined. Netscape Plugin Interface includes a plug-in-side plug-in API (Application-Programming Interface) and a browser-side plug-in API (Application-Programming Interface), and this plug-in-side plug-in API and browser-side plug-in API. Are used to input / output information between the browser 30 and the virtual machine 32 and execute necessary processing.

Specifically, input of information from the browser 30 to the virtual machine 32 is performed by calling a plug-in side plug-in API function (hereinafter referred to as a plug-in side plug-in function). The plug-in API on the plug-in side includes processing for the browser 30 to call the plug-in 31.

On the other hand, information is output from the virtual machine 32 to the browser 30 by calling a browser-side plug-in API function (hereinafter referred to as a browser-side plug-in function). The browser-side plug-in API includes a process for calling the browser 30 from the plug-in 31. FIG. 4 shows a list of plug-in functions on the plug-in side. FIG. 5 shows a list of plug-in functions on the browser side.

Furthermore, in the test apparatus 1 according to the present embodiment, a plug-in wrapper unit that monitors calls (inputs) of plug-in functions on the plug-in 31 and calls (outputs) of plug-in functions on the browser side ( First plug-in wrapper means, second plug-in wrapper means) 33 are provided.

The plug-in wrapper unit 33 hooks a plug-in DLL (dynamic link library) as necessary, monitors what function is called, and stores information on the called function in the data storage unit 21. The data is recorded in the database (travel input database 51, tour output database 52, test input output database 53).

Specifically, in the mobile code test, when the automatic patrol process by the patrol unit (the patrol unit) 41 is started and the browser operation is automatically performed, the plug-in wrapper unit 33 uses the plug-in associated with the patrol operation. It has the role of detecting the inside plug-in function and recording it in the cyclic input database 51.

Further, the plug-in wrapper unit 33 has a role of detecting a browser-side plug-in function when the automatic cyclic processing is performed by the cyclic unit 41 and recording the plug-in function in the cyclic output database 52.

Further, the plug-in wrapper unit 33 records the browser-side plug-in function detected when the cyclic argument information of the plug-in-side plug-in function is rewritten with the test argument information in the test input output database 53. have.

As for the technology for hooking DLL in the plug-in wrapper 33, Microsoft's official manual “Advanced Windows 5th edition, Volume 2, Jeffrey Richter”, Christophe Nasarre, Queve Co., Ltd. (Translation), Nikkei BP Soft Press, published on October 27, 2008, p. 279-338, ”will not be described here.

In the test apparatus 1 according to this embodiment, as described above, the plug-in wrapper unit 33 is provided, and the plug-in 31 calls the plug-in function to the browser 30 and calls the virtual machine 32 the plug-in function. To monitor. Then, if necessary, a function in which information usable for a mobile code vulnerability test is written (embedded) is generated, and mobile code processing is performed on the virtual machine 32 from the plug-in 31 using the generated function. Is executed, and the mobile code vulnerability is determined by extracting the function output from the virtual machine 32 for the executed mobile code.

In the conventional mobile code vulnerability testing method, various test information is often manually input to the text input unit or URL input unit of the browser 30 described above. In the test method, it is difficult to know what information is transmitted from the browser 30 to the virtual machine 32 and what output is returned from the virtual machine 32 to the browser 30 by the test work. It was.

In the test apparatus 1 according to the present embodiment, the function monitoring in the plug-in 31 and the function change processing can perform a penetration test regarding the mobile code at a level closer to the virtual machine 32, which is more detailed and detailed. Mobile code vulnerabilities can be determined at various levels.

FIG. 6 is a block diagram showing the processing contents in the case where the control unit 20 executes the mobile code test process according to the program stored in the data storage unit 21 as a function block for each processing function. The block diagram shown in FIG. 6 shows a database in which data used for processing in each functional block is recorded.

In the test apparatus 1 according to the present embodiment, as shown in FIG. 6, as a functional block, a plug-in wrapper unit 33, a test setting unit 40, a traveling unit 41, a test generation unit 42, a test input unit (argument information change) Means, unauthorized input function information input means) 43, and vulnerability determination unit (vulnerability determination means) 44 are provided. Further, in the test apparatus 1 according to the present embodiment, as shown in FIG. 6, as a database, a traveling route information database 50, a traveling input database 51, a traveling output database 52, a test input output database 53, a test A generation pattern database 54, a test database 55, a vulnerability determination database 56, and a test result database 57 are provided.

In the test apparatus 1 according to the present embodiment, the function of each functional block shown in FIG. 6 is realized by the control unit 20 executing a program recorded in the data storage unit 21. Each database shown in FIG. 6 is recorded in the data storage unit 21 as described above.

Next, each functional block and each database shown in FIG. 6 will be described.

As described above, the plug-in wrapper unit 33 extracts (hooks) the input / output between the browser 30 and the virtual machine 32 by extracting the plug-in side plug-in function and the browser side plug-in function in the plug-in 31. And has a role to record in each database.

The information of the extracted plug-in function is recorded in different databases depending on the test process. For example, when an automatic tour is performed by the tour unit 41, the plug-in wrapper unit 33 extracts a plug-in side plug-in function corresponding to the processing content in the tour unit 41 and records it in the tour input database 51. .

Similarly, when an automatic tour is performed by the tour unit 41, the plug-in wrapper unit 33 extracts a plug-in function on the browser side corresponding to the processing content in the tour unit 41, and outputs a tour-time output database 52. To record.

Furthermore, the plug-in wrapper unit 33 rewrites the plug-in side plug-in function round-trip argument information extracted during the second automatic loop by the cyclic unit 41 into the test argument information by the test input unit 43 so that the virtual machine 32 When the process is executed, the browser-side plug-in function output from the virtual machine 32 is extracted and recorded in the test input output database 53. The process in which the test input unit 43 rewrites the cyclic argument information of the plug-in side plug-in function with the test argument information will be described later.

The test setting unit 40 has a role of setting a mobile code to be tested. The mobile code set in the test setting unit 40 is a test target in the test apparatus 1. Since the test setting unit 40 only sets the mobile code to be tested, the mobile code setting information (designated information) to be tested is recorded in the data storage unit 21 or the like in advance. Even if the test setting unit 40 is not actively provided, it is possible to perform a mobile code test process by the test apparatus 1.

The traveling unit 41 has a role of performing a predetermined operation on the browser 30 according to the traveling route information created in advance by the tester. Specifically, when the tester actually operates the browser 30 displayed on the display unit 11 with the operation unit 12, the traveling unit 41 records the operation procedure in the traveling route information database 50 as the traveling route information. Further, when the traveling route information has already been created by the operation of the operation unit 12, the traveling route information recorded in the traveling route information database 50 can be used without newly recording the traveling route information. it can.

The patrol unit 41 automatically performs various operations in the browser based on the patrol route information. For example, “iMacros” is known as software that realizes the operation by the traveling unit 41. “IMacros” has a function that, when the tester actually operates the operation unit 12 and operates the browser, records the operation process and then automatically reproduces it. By using this software, the browser can be automatically operated based on the patrol route information.

In addition, when performing a mobile code vulnerability test related to Flash (registered trademark) of Adobe, automatic control processing is realized by the control unit 20 by using software called Adobe Flex (registered trademark). It becomes possible to do.

The plug-in side plug-in function extracted by the plug-in wrapper unit 33 in accordance with the automatic patrol process (operation processing of the browser 30) executed by the patrol unit 41 is recorded in the tour input database 51. When the operation of the browser 30 or the like is actually performed by the traveling unit 41, even if one operation (action) is performed on the browser 30, the plug-in function requested from the browser 30 to the plug-in 31 is The request is not limited to one, but may be based on a plurality of functions.

In such a case, if a penetration test is performed by directly operating with a browser as in the past, various requests from the browser 30 to the virtual machine 32 associated with the operation cannot be determined in detail. It was. However, by extracting the plug-in side plug-in function corresponding to the operation by the traveling unit 41 by the plug-in wrapper unit 33 and recording it in the traveling input database 51, a more detailed request from the browser 30 to the virtual machine 32 can be made. It can be obtained.

In the patrol output database 52, the browser-side plug-in function extracted by the plug-in wrapper unit 33 according to the operation of the browser 30 executed by the patrol unit 41 is recorded. As described above, the plug-in wrapper unit 33 extracts the browser-side plug-in function corresponding to the operation by the patrol unit 41 and records it in the patrol output database 52 so that the plug recorded in the patrol input database 51 is recorded. The contents of the plug-in function on the inside can be easily compared with the contents of the plug-in function on the browser side recorded in the patrol output database 52 so as to correspond to the plug-in function.

FIG. 7A is a table illustrating plug-in functions on the plug-in side recorded in the cyclic input database 51, and FIG. 7B corresponds to the plug-in function shown in FIG. 7A. It is the table which illustrated the plug-in function by the side of the browser recorded in the output database 52 at the time of doing in this way.

The test generation unit 42 has a role of generating a test pattern for mobile code testing based on the plug-in side plug-in function recorded in the cyclic input database 51.

First, the test generation unit 42 reads, as an input set, a set of plug-in functions generated by one operation (action) in the cyclic unit 41 from the cyclic input database 51. Then, the test generation unit 42 extracts a plug-in function corresponding to the function name of the plug-in function from the test generation pattern database 54 from a plurality of plug-in functions that can be included in the input set, and sets the function set as the test set. And The test generation unit 42 generates a plug-in function in which a test pattern is added as test argument information for the plug-in function of the test set, and records the generated plug-in function in the test database 55.

For example, when performing parameter injection, a web page HTML (such as a tag described in the HTML source code), a URL (such as input to a URL), and a mobile text UI text field that the user enters on the web page An illegal variable can be input (injected) from any of the (text fields of UI (User Interface)).

If an invalid variable is input from HTML or URL, among the plug-in functions shown in FIG. 4, arguments argn, あ る argv of the NPP_New function which is an instance generation function for generating a plug-in instance Incorrect variables will be entered. Here, a key is input to argn, and a value is input to argv. Accordingly, when the mobile code test process is performed on the website, the test pattern acquired from the test generation pattern database 54 is added as test argument information to argn and argv in the NPP_New function.

Also, when an invalid variable is input from the UI text field, the incorrect variable is input to the argument of the text input acquisition function. The text input acquisition function is not defined in Netscape Plugin and is a platform-dependent function. For this reason, when performing a mobile code vulnerability test on a UI text field, the test pattern acquired from the test generation pattern database 54 is added (as test argument information) to the argument of the text input acquisition function. Become.

• Enter a pattern that causes unauthorized network access or cross-site scripting as these test patterns. As a test pattern for unauthorized network access, a key (key information) and a value (value information) are regarded as a pair of pair information, and an unauthorized URL is input to the value (value information) of the pair information. When inputting the URL, the identifier “http://www.example.com” is embedded in the value (value information) so that the vulnerability determination unit 44 can immediately detect the vulnerability. This identifier “http://www.example.com” indicates an example of a test URL set in advance by a tester for processing in the test apparatus 1.

In the cross-site scripting test pattern, input invalid JavaScript as key / value pair information. At this time, the identifier “javascript: alert (“ xss ”)” is embedded in the value (value information) so that the vulnerability determination unit 44 can immediately detect an illegal setting. This identifier “javascript: alert (“ xss ”)” is an example of a test JavaScript code set in advance by a tester for processing in the test apparatus 1.

The following URL is an example in which parameters are input by replacing the URL.
http://www.example.com/movie.swf?url=http://www.example.com
By adding “? Url = http: //www.example.com” to the URL request using the HTTP Get method, an invalid variable can be injected into the mobile code.

On the other hand, FIG. 8A shows an example in which an invalid parameter is embedded in HTML of a web page. Also in the HTML shown in FIG. 8A, as shown in FIG. 16, using the HTML embed tag and using the HTTP Get method for the src attribute, “? Url = http: //www.example.com” "Is added. Thus, by adding “? Url = http: //www.example.com” to the src attribute, it is possible to inject an invalid variable into the mobile code.

FIG. 8B is a table showing an example of the test generation pattern database 54. As shown in FIG. 8B, the test generation pattern database 54 stores five types of information: test pattern ID, cyclic function call number, function name, cyclic argument information, and test pattern.

As shown in FIG. 8B, when the test pattern ID is “1”, “url = http: //www.example.com” is added as the test pattern. That is, in the second round (hereinafter referred to as a test round) in the cyclic unit 41, the argument information of NPP_New whose test pattern ID is “1” is
argn [0] = src, argv [0] = test.swf, argn [1] = url, argv [1] = http: //www.example.com, argc = 2.

In addition, when the test pattern ID is “2”, “url = javascript: alert (“ xss ”)” is added as a test pattern. That is, in the test tour in the tour section 41, the argument information of NPP_New whose test pattern ID is “2” is argn [0] = src, argv [0] = test.swf, argn [1] = url, argv [ 1] = javascript: alert ("xss"), argc = 2

The plug-in function to which the argument corresponding to the test pattern is added in this way is recorded in the test database 55. FIG. 9A is a table exemplifying plug-in functions and argument information recorded in the test database 55. In FIG. 9A, a plug-in function to which argument information is added by the test generation unit 42 is recorded based on the test pattern recorded in the test generation pattern database 54 of FIG. 8B described above. Yes.

Furthermore, when a mobile code vulnerability test is performed on the UI text field, the test pattern acquired from the test generation pattern database 54 is added to the cyclic argument information of the text input acquisition function as test argument information. By this additional processing, a test tour plug-in function and argument information can be generated and recorded in the test database 55.

The test input unit 43 has a role of causing the virtual machine 32 to input a set of plug-in functions to which test argument information has been added as plug-in side plug-in functions to be used during a test tour.

First, the test input unit 43 reads the plug-in function to which the test argument information has been added from the test database 55, and is included in the test database 55 from the plug-in function of the first automatic cyclic processing in the cyclic unit 41. A plug-in function that matches the plug-in function name is defined as a test set. Then, the test input unit 43 causes the traveling unit 41 to execute a traveling process (test traveling process) using the same traveling route as the first automatic traveling process. Then, the test input unit 43 causes the plug-in wrapper unit 33 to extract the plug-in side plug-in function in the second automatic cyclic processing (test cyclic processing), and the cyclic argument information of the plug-in function corresponding to the test set is obtained. The plug-in function replaced with the test argument information is output to the virtual machine 32.

In this way, by performing the test tour process (second tour process) based on the same tour path information as the first tour path information in the tour unit 41, the plug-in wrapper unit 33 is the same as the first tour. Plug-in side plug-in functions can be extracted. When the plug-in functions on the same plug-in side are extracted in this way, the test input unit 43 uses the same plug-in function, and the test information recorded in the test database 55 from the argument information at the first round is the argument information. By outputting the plug-in function replaced with the argument information to the virtual machine 32, it is possible to inject an illegal variable suitable for a mobile code vulnerability test in the test patrol process (second patrol process). It becomes.

In general, the configuration of a web page for performing a mobile code vulnerability test is different for each mobile code UI in the web page, and thus it can be said that it is difficult to fully determine the vulnerability of the mobile code. . However, the user can record a browser operation in the web page as the traveling route information in the traveling route information database 50 to obtain a plug-in function required by the browser operation based on the traveling route information. At the plug-in function level, it becomes possible to set an illegal variable that can test the vulnerability of mobile code. The browser operation includes operation and reading of the mobile code UI displayed on the browser. For example, the operation of the mobile code UI includes inputting characters into a text field of the mobile code. For this reason, it is possible to reduce the burden of determining test items, and it is possible to suppress the leakage of test items.

After the plug-in function replaced with the test argument information by the test input unit 43 is output to the virtual machine 32, the plug-in wrapper unit 33 outputs the plug-in function replaced with the test argument information from the virtual machine 32. A browser-side plug-in function is extracted and recorded in the test input output database 53.

In this way, by recording the output of the virtual machine 32 for the plug-in function to which the test argument information is added in the test input time output database 53, the plug-in function on the browser side when an invalid variable is injected is recorded. And can be recorded in the output database 53 at the time of test input. On the other hand, in the patrol output database 52, a plug-in function in the case where an illegal variable is not injected, which is the same function as the browser-side plug-in function recorded in the test input output database 53, is recorded. Will be.

FIG. 9B shows a browser-side plug-in function output from the virtual machine 32 with respect to the plug-in function whose argument information has been changed by the test argument information in the test database 55. FIG. The contents (table) of the test input output database 53 in which plug-in functions output corresponding to the plug-in functions shown in FIG. Thus, the browser-side plug-in function as shown in FIG. 5 is recorded in the test input output database 53.

The vulnerability determination unit 44 includes a plug-in function recorded in the tour output database 52, a plug-in function recorded in the test input output database 53, and an identifier for each output function recorded in the vulnerability determination database 56. Based on the information, it has a role to determine the vulnerability of the mobile code to be tested.

First, the vulnerability determination unit 44 retrieves the plug-in function, which is the output of the virtual machine 32 at the time of the first round, from the round-time output database 52 and the virtual machine 32 at the time of the test round (at the second round). A plug-in function as an output is extracted from the test input time output database 53. And the vulnerability determination part 44 compares each taken out plug-in function, and calculates | requires a different plug-in function as a difference function.

Furthermore, the vulnerability determination unit 44 reads a dangerous output function name (browser-side plug-in function name) indicating vulnerability and an identifier (function argument information) indicating vulnerability from the vulnerability determination database 56. FIG. 12A is a table illustrating output function names indicating vulnerabilities recorded in the vulnerability determination database 56 and identifiers indicating vulnerabilities. In the identifier of the vulnerability determination database 56, one or both of an identifier for detecting unauthorized network access and an identifier for detecting cross-site scripting are recorded. However, the information recorded in the identifier must correspond to the contents set as the test pattern in the test generation pattern database 54.

In the vulnerability determination unit 44, the output function name of the difference function corresponds to the output function name recorded in the vulnerability determination database 56, and the argument information of the corresponding difference function is recorded in the vulnerability determination database 56. In the case of corresponding identifier information, it is determined that the mobile code is vulnerable to the test code. Then, the vulnerability determination unit 44 records the vulnerability determination result in the test result database 57.

Here, the main vulnerabilities related to mobile code are unauthorized network access by mobile code and cross-site script. Therefore, the vulnerability determination unit 44 monitors whether there are four types of output functions NPN_GetURL, NPN_GetURLNotify, NPN_PostURL, and NPN_PostURLNotify in the difference function in order to make a vulnerability determination against unauthorized network access. Here, NPN_GetURL and NPN_GetURLNotify are functions for reading data from a specified URL. NPN_PostURL and NPN_PostURLNotify are functions that transmit data to a specified URL.

FIG. 10 is a table showing the output function names monitored by the vulnerability determination unit 44 and the vulnerability determination method based on the output function in order to determine the vulnerability against unauthorized network access as described above. Any one of these four types of output functions is included in the difference function, and the URL of the argument of the difference function is the identifier of the test argument information that is replaced with the cyclic argument information in the test generation unit 42. When “http://www.example.com” is included, the vulnerability determination unit 44 determines that there is a vulnerability with respect to the mobile code to be tested.

In addition, the vulnerability determination unit 44 monitors whether or not five types of output functions NPN_GetURL, NPN_GetURLNotify, NPN_PostURL, NPN_PostURLNotify, and NPN_Evaluate exist in the difference function in order to make a vulnerability determination for cross-site scripting. Here, NPN_GetURL and NPN_GetURLNotify are functions for reading data from a specified URL. NPN_PostURL and NPN_PostURLNotify are functions that transmit data to a specified URL. Furthermore, NPN_Evaluate is a function that executes JavaScript.

FIG. 11 is a table showing the output function names monitored by the vulnerability determination unit 44 and the vulnerability determination method based on the output function in order to perform vulnerability determination for cross-site scripting as described above. Any one of these five types of output functions is included in the difference function, and the URL of the difference function argument is the identifier of the test argument information that is replaced with the cyclic argument information in the test generation unit 42. When “javascript: alert (“ xss ”)” is included, the vulnerability determination unit 44 determines that there is a vulnerability to the mobile code to be tested.

FIG. 12B is a table exemplifying the contents of the test result database 57 in which the test results related to the vulnerability determined by the vulnerability determination unit 44 are recorded.

As described above, the vulnerability determination unit 44 includes any of the four types of output functions shown in FIG. 10 in the difference function, and further, “http: // If “www.example.com” is included, it is determined that there is a vulnerability to unauthorized network access, and the result of “vulnerable” is recorded as a test result for unauthorized network access.

On the other hand, the vulnerability determination unit 44 determines whether or not any of the four types of output functions is included in the difference function, even if it is included in the URL as an argument of the difference function, “http: // www If ".example.com" is not included, it is determined that there is no vulnerability to unauthorized network access, and a result of "no vulnerability" is recorded as a test result for unauthorized network access. In the test result database 57 shown in FIG. 12B, a result of “no vulnerability” is recorded as a test result for unauthorized network access.

Further, the vulnerability determination unit 44 includes any of the five types of output functions shown in FIG. 11 in the difference function, and further adds “javascript: alert (“ xss ”” to the URL serving as the argument of the difference function. ) ”Is included, it is determined that there is a vulnerability to cross-site scripting, and the result of“ with vulnerability ”is recorded as a test result for cross-site scripting.

On the other hand, the vulnerability determination unit 44 sets “javascript: alert (” to the URL that is an argument of the difference function even if none of the five types of output functions is included in the difference function or is included. If xss ")" is not included, it is determined that there is no vulnerability to cross-site scripting, and the result of "no vulnerability" is recorded as a test result for cross-site scripting. In the test result database 57 shown in FIG. 12B, a result of “Vulnerability” is recorded as a test result for cross-site scripting.

Next, specific mobile code test processing contents in the above-described functional units will be described with reference to flowcharts. FIG. 13 is a flowchart showing the content of the mobile code test process performed by the control unit 20 of the test apparatus 1. The flowchart shown in FIG. 13 is realized when the control unit 20 performs processing according to a program recorded in the data storage unit 21. However, in the description of this flowchart, the description will be made mainly with the processing by each functional unit shown in FIG.

However, as already described, since the function of each function unit is also realized by the program recorded in the data storage unit 21 by the control unit 20, the processing subject can be controlled even if it is described by each function unit. Even when described as the unit 20, the mobile code vulnerability test processing according to the present embodiment indicates the same processing.

Further, in the processing shown in the flowchart shown in FIG. 13, the processing content will be described while showing an example of detecting the vulnerability of Flash, which is a typical mobile code.

First, first, the test setting unit 40 sets a mobile code to be tested (step S.1). FIG. 12C shows a vulnerable ActionScript set in the test setting unit 40. ActionScript is a programming language used in Flash. In this ActionScript, an external variable is used in _root.url, and the URL specified by the argument of navigateToURL is displayed on the browser. Attackers can use parameter injection to inject variables into _root.url from the outside to generate unauthorized network access and cross-site scripting.

Next, the traveling unit 41 reads the traveling route information recorded in the traveling route information database 50, and performs an automatic traveling process by operating the browser based on the read traveling route information (step S). .2).

After that, the plug-in wrapper unit 33 records the plug-in side plug-in function extracted along with the automatic cyclic processing of the cyclic unit 41 in the cyclic input database 51 (step S.3).

Further, the plug-in wrapper unit 33 records the browser-side plug-in function extracted in association with the automatic patrol process of the patrol unit 41 in the patrol output database 52 (step S.4).

Thereafter, the test generation unit 42 uses the plug-in function recorded in the tour-time input database 51 and the test pattern recorded in the test generation pattern database 54, and the cyclic-time argument information of the plug-in function used during the test tour. Test argument information is recorded in the test database 55 (step S.5).

Thereafter, the test input unit 43 causes the traveling unit 41 to execute the same traveling process (test traveling process) as the first automatic traveling process. Then, the test input unit 43 uses the argument information of the plug-in side plug-in function extracted by the plug-in wrapper unit 33 in the second automatic cyclic process (test cyclic process) as test argument information recorded in the test database 55. To be input to the virtual machine 32 (step S.6)

After that, the plug-in wrapper unit 33 performs step S.1. The browser-side plug-in function output from the virtual machine 32 in response to the input of the plug-in function in step 6 is extracted as an output function and recorded in the test input output database 53 (step S.7).

Then, the vulnerability determination unit 44 obtains a difference function based on the plug-in function recorded in the patrol output database 52 and the plug-in function recorded in the test input output database 53. The obtained output function name of the difference function corresponds to the output function name recorded in the vulnerability determination database 56, and the argument information of the corresponding difference function is recorded in the vulnerability determination database 56. Based on whether or not the information corresponds to the identifier information, the vulnerability of the mobile code is determined (step S.8).

The vulnerability determination unit 44 records the obtained vulnerability determination result in the test result database 57 (step S.9), and ends the mobile code test process.

FIG. 5 shows a table in which the test generation unit 42 records the test tour plug-in function, the tour time argument information, and the test argument information in the test database 55.

Step S. 6, when the test input unit 43 extracts the NPP_New function with the test ID “1” shown in FIG. 14 and outputs the NPP_New function to the virtual machine 32, based on the browser-side plug-in function for this output, the vulnerability determination unit 44 determines that unauthorized network access occurs. This is because the key-value pair (url, http://www.example.com) is replaced as test argument information as shown in the column of “1” in FIG. As a result, "http://www.example.com" is passed to _root.url, and the site transitions to "http://www.example.com". is there. As a result, the site is displayed on the browser.

At this time, step S.E. 7, the output function extracted by the plug-in wrapper unit 33 is recorded in the output database 53 at the time of test input. FIG. 15A shows an output function corresponding to the plug-in function in the column whose test ID is “1” in FIG. As shown in FIG. 15A, the output function extracted by the plug-in wrapper unit 33 is NPN_GetURLNotify, and “url = http: //www.example.com” is included in the function argument information in this output function. It will be.

Therefore, the vulnerability determination unit 44 determines that there is a vulnerability based on unauthorized network access by referring to the vulnerability determination database 56 (step S.8), and uses the determination result as the test result database 57. (Step S.9).

On the other hand, step S. 6, when the test input unit 43 extracts the NPP_New function having the test ID “2” shown in FIG. 14 and outputs the NPP_New function to the virtual machine 32, based on the browser side plug-in function for this output, the vulnerability determination unit 43 44 determines that cross-site scripting occurs. This is because the key-value pair ２ (url, javascript: alert ("xss")) is replaced as test argument information as shown in the column of the test ID “2” in FIG. As a result, "javascript: alert (" xss ")" is passed to _root.url and the JavaScript is executed with "navigateToURL".

At this time, step S.E. 7, the output function extracted by the plug-in wrapper unit 33 is recorded in the output database 53 at the time of test input. FIG. 15B shows an output function corresponding to the plug-in function in the column whose test ID is “2” in FIG. As shown in FIG. 15B, the output function extracted by the plug-in wrapper unit 33 is NPN_GetURLNotify, and “url = javascript: alert (“ xss ”)” is included in the function argument information in this output function. End up.

Therefore, the vulnerability determination unit 44 determines that there is a vulnerability based on cross-site scripting by referring to the vulnerability determination database 56 (step S.8), and uses the determination result as the test result database. 57 (step S.9).

Furthermore, Step S. 6, when the test input unit 43 extracts the NPP_New function having the test ID “3” shown in FIG. 14 and outputs the NPP_New function to the virtual machine 32, based on the browser-side plug-in function for this output, the vulnerability determination unit 43 44 determines that there is no vulnerability. This is because the key-value pair (test, javascript: alert ("xss")) is replaced as test argument information and input to the virtual machine as shown in the column of test ID “3” in FIG. However, because the key is test, a value is entered in _root.test, but no value is entered in _root.url.

Therefore, the vulnerability determination unit 44 determines that there is no vulnerability by referring to the vulnerability determination database 56 (step S.8), and records the determination result in the test result database 57 (step S.8). 9) It will be.

FIG. 15 (c) shows the test results finally recorded in the test result database 57. As shown in FIG. 15C, it is possible to detect vulnerabilities to each mobile code for each test ID.

As described above, the mobile code test apparatus according to the present invention has been described in detail by showing the test apparatus 1 as an example. However, the mobile code test apparatus according to the present invention is not limited to the example shown in the above-described embodiment. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

For example, in the flowchart shown in FIG. 6, the test input unit 43 outputs all the plug-in functions replaced with the test argument information to the virtual machine 32, and step S. 7, all browser-side plug-in functions corresponding to the output to the virtual machine are extracted by the plug-in wrapper unit 33, and step S. 8, after the vulnerability determination unit 44 determines the vulnerability for the output function names of all the obtained difference functions, the step S. 9, the case where the vulnerability determination unit 44 records the result in the test result database 57 has been described.

However, step S.E. 6, the test input unit 43 outputs the plug-in function recorded in the test database 55 to the virtual machine 32 one function at a time. Vulnerability judgment is made in step S.8. 9, the test result database 57 records the vulnerability test result for one function. Returning to step S6, the vulnerability in the next one function is determined. 6 to Step S. The configuration may be such that up to 9 processes are repeatedly executed.

DESCRIPTION OF SYMBOLS 1 ... Test apparatus 2 ... Network 3 ... Server 10 ... Main-body part 11 ... Display part 12 ... Operation part 20 ... Control part 21 ... Data storage part 22 ... Communication part 30 ... Browser 31 ... Plug-in 32 ... Virtual machine 33 ... Plug-in Trumpet 34 ... OS
35 ... Hardware 40 ... Test setting unit 41 ... Circuit unit 42 ... Test generation unit 43 ... Test input unit 44 ... Vulnerability determination unit 50 ... Circuit route information database 51 ... Circuit input database 52 ... Circuit output database 53 ... Test Input output database 54 ... test generation pattern database 55 ... test database 56 ... vulnerability assessment database 57 ... test result database

Claims (9)

In a plug-in that inputs and outputs function information between a browser and a virtual machine that executes mobile code, first plug-in wrapper means that extracts input function information input from the browser to the virtual machine;
An operation procedure in the mobile code is preset as the traveling route information, and a traveling unit that executes an operation process in the mobile code based on the traveling route information;
Argument information changing means capable of changing the argument information of the input function information extracted by the first plug-in wrapper means to other argument information;
Incorrect processing based on the mobile code can be executed in the virtual machine, the function name of the illegal input function information and the illegal information set in the argument information of the illegal input function information when performing the illegal processing Test generation pattern recording means in which argument information is recorded,
The first plug-in wrapper means extracts input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code by the circulating means,
The argument information changing means selects a function name that matches the function name of the illegal input function information recorded in the test generation pattern recording means from the input function information extracted by the first plug-in wrapper means. A mobile code test device characterized in that the input function information is found, and the argument information of the found input function information is changed to the invalid argument information recorded in the test generation pattern recording means. In the plug-in, second plug-in wrapper means for extracting output function information output from the virtual machine to the browser;
An illegal input function information input means capable of causing the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information by the argument information changing means;
Vulnerability determination means for determining vulnerability to the mobile code based on the function name of the output function information extracted by the second plug-in wrapper means and the content of the argument information of the output function information. And
The second plug-in wrapper means includes illegal output function information output from the virtual machine corresponding to the illegal input function information input to the virtual machine by the illegal input function information input means, and The output function information output from the virtual machine corresponding to the input function information input to the virtual machine from the browser in accordance with the operation processing of the browser,
The vulnerability determination means finds out illegal output function information having a function name that matches the function name of the output function information from the illegal output function information, and in the argument information of the found illegal output function information, The mobile code test apparatus according to claim 1, wherein when the invalid argument information changed by the argument information changing means is included, it is determined that there is a vulnerability to the mobile code. In the plug-in, second plug-in wrapper means for extracting output function information output from the virtual machine to the browser;
An illegal input function information input means capable of causing the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information by the argument information changing means;
Vulnerability determination means for determining vulnerability to the mobile code based on the function name of the output function information extracted by the second plug-in wrapper means and the content of the argument information of the output function information;
The function name of the vulnerable output function information that can be determined to be vulnerable to the mobile code, and the vulnerable argument information that is the argument information of the vulnerable output function information and can be determined to have the vulnerability Recorded vulnerability determination pattern recording means, and
The second plug-in wrapper means extracts the illegal output function information output from the virtual machine corresponding to the illegal input function information input to the virtual machine by the illegal input function information input means,
The vulnerability determination means finds out the unauthorized output function information having a function name that matches the function name of the vulnerable output function information recorded in the vulnerability determination pattern recording means from the unauthorized output function information. When the argument information of the issued illegal output function information includes the vulnerable argument information recorded in the vulnerability determination pattern recording means, it is determined that there is a vulnerability to the mobile code. The mobile code test device according to claim 1. A mobile code test method for determining vulnerabilities in a virtual machine on which mobile code is executed,
Based on the cyclic route information in which the operation procedure in the mobile code is indicated, a cyclic step in which a cyclic means executes an operation process in the mobile code;
Input function information input from the browser to the virtual machine in accordance with the operation process of the mobile code in the patrol step, the first plug-in wrapper means stores function information between the virtual machine and the browser. An input function information extraction step to be extracted in a plug-in that performs input and output;
Among the input function information extracted in the input function information extraction step, a function name that matches the function name of the illegal input function information that can cause the virtual machine to execute an illegal process based on the mobile code. An input function information detecting step in which the argument information changing means finds out the input function information having,
The argument information changing means converts the argument information of the input function information found in the input function information detection step into illegal argument information set as argument information of the illegal input function information when performing the illegal processing. A method for testing mobile code, comprising: changing an invalid argument information to be changed. In response to the input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code, the second plug-in wrapper means outputs the output function information output from the virtual machine in the plug-in. An output function information extraction step to extract;
An illegal input function information input step in which the illegal input function information input means causes the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information in the illegal argument information change step. When,
Corresponding to the illegal input function information input to the virtual machine in the illegal input function information input step, the second plug-in wrapper means outputs the illegal output function information output from the virtual machine in the plug-in. An illegal output function information extraction step to be extracted;
Among the unauthorized output function information extracted in the unauthorized output function information extraction step, the vulnerability determination means has an unauthorized function name having a function name that matches the function name of the output function information extracted in the output function information extraction step. Incorrect output function information detection step for finding output function information;
When the illegal argument information changed in the illegal argument information changing step is included in the argument information of the illegal output function information found in the illegal output function information detecting step, the vulnerability determining means 5. The mobile code test method according to claim 4, further comprising: a vulnerability determination step for determining that there is a vulnerability with respect to the mobile code. In response to the input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code, the second plug-in wrapper means outputs the output function information output from the virtual machine in the plug-in. An output function information extraction step to extract;
An illegal input function information input step in which the illegal input function information input means causes the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information in the illegal argument information change step. When,
Corresponding to the illegal input function information input to the virtual machine in the illegal input function information input step, the second plug-in wrapper means outputs the illegal output function information output from the virtual machine in the plug-in. An illegal output function information extraction step to be extracted;
Among the unauthorized output function information extracted in the unauthorized output function information extraction step, the vulnerability determination means matches the function name of the vulnerable output function information that can be determined that there is a vulnerability to the mobile code. An illegal output function information detection step of finding illegal output function information having a function name;
When the argument information of the unauthorized output function information found in the unauthorized output function information detection step includes vulnerable argument information that can be determined that the vulnerability exists, the vulnerability determination means includes 5. The mobile code test method according to claim 4, further comprising: a vulnerability determination step for determining that there is a vulnerability with respect to the mobile code. A mobile code test program for performing vulnerability determination of a virtual machine in which mobile code is executed on a computer,
On the computer,
Based on the cyclic route information indicating the operation procedure in the mobile code, a cyclic function for executing the operation process in the mobile code,
Input function information input from the browser to the virtual machine according to the mobile code operation processing based on the patrol function is extracted in a plug-in that inputs and outputs function information between the virtual machine and the browser Input function information extraction function to
A function that matches the function name of the illegal input function information that can cause the virtual machine to execute an illegal process based on the mobile code from the input function information extracted based on the input function information extraction function An input function information detection function for finding input function information having a name;
Illegal argument information for changing the argument information of the input function information found based on the input function information detection function to the illegal argument information set as the argument information of the illegal input function information when performing the illegal processing A mobile code test program to realize the change function. In the computer,
Output function information extraction function for extracting, in the plug-in, output function information output from the virtual machine corresponding to input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code When,
An illegal input function information input function for causing the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information based on the illegal argument information change function;
Incorrect output function information for extracting in the plug-in the illegal output function information output from the virtual machine corresponding to the illegal input function information input to the virtual machine based on the illegal input function information input function Extraction function;
An unauthorized output function having a function name that matches the function name of the output function information extracted based on the output function information extraction function from the unauthorized output function information extracted based on the unauthorized output function information extraction function Illegal output function information detection function to find information,
In the case where the argument information of the illegal output function information found based on the illegal output function information detection function includes the illegal argument information changed based on the illegal argument information change function, the mobile code The program for mobile code testing according to claim 7, for realizing a vulnerability determination function for determining that a vulnerability exists. In the computer,
Output function information extraction function for extracting, in the plug-in, output function information output from the virtual machine corresponding to input function information input from the browser to the virtual machine in accordance with the operation processing of the mobile code When,
An illegal input function information input function for causing the virtual machine to input the illegal input function information in which the argument information is changed to the illegal argument information based on the illegal argument information change function;
Incorrect output function information for extracting in the plug-in the illegal output function information output from the virtual machine corresponding to the illegal input function information input to the virtual machine based on the illegal input function information input function Extraction function;
Among the illegal output function information extracted based on the illegal output function information extraction function, has a function name that matches the function name of the vulnerable output function information that can be determined to be vulnerable to the mobile code Illegal output function information detection function to find illegal output function information,
When the argument information of the unauthorized output function information found based on the unauthorized output function information detection function includes vulnerable argument information that can be determined that the vulnerability exists, the vulnerability to the mobile code The program for mobile code test according to claim 7, for realizing a vulnerability determination function for determining that there exists a vulnerability.

Images