DATA ANALYSIS / VERIFICATION SERVICE PROVISION SYSTEM, METHOD OF CONTROLLING IT, AND COMPUTER-READAB

专利摘要:
program analysis/verification service provision system, control method for the same, computer readable storage medium, program analysis/verification device, program analysis/verification tool management device. a program analysis/verification service provision system (1) includes: a registry section/search tool (313) for extracting, from a plurality of program analysis/verification tools (virtual machines) stored in a tool storage section (320), a virtual machine (t) on which a program analysis/verification tool for use in analyzing/verifying a target program (p) has been installed and configured; and a virtual machine runtime section (120) for analysis/verification of the target program (p) using the virtual machine (t) thus extracted.
公开号:BR112014011612B1
申请号:R112014011612-1
申请日:2012-11-12
公开日:2021-08-31
发明作者:Toshiyuki Maeda
申请人:Japan Science And Technology Agency；
IPC主号:

专利说明:

TECHNICAL FIELD
[001] The present invention relates to a program analysis/verification service provision system etc., for analysis and verification of a target program using a program analysis/verification tool. FUNDAMENTALS OF ART
[002] Program analysis/verification is an analysis and verification technique in which a computer program satisfies a certain characteristic. Program analysis/verification is considered to be an extremely effective means of certifying and verifying program security and reliability.
[003] In recent years, such a program analysis/verification technique has been tremendously improved, so that more and more practical programs can be analyzed and verified. In fact, several programs (hereinafter referred to as "program analysis/verification tools") for performing program analysis/verification have been developed for research use and for commercial use.
[004] Here, a conventional art for sharing program analysis/scanning tool will be described via a virus scanning/scanning website as an example.
[005] Figure 11 is a view illustrating a typical configuration example of the virus analysis/scan site. As illustrated in Figure 11, a user of a virus scanning/scanning site 900 sends to the virus scanning/scanning site 900 a target program that the user wishes to submit for virus scanning/scanning (P1). For example, for sites listed in the following non-patent literature 1, the target program is sent through a web interface. When the target program is submitted to a website, the virus analysis/scanning website 900 uses a virus analysis/scanning software 901 to perform analysis/verification of the thus-submitted target program (P2). When the scan/scan is completed, the virus scan/scan website 900 sends a scan/scan result to the user (P3).
[006] An advantage of the 900 virus analysis/scan site is that a site user does not need time and effort to prepare a computational resource (CPU time, memory capacity, etc.) for the analysis/scan and for introduce analysis/verification software. LIST QUOTE NON-PATENT LITERATURE NON-PATENT LITERATURE 1
[007] "Sandbox malware / virus analysis site", [online], June 2011, [search date: October 20, 2011], the Internet <URL:http://lhsp.s206.xrea .com/misc/virussandbox.html> SUMMARY OF THE INVENTION TECHNICAL PROBLEMS
[008] However, conventional program analysis/verification tools have the following practical problems. (1) Expansion of the computational resource required by the program analysis/verification tool
[009] Depending on the type of program analysis/verification techniques, program analysis/verification tools need an extremely large amount of computational resources (CPU time, memory capacity, etc.). This phenomenon is particularly notable in the case of a complicated feature being analyzed and verified or in a case where a target program to be analyzed and verified is large. Therefore, the type and size of analysis/verification that individual users of program analysis/verification tools can realistically perform is limited. (2) Diversification of the type of program analysis/verification tools
[0010] According to the improvement of analysis/verification techniques, extremely different types of program analysis/verification tools exist and new tools are being elaborated and developed. Therefore, it is difficult for users of program analysis/verification tools to determine which program analysis/verification tool to select. (3) Time, effort and cost of introducing / operating the program analysis/verification tool
[0011] As described above, several types of program analysis/verification tools exist, however, a single program analysis/verification tool rarely satisfies a user purpose of a program analysis/verification tool. Therefore, the user needs to introduce, operate, maintain and manage a plurality of program analysis/verification tools. This adds to time, effort and cost. (4) Difficulty testing program analysis/verification tools by themselves
[0012] Usability of program analysis/verification tools is being widely realized. However, it is difficult to test program analysis/verification tools by themselves as to whether or not the program analysis/verification tools will operate as expected.
[0013] This is because, just like users of program analysis/verification tools, the size of program analysis/verification that program analysis/verification tool providers can perform is limited, and programs and source code of them that program analysis/verification tools providers can use and view are limited, so a test of a program analysis/verification tool cannot be performed on multiple target programs.
[0014] The present invention was made in view of the above problems, and an object of the present invention is to achieve a program analysis/verification service provision system that can select one to be used from a plurality of program analysis/verification tools as appropriate and easily analyze/verify a program. TROUBLESHOOTING
[0015] In order to achieve the above objective, a program analysis/verification service provision system according to the present invention, this program analysis/verification service provision system is for analyzing/verifying a program target with use of one or more program analysis/verification tools, includes: means of obtaining target program to obtain the target program; a tool storage section in which a plurality of program analysis/verification tools are stored; tool extraction means for extracting, from the plurality of program analysis/verification tools stored in the tool storage section, to one or more program analysis/verification tools for use in analysis/verification of the target program that the means of obtaining target program obtained; tool retrieval means for retrieving, from the tool storage section, the one or more program analysis/verification tools that the tool extracting means has extracted; and tool execution means for analyzing/verifying, with use of each of the one or more program analysis/verification tools that the tool obtaining means obtained, the target program that the target program obtaining means obtained.
[0016] In addition, a method of controlling a program analysis/verification service provision system according to the present invention, this method is for analyzing/verifying a target program using one or more analysis tools / program verification, the program analysis / verification service provision system including a tool storage section, in which a plurality of program analysis / verification tools are stored, the method includes the steps of: obtaining step from target program to obtain the target program, tool extraction step to extract, from the plurality of program analysis/verification tools stored in the tool storage section, to one or more program analysis/verification tools for use in analyzing/verifying the target program that the target program obtain step obtained; tool get step to get the one or more program analysis/verification tools that have been extracted from the tool storage section in the tool extraction step; and analysis/verification tool execution step, using the one or more program analysis/verification tools that were obtained in the tool obtain step, the target program that was obtained in the target program obtain step.
[0017] In addition, a data processing service provision system according to the present invention, this data processing service provision system is for processing target data in multiple phases by subsequently using a plurality of data processing tools. data processing, includes: a tool storage section wherein the plurality of data processing tools are stored in a state where the plurality of data processing tools are associated with respective pieces of information related to the tool in the plurality of data processing tools; a result data storage section in which result data that has been obtained by processing data using one or more data processing tools for use at an earlier stage is stored in a state where the result data is associated with descriptive information of characteristics in the result data; result data obtaining means for obtaining the result data from the result data storage section; tool designation information obtaining means to obtain, as tool designation information to designate which data processing tool is used to process the result data that the result data obtaining means obtained, the characteristic descriptive information associated with the result data from the result data storage section; tool extraction means for searching the pieces of tool related information based on the tool designation information that the tool designation information obtaining means obtained, and extracting the one or more data processing tools associated with a part corresponding tool-related information from the plurality of data processing tools stored in the tool storage section; tool retrieval means for retrieving, from the tool storage section, the one or more data processing tools that the tool extracting means has extracted; and the tool executing means for processing, using one or more data processing tools that the tool obtaining means obtained, the result data that the result data obtaining means obtained. ADVANTAGEOUS EFFECTS OF THE INVENTION
[0018] According to an aspect of the present invention, it is possible to select a program analysis/verification tool to be used from a plurality of program analysis/verification tools as appropriate and easily analyze/verify a program. Furthermore, by performing program analysis/verification on a sharing system, it is possible to solve several practical problems that occur in conventional program analysis/verification techniques. Such effects are not limited to a program review/verification process. BRIEF DESCRIPTION OF THE DRAWINGS
[0019] Figure 1, illustrating an embodiment of the present invention, is a functional block diagram illustrating a detailed configuration of a program analysis/verification service provision system.
[0020] Figure 2, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of an analysis/verification execution subsystem included in a program analysis/verification service provision system and a flow of a analysis/verification execution process.
[0021] Figure 3, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of an analysis/verification execution subsystem included in a program analysis/verification service provision system and a flow of a process of displaying an analysis/verification result.
[0022] Figure 4, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of a target program management subsystem included in a program analysis/verification service provision system and a flow of a process registration of a target program.
[0023] Figure 5, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of a target program management subsystem included in a program analysis/verification service provision system and a process flow to obtain a target program from an analysis/verification execution subsystem.
[0024] Figure 6, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of a tool management subsystem included in a program analysis/verification service provision system and a flow of a process. registration of a program analysis/verification tool.
[0025] Figure 7, illustrating an embodiment of the present invention, is a block diagram illustrating a configuration of a tool management subsystem included in a program analysis/verification service provision system and a flow of a process. request to obtain a virtual machine including an image of a program analysis/verification tool from an analysis/verification execution subsystem.
[0026] Figure 8 is an explanatory view of data for use in the program analysis/verification service provision system illustrated in Figure 1, which shows a data structure of an order management database.
[0027] Figure 9 is an explanatory view of data for use in the program analysis/verification service provision system illustrated in Figure 1, which shows a data structure of a target program management database.
[0028] Figure 10 is an explanatory view of data for use in the program analysis/verification service provision system illustrated in Figure 1, which shows a data structure of a tool management database.
[0029] Figure 11, illustrating a conventional technique, is a block diagram illustrating a typical configuration example of a virus analysis/scan site. DESCRIPTION OF MODALITIES
[0030] The following description will discuss an embodiment of the present invention in detail. A program analysis/verification service provision system 1 of this variant will be discussed with reference to Figure 1 to Figure 10 as follows. (1. System configuration method for sharing analysis tool/program verification)
[0031] First, the description will discuss a method of solving the four practical problems of the conventional program analysis/verification tools described above. Note that specific examples of the method will be described later.
[0032] A key concept is that, from a so-called "cloud" approach that has been very popular in recent years, users of a plurality of program analysis/verification tools and providers (tool providers) of a plurality of program analysis/verification tools share a single system and perform program analysis/verification.
[0033] Specifically, the program analysis/verification service provision system 1 includes three subsystems, namely, an analysis/verification execution subsystem 10, a target program management subsystem, and a tool management subsystem. 10. Individual subsystems will be described below. Note that all three subsystems can be provided on a single computer, or they can be divided into a plurality of groups of computers that are connected through a network. (1.1. Analysis/verification execution subsystem)
[0034] First, based on a user request, the analysis/verification execution subsystem 10 (Figure 2, Figure 3) obtains, from the target program management subsystem, a target program P to be submitted to the program analysis/verification and obtains an analysis/verification tool (virtual machine T) from the tool management subsystem 30. Then the program analysis/verification is performed using the target program P and the programming tool. analysis/verification (virtual machine T) thus obtained, and a program analysis/verification result (R analysis/verification result data) is registered in a repository 13. Furthermore, the result of the same is shown to the user.
[0035] Regardless of the user's request, the analysis/verification execution subsystem 10 independently obtains, from the target program management subsystem 20, the target program P to be subjected to program analysis/verification according to a state of operation of the same. Specifically, the operating state when the analysis/verification execution subsystem 10 obtains the target program P is, for example, a case where (1) a system CPU utilization rate, (2) a utilization rate of memory, (3) an external storage utilization rate, or the like, fall below a predefined threshold. The analysis/verification execution subsystem 10 obtains not only the target program P, but also the program analysis/verification tool (virtual machine T) from the tool management subsystem 30, and performs analysis/verification and, in then logs a scan/scan result (R scan/scan result data) into the repository 13. Therefore, in a case where a request is received from a user from there, it is possible to immediately return the scan result/ verification inquiring the repository 13.
[0036] As described above, the plurality of users share the analysis/verification execution subsystem 10, which makes it possible to flexibly use an excess computational resource. This can reduce the cost of analyzing/verifying the program as a whole. Furthermore, because program analysis/verification can be performed beforehand independently of the user's request, it is possible to hide a cost of a computational resource that is required for an entire process of receiving the user's request to provide the analysis/verification result . Furthermore, it is easy to select a suitable program analysis/verification tool from a plurality of program analysis/verification tools. (1.2. Target program management subsystem)
[0037] Based on the user's request, the target program management subsystem 20 (Figure 4, Figure 5) maintains and manages (obtains/store/renews/deletes) a target program P assigned/provided by a user. Furthermore, the target program management subsystem 20 provides an appropriate target program P in response to a request from the analysis/verification execution subsystem 10.
[0038] In this way, the program analysis/verification tool can be run against a target program P registered by a plurality of users, so that individual program analysis/verification tool providers can perform a test of the program analysis/verification tool against various target programs P. (1.3 Tool management subsystem)
[0039] Based on the user's request/command, the tool management subsystem 30 (Figure 6, Figure 7) maintains and manages (installs and configures/deletes) a program analysis/verification tool designated by a user (provider of the program analysis/verification tool). In addition, the subsystem management tool 30 provides an appropriate program analysis/verification tool in response to a retrieval request from the analysis/verification execution subsystem 10.
[0040] As described above, the program analysis/verification tool provider installs, maintains and manages the program analysis/verification tool, and a plurality of users share the program analysis/verification tool. Therefore, users do not need to install, maintain and manage the program analysis/verification tool by themselves. (2. Sample system installation for sharing analysis tool/program verification)
[0041] The following description will discuss an example of installing the subsystems described above. (2.1. An example of analysis/verification execution subsystem installation)
[0042] Figure 2 is a block diagram illustrating a configuration of the analysis/verification execution subsystem 10 and a flow of an analysis/verification execution process.
[0043] The analysis/verification execution subsystem 30 includes a controller 11, a virtual machine execution environment 12, and the repository 13. The controller 11 performs processing of an execution request transmitted by a user, reception/transmission of data from/to the target program management subsystem 20 and from/to the tool management subsystem 30, performing analysis/verification, and storing a result of the analysis/verification in the repository 13. The virtual machine execution environment 12 is a runtime environment for performing the analysis/verification. Repository 13 stores the result of the analysis/verification.
[0044] Note that there are two reasons why the analysis/verification is performed using the virtual machine execution environment 12. As a first reason, by performing the analysis/verification using the virtual machine, a plurality of users and a plurality of program analysis/verification tool providers can easily achieve fair use of the system. Here, the expression "fair use of the system" means that, for example, a program analysis/verification tool that consumes a large amount of CPU and memory is run later, and other program analysis/verification tools are preferentially performed.
[0045] As a second reason, through the installation and configuration of the program analysis/verification tool in the virtual machine (see (2.3. An example of tool management subsystem installation) in detail), analysis tool providers/ program verification can install and configure program analysis/verification tools in a runtime environment that is substantially the same as a runtime environment in which they ordinarily developed and tested program analysis/verification tools. This can prevent program analysis/verification tool providers from taking on an unnecessary burden like patching a program analysis/verification tool in order to make the program analysis/verification tool suitable for a special execution and staging environment of a system to make a program analysis/verification tool receive/transmit data to/from abroad.
[0046] A specific flow of analysis/verification execution is as follows. First, a request to run the analysis/verification is transmitted to the controller 11 from a user (A1). The execution order includes a label indicating which target program P is subjected to analysis/verification and a label indicating which program analysis/verification tool (virtual machine T) is used. The controller 11 that received the execution request obtains the target program P from the target program management subsystem 20 based on a tag designated by the execution request and a tag that is attached to the user in accordance with the user's permission (A2- a, A3-a; target program acquisition step), and obtains the virtual machine T including an image of the program analysis/verification tool from the tool management subsystem 30 (A2-b, A3-b; step obtaining tool).
[0047] Note that the "tag that is attached to the user in accordance with the user's permission" means a tag, which is attached to individual users, representing access permission for the program analysis/verification tool (T virtual machine) and to target program P. For example, as a more basic tag, a tag such as “USER_A” is appended to an execution request that user A transmits. This allows user A to obtain a target program P and a program analysis/verification tool (virtual machines T) to which the label “USER_A” is appended. Meanwhile, for user B, a label such as "USER_B" is appended, so user B cannot get a target program P and a program analysis/verification tool (virtual machine T) in which only the “USER_A” tag is appended. That is, the target program P and the program analysis/verification tool (virtual machine T) of user A can be hidden from user B. As a more complex example, in a case where user A and user B share your target programs P and program analysis/verification tools (virtual machines T) like ordinary users, a label like "GROUP_AB" is attached to execution requests transmitted by users A and B. Therefore, users A and B can get the P target programs and the program analysis/verification tools (T virtual machines) to which the label "GROUP_AB" is attached.
[0048] Then, with the use of the target program P and a tool image (virtual machine T), the analysis/verification is actually performed in the execution environment of virtual machine 12 (A4; tool execution step). After analysis/verification, controller 11 receives a result from it (A5), and makes repository 13 store the result while associating the result with a tag (A6). Note that, as described above, processes (A2) through (A6) of Figure 2 can be performed in advance in accordance with an operating state of the analysis/verification execution subsystem 10, even if an execution request is not transmitted from a user, although it is not illustrated in Figure 2 explicitly. In this case, as the tag that is associated with the result while the analysis/verification result is stored in repository 13, a tag that has been attached to the target program P itself and the tool image (virtual machine t) itself of the program analysis/verification tool can be used.
[0049] Figure 3 is a block diagram illustrating a configuration of the analysis/verification execution subsystem 10 and a flow of a process of the result of the analysis/verification display.
[0050] The analysis/verification result stored in repository 13 is presented to a user as described below. Firstly, a request to obtain (request to obtain result) of the analysis/verification result is sent to the controller 11 by the user (B1). The request to obtain result includes tags similar to the execution request described above. The controller 11 that received the obtain result request obtains the analysis/verification result from the repository 13 on the basis of a tag designated by the obtain result request and a tag attached according to the user's permission (B2, B3 ). Then, the controller 11 causes the result thus obtained to be displayed to the user (B4). Note that, in a case where the result is not stored in repository 13, the process (A2) through (A6) in Figure 2 can be executed. (2.2. An example of installing a target program management subsystem)
[0051] Figure 4 is a block diagram illustrating a configuration of the target program management subsystem 20 and a flow of a target program registration process P.
[0052] The target program management subsystem 20 includes a controller 21 and a repository 22. The controller 21 performs processing a target program registration request transmitted by a user, obtaining the target program P, and registering the target program P to repository 22. Repository 22 stores the target program P.
[0053] A record stream of a specific target program is as follows. First, a request to register a target program P is transmitted to the controller 21 by the user (C1). The registration request includes a user-designated tag and designation of how to transmit the target program P. The user-designated tag in the registration request may be arbitrarily determined by the user in terms of its number and contents. The label is expected to be used when, for example, the type of programming language for use in the target program P is designated and where the program type (distinction between a user program and a system program, etc.) is designated. Furthermore, it is assumed that the way of broadcasting the target program P is direct broadcast from the user (C2) and imports from an external system (version management system etc.) (C2-1, C2-2 ). The controller 21 that received the registration request obtains the target program P in a manner designated by the registration request (C2, C2-1, C2-2), associates the target program P with the label designated by the registration request and the attached label according to the user's permission, and makes the repository 22 store the target program P (C3).
[0054] Figure 5 is a block diagram illustrating the configuration of the target program management subsystem and a flow of a request process for obtaining the target program P from the analysis/verification execution subsystem 10.
[0055] When the controller 21 has received a request to obtain the target program P from the analysis/verification execution subsystem 10 (D1), the controller 21 searches for the target program P in the repository 22 on the basis of a tag designated by the request. of obtaining (D2, D3). Then, the controller 21 transmits the target program P that was obtained from the repository 22 to the analysis/verification execution subsystem (D4). (2.3. An example of tool management subsystem installation)
[0056] Figure 6 is a block diagram illustrating a configuration of the tool management subsystem 30 and a flow of a program analysis/verification tool registration process.
[0057] The tool management subsystem 30 includes the controller 31, the repository 32, and the virtual machine execution environment 33. The controller 31 performs the processing of a registration request transmitted by a tool provider, generating a virtual machine (initial virtual machine) to install and configure the virtual machine storage and program analysis/verification tool T by including a tool image in repository 32. The virtual machine execution environment 33 is an environment that enables the provider to tool install and configure the program analysis/verification tool. Repository 32 stores a system image of the virtual machine T where the program analysis/verification tool has been installed and configured by the tool provider.
[0058] A specific flow of the program analysis/verification tool registration process is as follows. Firstly, the registration request of the program analysis/verification tool is transmitted to the controller 31 of the tool provider (E1). The registration request includes a tag designated by the tool provider. The label assigned by the tool provider of the registration request may be arbitrarily determined by the tool provider, in terms of content and its number. The registration request label designated by the tool provider is assumed to be used to designate the following: (1) the type of programming language and the type of program that the program analysis/verification tool can handle (distinction between a user program and a system program, etc); and (2) an execution environment in which the program analysis/verification tool works (such as operating system type and version, library type and version, a required computational resource, ie clock and type of CPU, the size of a memory, and the size of a disk).
[0059] The controller 31 that received the registration request generates a new virtual machine (initial virtual machine) (E2). At this time, controller 31 forms an appropriate virtual machine (an appropriate virtual machine (initial virtual machine) in which the operating system type and version, the size of a memory, and the size of a disk are adjusted) in accordance with a label designated by the registration request. Note that, in this mode, a virtual machine where the program analysis/verification tool has not been installed and configured is still referred to as "initial virtual machine".
[0060] Here, in a case of frequent combinations of designated tags, an incomplete virtual machine (initial virtual machine), where a suitable operating system or library is installed in advance, can be generated and stored in advance, and the machine incomplete virtual can simply be copied when the virtual machine is needed. This makes it possible to reduce a cost for using in virtual machine generation.
[0061] Then, the tool provider runs, in the virtual machine execution environment 33, the virtual machine (initial virtual machine) generated through the controller 31, and the program analysis/verification tool is installed and configured on the machine virtual (initial virtual machine) (E3). As described above, a suitable operating system, a suitable library, etc., are prepared in advance in a virtual machine (initial virtual machine) on the basis of a tag designated by a registration request. Therefore, the tool provider can install and tune a program analysis/verification tool in the same way that the tool provider usually installs and configures other program analysis/verification tools. This prevents tool providers from taking on an unnecessary burden like patching a program analysis/verification tool in order to make the program analysis/verification tool suitable for the execution environment and preparing a special system to do the special system receive/transmit data from/to an external system.
[0062] Finally, the controller 31 associates the virtual machine T with the label designated by the registration request, and makes the repository 32 store the virtual machine T including the tool image on which the program analysis/verification tool was installed and configured by the tool provider (E4).
[0063] Figure 7 is a block diagram illustrating a configuration of the management subsystem of the tool 30 and a flow of a request process to obtain the virtual machine T including an image of the program analysis/verification tool of the execution subsystem of analysis/verification.
[0064] Upon receipt of a request to obtain the virtual machine T from the analysis/verification execution subsystem 10 (F1; tool obtain step), the controller 31 searches for the virtual machine T in the repository 32 on the basis of a tag designated by the retrieval request (F2, F3; tool extraction step), and transmits the virtual machine T thus obtained to the analysis/verification execution subsystem (F4; tool retrieval step). (3. Detailed description of the example)
[0065] The following description will discuss an example of the program analysis/verification service provision system 1 in detail. (3.1. Configuration)
[0066] The following description will discuss a configuration of the program analysis/verification service provision system 1 with reference to Figure 1 and Figure 8 through Figure 10. Figure 1 is a function block diagram illustrating the configuration of the program analysis/verification service provision system 1. Figure 8 through Figure 10 are explanatory views showing data for use in program analysis/verification service provision system 1. Note that in the following description, Figure 2 through Figure 7 are also referred to as appropriate.
[0067] The program analysis/verification service provision system 1 provides a service that allows a user of a program analysis/verification tool to analyze/verify a target program P using the provided program analysis/verification tool by a tool provider.
[0068] As illustrated in Figure 1, the program analysis/verification service provision system 1 is configured to include an analysis/verification section (program analysis/verification device) 100, a program management section target (program analysis/verification target program management section) 200, and a tool management section (program analysis/verification tool management device) 300. Note that the analysis/service provision system 1 program verification can be configured by a single device. That is, the analysis/verification section 100, the target program management section 200, and the tool management section 300 can be assembled in a single device. Alternatively, the program analysis/verification service provision system 1 may be configured by a plurality of devices. Specifically, the analysis/verification section 100, the target program management section 200, and the tool management section 300 can be separately mounted on two or more devices.
[0069] In addition, the analysis/verification section 100, the target program management section 200, and the tool management section 300 correspond to the analysis/verification execution subsystem 10, the target program management subsystem 20 , and the tool management subsystem 30, respectively, illustrated in Figure 2 through Figure 7.
[0070] Note that this mode will discuss a case where information entered from/issued to the program 1 analysis/verification service provision system from/to the outside and information processed in the analysis service provision system /program verification 1 are written in label form, however the form is not limited to labels. (3.1.1 Analysis/Verification Section)
[0071] First, the analysis/verification section 100 has a function of (i) receiving a request to run the analysis/verification of a target program P from a user, (ii) obtain the target program P and an analysis tool /program verification (virtual machine T) according to the execution request, (iii) perform analysis/verification, and (iv) store analysis/verification result data R (Figure 2). The analysis/verification section 100 also has a function of receiving a result request from a user and presenting the thus stored analysis/verification result data R to the user (Figure 3).
[0072] Therefore, as illustrated in Figure 1, the analysis/verification section 100 includes an analysis/verification control section 110, a virtual machine execution environment section (tool execution medium) 120, and a data storage section 130. Note that the analysis/verification control section 110, the virtual machine execution environment section 120, and the data storage section 130 correspond to controller 11, the virtual machine execution environment 12, and repository 13, respectively, of the analysis/verification execution subsystem 10 illustrated in Figure 2 through Figure 3.
[0073] The analysis/verification control section 110 controls the entire analysis/verification section 100. Specifically, the analysis/verification control section 110 includes a user interface section (means of obtaining tool assignment information ) 111, a tool execution control section 112, a data management section 113, a target program acquisition section (target program acquisition means) 114, and a tool acquisition section (means of obtaining tool) 115.
[0074] User interface section 111 presents an operating screen to a user to provide a user interface for receiving input. The user interface section 111 can directly receive user operation such as a keyboard and mouse, or can indirectly receive user operation through a communication network such as the Internet.
[0075] Specifically, upon receipt of the user's operation, the user interface section 111 obtains a tag indicating the identification information on the user (user identification information) and a tag indicating the user's permission (user permission information ).
[0076] The user interface section 111 also receives the execution request from the user (A1 of Figure 2). The execution request includes the label indicating which target program P is subjected to analysis/verification (target program designation information) and the label indicating which program analysis/verification tool (virtual machine T) is used (target designation information tool). The tool assignment information is to designate which program analysis/verification tool (virtual machine T) is used for the analysis/verification of the target program P that the target program obtain section 114 obtained.
[0077] The user interface section 111 receives the request to obtain result from the user (B1 of Figure 3). The get result request includes a label similar to the execution request. Note that, in the result retrieval request, the tool designation information may be omitted.
[0078] The tool execution control section 112 parses/verifies the target program P as a function of the execution request that the user interface section 111 receives from the user. Specifically, tool execution control section 112 controls target program obtain section 114, and obtain target program P on the basis of target program designation information (A2-a, A3-a of Figure 2; Step of obtaining the target program). The tool execution control section 112 also controls the tool acquisition section 115, and obtains the virtual machine T including an image of the program analysis/verification tool as a function of the tool designation information (A2-b, A3 -b of Figure 2; tool acquisition step). Furthermore, the tool execution control section 112 causes the virtual machine execution environment section 120 to execute the target program P thus obtained in the virtual machine T thus obtained, to thereby analyze/verify the program (A4 of Figure 2; tool execution step). Note that such analysis/verification of target program P can be performed in virtual machine T while target program P is running in virtual machine T, however, analysis/verification can also be performed without executing target program P. In addition, the tool execution control section 112 receives a result of the analysis/verification after the analysis/verification in the virtual machine execution environment section 120 is completed (A5 of Figure 2), and controls the tool management section. data 113 to associate the result (R analysis/verification result data) with the execution order label, and then makes the data storage section 130 store the result (A6 of Figure 2).
[0079] Note that the tool execution control section 112 can perform the processes (A2) through (A6) of Figure 2 in advance, according to an operating state (CPU utilization rate, CPU utilization rate, memory, external storage utilization rate, etc.) of the virtual machine execution environment section 120 etc., even if the execution request is not transmitted from the user. In this case, the tag that is associated with the result when the result (R analysis/verification result data) is stored in the data storage section 130 is a tag attached to the target program P itself and a tag attached to the virtual machine T itself.
[0080] The tool execution control section 112 controls the data management section 113 based on the result obtain request that the user interface section 111 received from the user, obtain the analysis/verification result data R stored in data storage section 130, and presents the result in user interface section 111 to the user (B1 to B4 of Figure 3). Specifically, obtaining the R analysis/verification result data is performed by searching a DBi order management database using the tag included in the obtain result request and obtaining the associated analysis/verification result data R (ie R analysis/verification result data associated with the tag) from the data storage section 130.
[0081] Upon receipt of the execution request by the user, the data management section 113 makes the order management database DBi of the data storage section 130 store a content of the tag included in the execution request. In addition, the data management section 113 makes the data storage section 130 store the analysis/verification result data R. At this time, the analysis/verification result data R is stored in the data management database. DBi request so as to be associated with identification information (result data identification information) in the R analysis/verification result data and information in the execution request tag. In addition, after receiving the result request from the user, the data management section 113 reads, from the data storage section 130, the analysis/verification result data R corresponding to the contents of the tag. included in the request for obtaining results.
[0082] The target program obtain section 114 transmits a target program obtain request having target program designation information to the target program management section 200 (A2-a of Figure 2), and obtains the target program P in response to it (A3-a of Figure 2).
[0083] The tool obtain section 115 transmits a virtual machine (tool image) obtaining order having tool designation information to the tool management section 300 (A2-b of Figure 2), and obtains the analysis tool /program check (virtual machine T) in response to this (A3-b of Figure 2).
[0084] The virtual machine execution environment section 120 analyzes/verifies, in the virtual machine T obtained by the tool obtain section 115, the target program P by operating the target program P that the target program obtain section 114 obtained (A4 of Figure 2).
[0085] The data storage section 130 stores the DBi order management database and the R analysis/verification result data. As shown in Figure 8, the DBi order management database stores the information of user identification, user permission information, target program assignment information, tool assignment information, and result data identification information in a record. The R analysis/verification result data is associated with other information by the result data identification information.
[0086] Here, the information recorded in the DBi order management database will be discussed specifically with reference to Figure 8. • User identification information is identification information on users. Examples "USER_A, USER_B" represent labels associated with a user A, a user B, respectively. • User permission information is user access permission. An example "GROUP_AB" represents a label indicating group permission, whereby users A and B can share a target program P and a program analysis/verification tool (virtual machine T). The tag "PUBLIC" represents a tag indicating that an arbitrary user can access a tagged program and a tagged program analysis/verification tool (virtual machine T). The "ADMIN" tag represents a tag indicating that only one manager can access a tagged program and a tagged program analysis/verification tool (virtual machine T). • Target program designation information is information to designate which target program P is subjected to analysis/verification. The target program designation information corresponds to the sum of target program identification information and target program related information from a target program management database DBp. An example "OBJP_ID_1, C, SYSTEM_PROG" represents a target program "which has identification information OBJP_ID_1, which is a C language program, and whose type is a system program". • Tool designation information is the information to designate which program analysis/verification tool (virtual machine T) is used for the analysis/verification. Tool assignment information corresponds to the sum of tool identification information and tool-related information from a DBt tool management database. An example "TOOL_ID_0, C, USER_PROG, SYSTEM_PROG, CPU_SPEED_2G, MEM_MAX_1G" represents a program analysis/verification tool (T virtual machine) which "has identification information TOOL_ID_0, can verify a user program and a system program, includes a CPU having a frequency of 2 GHz and uses a memory of 1G maximum". • Result data identification information is identification information in result data (R analysis/verification result data) of the analysis/verification. An example "RESULT_0, RESULT_1" represents identifying information to refer to the analysis/verification result data.
[0087] Note that information (for example, consecutive number and date and time of issue of order) to directly specify that the order of execution can still be provided in the DBi order management database. Note, however, that it is possible to specify the execution request in a case where the target program designation information and the tool designation information, that is, the target program P and the program analysis/verification tool (virtual machine T), are uniquely designated in the DBi order management database. Therefore, information is not essential. (3.1.2 Target Program Management Section)
[0088] The target program management section 200 has the function of receiving a registration request from the user's target program P, obtaining the target program P according to the registration request, and storing the target program P (Figure 4) . The target program management section 200 also has a function of receiving a request for obtaining target program from the analysis/verification section 100 and transmitting the target program P thus stored in the analysis/verification section 100 (Figure 5).
[0089] Therefore, as illustrated in Figure 1, the target program management section 200 includes a target program management control section 210 and a target program storage section 220. Note that the target program management control section target program 210 and target program storage section 220 correspond to controller 21 and repository 22, respectively, of the target program management subsystem illustrated in Figure 4 through Figure 5.
[0090] The target program management control section 210 controls the entire target program management section 200. Specifically, the target program management control section 210 includes a user input section 211, a obtaining section. target program 212, a target program record/search section 213, and a target program broadcast section 214.
[0091] User input section 211 presents an operating screen to a user to provide a user interface for receiving input. The user input section 211 can directly receive an operation from the user, such as a keyboard and mouse, or it can indirectly receive the user's operation through a communication network such as the Internet.
[0092] Specifically, upon receipt of an operation from the user, the user input section 211 obtains the tag indicating the identification information on the user (user identification information) and the tag indicating the user's permission (permission information user).
[0093] In addition, the user input section 211 receives the registration request of the target program P from the user (C1 of Figure 4). The registration request includes the tag (target program related information) designated by the user, a tag designating how to transmit the target program P (assignment information transmission method), the identification information (target program identification information) in the target program P that must be analyzed/verified.
[0094] The target program obtain section 212 obtains the target program P based on the registration request that the user input section 211 received from the user. Specifically, in a case where the transmission method designation information included in the registration request is "direct transmission", the target program obtain section 212 obtains the target program P transmitted by the user (C2 of Figure 4). Meanwhile, in a case where the transmission method designation information included in the registration request is "import", the target program obtain section 212 obtains the target program P from an external system (version management system or similar) (C2-1, C2-2 of Figure 4).
[0095] In a case where the user input section 211 receives the user registration request, the target program registration/search section 213 makes the target program management database DBp of the program storage section target 220 store the contents of the tag included in the registration request (C3 of Figure 4). Target program registration/search section 213 also causes target program storage section 220 to store target program P that target program obtain section 212 obtained (C3 of Figure 4). At this time, the target program P is stored in the target program management database DBp, so as to be associated with the target program identification information P (target program identification information) and the information in the tag of the request. record.
[0096] In addition, upon receipt of the request to obtain target program from the analysis/verification section 100, the target program registration/search section 213 refers to the target program management database DBp and reads the corresponding target program P of target program storage section 220 in response to target program designation information (the sum of target program identification information and target program related information) included in the target program obtain request (D1 to D4 of Figure 5).
[0097] The target program transmission section 214 receives the target program obtain request having the target program identification information from the analysis/verification section 100 (D1 of Figure 5), and in response to the request for obtaining target program, transmits target program P to analysis/verification section 100 (D4 of Figure 5).
[0098] The target program storage section 220 stores the target program P in the target program management database DBp. As illustrated in Figure 9, the target program management database DBp stores the user identification information, the user permission information, the target program related information, the transmission method assignment information, and the target program identification information in a record. Target program P is associated with other information by target program identification information.
[0099] Here, the information recorded in the DBp target program management database will be discussed specifically with reference to Figure 9. • User identification information is identification information on users. Examples "USER_A, USER_B" represent labels associated with a user A, a user B, respectively. • User permission information is user access permission. An example “GROUP_AB” represents a label indicating group permission, whereby users A and B can share a target program P and a program analysis/verification tool (virtual machine T). The “PUBLIC” tag represents a tag indicating that an arbitrary user can access a tagged program and a tagged program analysis/verification tool (virtual machine T). The "ADMIN" tag represents a tag indicating that only one manager can access a tagged program and a tagged program analysis/verification tool (virtual machine T). • Target program-related information is information that can be arbitrarily determined by a user in terms of content and content number. For example, as well as information related to the target program, the type of programming language, the type of program (distinction between a user program and a system program), etc., for use in the target program P, can be written . In the examples, "the type of programming language" and "the type of program" are exemplified. The examples "Java, C, C + +, OCaml", which are examples of the type of programming language, exemplify labels indicating which programming language the target program is written by. In addition, the examples "USER_PROG, SYSTEM_PROG, LIBRARY", which are examples of the program type, exemplify the target program type (user program, system program, library, etc.). • The transmission method assignment information is the information in which the mode of transmitting the target program P is designated, for example, whether the target program P is transmitted directly by the user or is imported from an external system, is written. An example "DIRECT_UPLOAD" represents a label indicating that the target program P is directly loaded by a user. An example "IMPORT_git://XX ..." represents a tag indicating that the target program P is fetched or fetched from an external repository (here, git://XXX ...). • Target program identification information indicates target program identification information P that must be analyzed / verified. Examples "OBJP_ID_0, OBJP_ID_1" represent tags indicating identification information to refer to the target program P stored therein. (3.1.3 Tool management section)
[00100] The tool management section 300 has a function of receiving a request to register a program analysis/verification tool from a tool provider, generate a virtual machine T in which the program analysis/verification tool program is installed and configured in response to the registration request, and store the virtual machine T (Figure 6). The tool management section 300 also has a function of receiving a request to obtain a virtual machine from the analysis/verification section 100 and transmitting, to the analysis/verification section 100, the virtual machine T that was searched for in the information base. of tool designation thus obtained and then extracted (Figure 7).
[00101] Therefore, as illustrated in Figure 1, the tool management section 300 includes a tool management control section 310 and a tool storage section 320. Note that the tool management control section 310 and the tool storage section 320 corresponds to the controller 31 and the repository 32, respectively, of the tool management subsystem 30 shown in Figure 6 through Figure 7. In the tool management section 300 of Figure 1, a machine generation section Virtual machine 312 of tool management control section 310 has a function corresponding to the function that virtual machine execution environment 33 of tool management subsystem 30 has.
[00102] The tool management control section 310 controls the entire tool management section 300. Specifically, the tool management control section 310 includes a tool provider input section 311, a machine generation section. virtual (virtual machine generation means) 312, a tool registration/search section (tool extraction means) 313 and a tool transmission section 314.
[00103] Tool provider input section 311 presents an operating screen to the user to provide a user interface for receiving input. The tool provider input section 311 can directly receive a user's operation through input devices such as a keyboard and a mouse, or it can indirectly receive the user's operation through a communication network such as the Internet.
[00104] Specifically, upon receipt of an operation from a tool provider, the tool provider input section 311 obtains a tag (tool provider identification information) of identification information in the tool provider.
[00105] Tool provider input section 311 also receives the tool provider's program analysis/verification registration tool request (E1 of Figure 6). The registration request includes a tag designated by the tool provider (tool related information) and an identifying information tag on the program analysis/verification tool (tool identification information). Note that the tool identification information is used as the identification information in virtual machine T including a tool image in which the program analysis/verification tool for use in the analysis/verification has been installed and configured. In addition, tool provider input section 311 receives the program analysis/verification tool in response to the registration request (E3 of Figure 6).
[00106] The virtual machine generation section 312 generates, for each program analysis/verification tool, a virtual machine T on which the program analysis/verification tool has been installed and configured (E2 of Figure 6). For generation of virtual machine T, the tool related information that the registration request has is used as data to install and configure the program analysis/verification tool on the virtual machine. Virtual machine generation section 312 includes an initial virtual machine generation section 3121 and a tool introduction section 3122.
[00107] The initial virtual machine generation section 3121 generates, based on the information related to the tool, a virtual machine (initial virtual machine) where the program analysis/verification tool has not been installed and configured yet. So, for example, it is possible to obtain an initial virtual machine that is suitable in terms of the type of programming language and the type of program (distinction between a user program and a system program) with which the analysis/verification tool of read program and an execution environment (the operating system type and version, the library type and version, a required computational resource, ie, a clock and the type of CPU, sizes of a memory and a disk, etc. .) in which the program analysis/verification tool operates.
[00108] Tool introduction section 3122 runs the virtual machine (initial virtual machine) that initial virtual machine generation section 3121 generated, and installs and configures the program analysis/verification tool based on an etc instruction. , by the tool provider (E3 Figure 6).
[00109] In a case where the tool provider input section 311 receives the tool provider registration request, the tool registration/search section 313 makes the tool management database DBt of the storage section of tool 320 storing the contents of the tag included in the registration request (E4 of Figure 6). Tool logging/search section 313 also causes tool storage section 320 to store the virtual machine T that spawn virtual machine section 312 generated (C3 of Figure 4). At this point, tool registration/search section 313 causes tool storage section 320 to store virtual machine T as tool image data.
[00110] In addition, the tool registration/search section 313 makes the tool management database DBt store the virtual machine T so that the virtual machine T is associated with the identification information (tool identification information ), etc., of the same. After receiving a virtual machine (tool image) getting order from the analysis/verification section 100, the tool registration/search section 313 refers to the DBt tool management database and search for the information related to the tool corresponding to the tool assignment information that the virtual machine (tool image) getting requested has. Then the tool registration/search section 313 reads, from the tool storage section 320, the virtual machine (tool image) T associated with the tool-related information corresponding to the tool designation information (F1 to F4 of Figure 7).
[00111] The tool transmission section 314 receives the virtual machine (tool image) obtaining request having tool assignment information from the analysis/verification section 100 (F1 of Figure 7), and in response to the virtual machine (tool image) taking order, passes one or more virtual machines T extracted by tool logging/searching section 313 to analyzing/verifying section 100 (F4 of Figure 7).
[00112] The tool storage section 320 stores the tool management database DBt and the virtual machine (image data) T. As illustrated in Figure 10, the tool management database DBt stores the information of tool supplier identification, tool-related information, and tool identification information in a record. The virtual machine (image data) T is associated with other information by tool identification information.
[00113] Here, the information recorded in the DBt tool management database will be discussed specifically with reference to Figure 10. • Tool provider identification information is identification information in the tool providers. Examples "USER_A, USER_B" represent labels associated with a user A, a user B, respectively. • Tool-related information is information that can be arbitrarily determined by a user in terms of content and number. Tool-related information is, for example, the type of programming language and the type of program (distinction between a user program and a system program) with which the program analysis/verification tool (T virtual machine) can handle and an execution environment (operating system type and version, library type and version), a required computational resource (a clock and CPU type, memory and disk sizes, etc.) in which the program analysis/verification tool (virtual machine T) operates. In the examples, "the type of programming language", "the type of program", and the "execution environment and computational resource" examples are exemplified. The examples "Java, C, C + +, OCaml", which are examples of the type of programming language, exemplify labels indicating which program written in which programming language is a target of the program analysis/verification tool (T virtual machine ). In addition, the examples "USER_PROG, SYSTEM_PROG, LIBRARY", which are examples of the type of program, exemplify the type of program (user program, system program, library, etc.) that the program analysis/verification tool ( virtual machine T) can analyze/verify. In addition, the examples "OS_Linux 3.x, LIB_libgplk_1.X, CPU_KIND_X86, CPU_SPEED_2G, CPU_EM UM_8, MEM_MAX_1G, DISK_MAX_4G", which are examples of the execution environment and computational resource, exemplify the type of execution environment and the type of resource computational where and with use that the program analysis/verification tool (virtual machine T) can execute. In this case, the examples indicate that the operating system is Linux 3.x, the library is libgplk 1.X, the CPU type is X86, an execution frequency is 2 GHz, the number of CPU cores is 8 or less , an amount of a maximum memory usage is 1GB, and a disk amount is 4G. • Tool identification information is the identification information in virtual machine T including the tool image in which the analysis tool/ program verification (T virtual machine) for use in analysis/verification has been installed and configured. Examples "TOOL_ID_0, TOOL_ID_1" represent stored program analysis/verification tools, and more specifically represent identification information to refer to virtual machine T including the tool image where the program analysis/verification tool was installed and configured. (4. Comparison with conventional techniques)
[00114] Here, on the problems described as "TECHNICAL PROBLEMS", the description will discuss the differences between the program analysis/verification service provision system 1 of this modality and conventional techniques, in particular, an analysis/verification site virus (non-patent literature 1). (1) Expansion of the computational resource required by the program analysis/verification tool
[00115] In relation to this problem, in a case of conventional virus analysis/scanning sites, users do not need to prepare a computational resource, however analysis/scanning tool providers need to prepare a computational resource by themselves or form new internet interfaces.
[00116] On the contrary, in a case of program analysis/verification service provision system 1, tool providers of a plurality of program analysis/verification tools may share a computational resource, so that the load on the providers of tool is greatly reduced. Also, as described above in (2.3. An example of tool management subsystem installation), the tool provider only needs to install and configure a program analysis/verification tool on a virtual machine that has been prepared in advance. Thus, tool providers do not need to carry out additional work, such as forming new internet interfaces. (2) Diversification of the type of program analysis/verification tools
[00117] In relation to this problem, there are a large number of virus analysis/scanning sites as described in Non-patent Literature 1, however, these sites are operated by different tool providers individually, and a uniform interface does not exist. Therefore, it is difficult for users of program analysis/scanning tools to determine which program analysis/scanning tool to select, ie which virus scanning/scanning site to select. (3) Time, effort and cost of introduction/operation of the program analysis/verification tool
[00118] In relation to this problem, similarly, a large number of virus scanning/scanning sites are operated by different individual tool providers, and a uniform interface does not exist. Therefore, it is difficult to perform the analysis/verification effectively using a plurality of sites and to collect/compare the analysis/verification results.
[00119] As an easy means to avoid the problem, it is conceivable that a plurality of program analysis/verification sites are used as rear terminals and one site to provide a uniform interface as a front terminal. The means is specifically realized as follows: a target program is received from a user; the target program is broadcast to a plurality of program review/verification sites; and respective results are collected and then transmitted to the user.
[00120] However, as described below, this method still has problems. First, if a target program is simply broadcast to a plurality of program analysis/verification sites, the target program is also broadcast to sites that do not provide the program analysis/verification tool that the user needs. As a result, analysis/verification efficiency is decreased and analysis/verification results become huge, and therefore comparison and examination of results is difficult. Rather, as described in (2. Example of installation of a system for program analysis/verification tool sharing), the program analysis/verification service provision system 1 is configured so that target programs and tools program analysis/verification are managed by tagging target programs and program analysis/verification tools. Therefore, it is possible to efficiently select a necessary program analysis/verification tool.
[00121] Furthermore, as another issue, if a target program is simply broadcast to a plurality of program analysis/verification sites, users need to store and manage the analysis/verification results. Therefore, there is a possibility that users are overloaded with a computational resource or users unnecessarily repeat identical analysis/verification. On the contrary, in program analysis/verification service provision system 1, as described in (2. Example of installing a system for sharing program analysis/verification tool), the analysis/verification results can be uniformly stored in a repository, and therefore search etc of the results can be performed through the use of tagging.
[00122] Furthermore, the means of using a plurality of sites as a later terminal cannot solve problems (1) and (4). (4) Difficulty testing program analysis/verification tools
[00123] In relation to this problem, firstly, computational resources that individual analysis/verification tool providers can prepare are limited, and a size and complexity of a target to be actually analyzed/verified is limited. Therefore, the difficulty of testing program analysis/scanning tools by themselves is an issue that conventional virus scanning/scanning sites also have.
[00124] By contrast, in program analysis/verification service provision system 1, providers of a plurality of program analysis/verification tools share computational resources. As a result, it is possible to analyze/verify a target having a larger size and a more complex configuration, and therefore it is possible to test the program analysis/verification tools by themselves more strictly. Furthermore, because a program to be analyzed/verified can be shared by a plurality of program analysis/verification tools and therefore it is possible to perform a test of each program analysis/verification tool on more targets.
[00125] As described above, conventional virus scanning/scanning sites have advantages, for example users do not need to prepare a computer resource for scanning/scanning and carry out additional work like introducing scanning/scanning software. However, conventional virus scanning/scanning sites still have the problems ((1) to (4)) that the present invention has achieved. (5. Application to multiple stages of analysis/verification)
[00126] The above description discussed a case where the program analysis/verification service provision system 1 analyzes/verifies a target program using the program analysis/verification tool in a single stage. However, the program analysis/verification service provision system 1 can be used properly in a case where the target program is analyzed/verified at various stages of analysis/verification.
[00127] Furthermore, for example, in a case where a target program is analyzed/verified using a program analysis/verification tool and then result data obtained by the analysis/verification is further analyzed/verified , tool designation information for use in analysis/verification at each stage, and tool-related information are preferably appropriately tagged with the target program or result data. Specifically, the program analysis/verification service provision system 1 is configured in such a way that a tag is used at each stage of the analysis/verification, etc., and therefore it is also possible to efficiently perform the analysis/verification in a case where a target program is analyzed/verified in a multi-stage analysis/verification process.
[00128] The following description will discuss an example where a target program is analyzed/verified at various stages using a tag at each stage of the program analysis/verification service provision system 1.
[00129] Here, the description will discuss (i) a process in which the program analysis/verification service provision system 1 analyzes/verifies a target program using a program analysis/verification tool and (ii) a in which case result data obtained by the process are subsequently subjected to analysis/verification (post-processing).
[00130] First, the result data, in which the virtual machine execution environment section (tool execution medium) 120 obtained through the analysis/verification of the target program using the analysis/verification tool of program, are associated with characteristic descriptive information (label) of the result data and then are stored in the data storage section (result data storage section) 130. Meanwhile, the tool storage section 320 stores the result data in a state where the program analysis/verification tool (post-processing tool) for analysis/verification of the result data is associated with the information related to the analysis/verification tool.
[00131] Then, the user interface section (tool designation information obtaining means) 111 obtains, like the tool designation information, the characteristic descriptive information associated with the result data of the storage section. data 130.
[00132] The tool registration/search section (tool extraction medium) 313 searches for tool related information based on the tool designation information that the user interface section 111 obtained, and extracts, from a plurality of post-processing tools that tool storage section 320 stores, a post-processing tool associated with the tool-related information thus found.
[00133] Thereafter, the program analysis/verification service provision system 1 subsequently performs analysis/verification (post-processing) with respect to the analysis/verification result data of the target program using the analysis tool. post-processing thus extracted as described above.
[00134] In the above example, it is conceivable that examples of the characteristic descriptive information (tag) that is preferably attached to the result data of this analysis/verification process comprise tags indicating the type of data (for example, "execution_path" (representing a execution path), “execution_trace" (representing execution trace), “program_point" (representing a program execution point)). In addition, tool assignment information (label) can also be attached to a data analysis tool in the same way as program analysis/verification.
[00135] Note that the number of analysis/verification process stages of the target program is not limited to two stages, and the number of process stages can be used arbitrarily.
[00136] The above description described a case where the program analysis/verification service provision system 1 analyzed/verified the target program using the program analysis/verification tool and subsequently analyzed/verified the data from result of it. However, the present invention can also be applied to a case where the program analysis/verification service provision system 1 analyzes/verifies a result of the analyzed/verified data in another system. That is, in a multi-stage analysis/verification process, all analysis/verification processing may be performed by the program analysis/verification service provision system 1, or processing at each stage may be performed by another system.
[00137] Specifically, the program analysis/verification service provision system 1 can perform analysis/verification more precisely on the basis of an execution path than another system that issued as a result of the analysis.
[00138] Also in a case where a program analysis/verification tool from another system, other than the program analysis/verification service provision system program analysis/verification tool 1, analyzes/verifies the In target program, it is possible to analyze/verify the result data with use of a data analysis tool by attaching a tag (attaching descriptive information of characteristics) to the result data that was issued as a result of the analysis/verification.
[00139] That is, even in the case where the program analysis/verification tool of the other system analyzes/verifies the target program, it is possible to use a structure of the present invention by attaching a label to the analysis result data/ verification to be issued, and storing the result data.
[00140] Furthermore, as described above, the present invention is non-restrictively applied to the analysis/verification of a target program and to a process (post-processing) of analysis/verification of the analysis/verification result data to be issued. For example, it is preferably possible to apply tagging also in a case where pre-processing is needed to analyze/verify a target program.
[00141] The following description will discuss an example where a target program that was obtained by pre-processing a pre-processed program is analyzed/verified using the program analysis/verification service provision system 1 to in order to analyze/verify the target program.
[00142] Depending on the type of program analysis/verification tool, it is assumed that a target program (post-preprocessed program) needs to be prepared as a result of preprocessing a program (preprocessed program ).
[00143] Specifically, the target program, which is a result of pre-processing the pre-processed program using a pre-processing tool (tool), is issued as a first stage, and then the target program is stored in the target program storage section (post-preprocessed program storage section) 220. Then, as a second stage, the target program obtained by preprocessing is subsequently subjected to an analysis/verification process with the using the program analysis/verification tool.
[00144] In this case, the target program, obtained by pre-processing the program that has not undergone pre-processing, is stored in the target program storage section (post-preprocessed program storage section) 220 of so that the target program is associated with the descriptive information of characteristics (label) of the target program.
[00145] Then, the target program obtain section 114 obtains the target program from the target program storage section 220. Meanwhile, the user interface section (tool assignment information obtaining means) 111 obtains, as the tool designation information, the feature descriptive information associated with the target program, which feature descriptive information is obtained by the target program, from the target program storage section 220.
[00146] As a process that needs pre-processing of a program in order to analyze/verify a certain program as described above, there are, for example, data flow analysis, control flow analysis, program cutting, and pointer analysis.
[00147] After that, the pre-processing tool (tool) and the target program (post-pre-processed program) are identified and stored, which makes it possible to use the structure of the present invention.
[00148] In fact, there are several types of pre-processing tools as well as analysis/verification tools, and the various types of pre-processing tools consume a large amount of computational resource. Therefore, the present invention is effective not only for analysis/verification tools, but also for pre-processing tools.
[00149] For example, it is conceivable that as the tag (tool-related information) that is attached to the pre-processing tool (tool), there is a tag indicating a target that can be subjected to pre-processing (which is similar to a label attached to the verification tool) and a label indicating what pre-processing is performed (for example, a label indicating the type of pre-processing, such as “data_flow_analysis”, “control_flow_analysis”, “program_slicing”, and “pointer_analysis” ”). It is also conceivable that, as the characteristic descriptive information (label) that is associated with the pre-processing result data, “data_flow_analysis”, “control_flow_analysis”, “program_slicing”, “pointer_analysis”, etc., is effective.
[00150] The following description will discuss, as an example where the above two examples are combined, a case where the target program is subjected to pre-processing using the pre-processing tool (data processing tool of pre-processing) in the program analysis/verification service provision system (data processing service provision system) 1, and then the target program that has been subjected to pre-processing is analyzed/verified with using program analysis/verification tool, and then analysis/verification result data is analyzed/verified using another analysis/verification tool (pre-processing data processing tool).
[00151] As a first stage, the target program, which is the result of pre-processing the pre-processed program using the pre-processing tool (pre-processing data processing tool), is issued and the target program is stored in the target program storage section (post-preprocessed program storage section) 220. The target program, which was obtained by preprocessing the preprocessed program, is associated with the descriptive information of characteristics (label) of the target program, and is stored in the target program storage section (post-preprocessed program storage section) 220, as described above.
[00152] At this time, it is conceivable that the characteristic descriptive information (label) preferably attachable to the target program that was subjected to pre-processing, is, for example, a label indicating the type of pre-processing ("data_flow_analysis", " control_flow_analysis”, “program_slicing”, “pointer_analysis”, etc.), as described in the examples above.
[00153] Then, in a second stage, the target program, which was obtained by pre-processing, is analyzed/verified using the program analysis/verification tool. Specifically, first, the target program obtain section 114 obtains the target program from the target program storage section 220. Meanwhile, the user interface section (tool assignment information obtaining means) 111 obtains, like the tool designation information, feature descriptive information associated with the target program, this feature descriptive information was obtained by the target program from the target program storage section 220. Then, the execution environment section of virtual machine (tool execution medium) 120 analyzes/verifies the target program using the program analysis/verification tool, and result data thus obtained is stored in the data storage section (result data storage section) 130 so as to be associated with the characteristic descriptive information (label) of the result data.
[00154] At this point, it is conceivable that the characteristic descriptive information (label) preferably attachable to the result data is, for example, a label indicating the type of data ("execution_path" (representing an execution path), "execution_trace" (representing an execution dash), and "program_point" (representing a program execution point), etc.), as described in the examples above.
[00155] Finally, as a third stage, the user interface section (means of obtaining tool designation information) 111 obtains, like the tool designation information, the feature descriptive information associated with the result data of the data storage section 130. The tool storage section 320 stores the program analysis/verification tool (pre-processing data processing tool) to analyze/verify the result data so that the analysis tool/ program verification is associated with information related to the analysis/verification tool. The tool registration/search section (tool extraction medium) 313 then searches for the tool-related information based on the tool designation information that the user interface section 111 obtained, and extracts, from a plurality of post-processing tools that the tool storage section 320 stores, a post-processing tool (pre-processing data processing tool) associated with the tool-related information thus found. Thereafter, the program analysis/verification service provision system 1 obtains the data processing tool, thus extracted from the tool storage section 320, and subsequently performs, using the post-processing tool thus obtained, the analysis/verification (post-processing) with respect to the result data of the process in which the target program was analyzed/verified.
[00156] Note that, in the combination example above, the number of preprocessing processes and the number of postprocessing processes are one each, however, it is possible to combine arbitrary numbers of preprocessing processes, processes post-processing, and analysis/verification processing processes. Also, any of the pre-processing, post-processing, and analysis/verification processing can be omitted.
[00157] As described above, in case a data processing is performed in several stages, the program analysis/verification service provision system 1 associates the data (program or data other than the program) obtained in each stage as a result of the process with the descriptive information of characteristics (label), and then the data is stored. The data obtained at each stage as the result of the process are associated with descriptive characteristic information (label) at the same time as the data is stored or for a period after the data is stored, but before a tool for use in processing next in a next stage to be extracted. In this case, the characteristic descriptive information (label) to be associated is preferably determined according to a predetermined rule that is suitable for the tool to use in the processing at each stage. Note that the program analysis/verification service provision system 1 can be configured so that a user manually associates the descriptive characteristic information (tag) with the data obtained from the processing at each stage.
[00158] As described above, the present invention can be configured as follows in a case where the present invention is applied to the analysis/verification at various stages in which a process (pre-processing) in which a target program is obtained by pre- -processing of a program and a process in which the target program thus obtained is analyzed/verified are then carried out.
[00159] The program analysis/verification service provision system (program analysis/verification service provision system 1) to subsequently carry out a first process in which a pre-preprocessed program is preprocessed to obtain the target program and a second process wherein the target program thus obtained through the first process is analyzed/verified using one or more program analysis/verification tools, the program analysis/verification service provision system further includes a post-preprocessed program storage section (target program storage section 220) for storing the target program, which has been obtained by preprocessing the pre-processed program, so that the target program is associated with feature descriptive information (tool designation information) in the target program, where: the target program obtaining means (target program obtaining section 114) obtains the program to lvo from the post-preprocessed program storage section; and the tool designation information obtaining means (the user interface section 111) obtains, as the tool designation information, from the post-preprocessed program storage section, the associated feature descriptive information. with the target program that the means of obtaining the target program obtained.
[00160] Furthermore, in the present invention, in a case where the analysis/verification is performed in multiple stages, that is, in the case of a first process in which the target program is analyzed/verified and a second process in which the obtained result data are analyzed/verified is then performed, the present invention can be configured as follows.
[00161] The program analysis/verification service provision system (program analysis/verification service provision system 1) to subsequently carry out a first process in which the target program is analyzed/verified using a or more program analysis/verification tools and a second process in which result data obtained through the first process is post-processed, the program analysis/verification service provision system further includes a result data storage section. (data storage section 130) to store the result data, wherein the tool execution medium (virtual machine execution environment section 120) was obtained by analyzing/verifying the target program using one or more tools of program analysis/verification, in a state where the result data is associated with characteristic descriptive information (tool designation information) in the data of result data, where: the tool storage section (tool storage section 320) stores at least one post-processing tool for post-processing the result data in a state where the at least one post-processing tool. processing is associated with a piece of tool-related information in the at least one post-processing tool; the tool designation information obtaining means (the user interface section 111) obtains, as the tool designation information, from the result data storage section, the characteristic descriptive information associated with the data of result; and the tool extraction means (tool registration/search section 313) searches for the piece of tool-related information based on the tool designation information that the tool designation information obtaining means obtained, and extracts, the from a plurality of post-processing tools stored in the tool storage section, to at least one post-processing tool associated with the tool-related piece of information thus found.
[00162] Furthermore, in a case where the present invention is configured as a service provision system that does not require a program analysis/verification process, the present invention may also be configured as follows.
[00163] A data processing service provision system (program analysis/verification service provision system 1) according to the present invention, which is for processing target data (target program, result data) at various stages by subsequently using a plurality of data processing tools (program analysis/verification tool, the pre-processing tool, the post-processing tool), the data processing service provision system includes: a tool storage section (tool storage section 320) wherein the plurality of data processing tools are stored in a state where the plurality of data processing tools are associated with respective pieces of tool-related information. with the plurality of data processing tools; a result data storage section (data storage section 130) in which result data has been obtained by processing data using one or more data processing tools for use at an earlier stage (analysis tool/ program verification, pre-processing tool) are stored in a state in which the result data is associated with feature descriptive information (tool designation information) in the result data; result data obtaining means (target program obtaining section 114) for obtaining the result data from the result data storing section; means of obtaining tool assignment information (the user interface section 111) to obtain, as tool assignment information to designate which data processing tool (program analysis/verification tool, post-processing tool) is used for processing the result data that the result data obtaining means obtained, the characteristic descriptive information associated with the result data from the result data storage section; tool extraction means (record/search tool section 313) for searching the pieces of tool-related information based on the tool designation information that the tool designation information obtaining means obtained, and extracting the one or further data processing tools associated with a corresponding piece of tool-related information from the plurality of data processing tools stored in the tool storage section; tool obtaining means (tool obtaining section 115) for obtaining, from the tool storage section, one or more data processing tools that the tool extracting means extracted; and tool execution means (virtual machine execution environment section 120) for processing, using one or more data processing tools that the tool obtaining means obtained, the result data that the obtaining means result data obtained. (6. SUMMARY)
[00164] A program analysis/verification service provision system according to the present invention, which is for the analysis/verification of a target program using one or more program analysis/verification tools, includes: means of obtaining the target program to obtain the target program; a tool storage section in which a plurality of program analysis/verification tools are stored; tool extraction means for extracting, from the plurality of program analysis/verification tools stored in the tool storage section, to one or more program analysis/verification tools for use in analysis/verification of the target program that the means of obtaining target program obtained; tool retrieval means for retrieving, from the tool storage section, the one or more program analysis/verification tools that the tool extracting means has extracted; and tool execution means for analyzing/verifying, with use of each of the one or more program analysis/verification tools that the tool obtaining means obtained, the target program that the target program obtaining means obtained.
[00165] In addition, a method of controlling a program analysis/verification service provision system of the present invention, this method is for analyzing/verifying a target program using one or more analysis/verification tools. program, the program analysis/verification service provision system including a tool storage section in which a plurality of program analysis/verification tools are stored, the method includes the steps of: step of obtaining target program to obtain the target program, tool extraction step to extract, from the plurality of program analysis/verification tools stored in the tool storage section, to one or more program analysis/verification tools for use in analysis/verification the target program that the target program obtain step obtained; tool get step to get the one or more program analysis/verification tools that have been extracted from the tool storage section in the tool extraction step; and analysis/verification tool execution step, using the one or more program analysis/verification tools that were obtained in the tool obtain step, the target program that was obtained in the target program obtain step.
[00166] According to the configuration, the target program is obtained, and the one or more analysis/program verification tools for use in the analysis/verification of the target program are extracted and obtained from a plurality of analysis tools/ program verification stored in the tool storage section. Then, the target program is analyzed/verified using the one or more program analysis/verification tools thus obtained.
[00167] As described above, the target program can be obtained, and the one or more program analysis/verification tools for use in the analysis/verification can be selected according to the target program from the plurality of analysis/verification tools. program checks that have been prepared in advance. Therefore, it is possible to provide a plurality of users who want to analyze/verify the target programs with a service in which analysis/verification is performed using program analysis/verification tools selected according to the target programs from the plurality of tools analysis/verification tests that have been prepared in advance. Furthermore, for a plurality of tool providers who wish to provide program analysis/verification tools, it is possible to provide a service in which target program analysis/verification requests are received from a plurality of users and the target programs are analyzed / verified. That is, depending on the configuration, it is possible to be able to share a system for use in the program analysis/verification tools.
[00168] With this, the present invention has the following effects. (1) Due to the fact that a plurality of users can share a tool execution system, individual users do not need to prepare a computational resource. Therefore, it is possible to flexibly use an excess computational resource, which reduces an analysis/verification cost and increases the type of analysis/verification and the size of the same that can be performed. (2) It is possible collectively to introduce, maintain and manage program analysis/verification tools, so that individual users do not need to introduce, maintain and manage program analysis/verification tools. (3) Users can easily select an appropriate one from a variety of program analysis/verification tools as it is possible to provide a uniform user interface. (4) Individual tool providers of program analysis/verification tools do not need to prepare a computational resource as well as users. Therefore, it is possible to flexibly use an excess computational resource, which reduces the cost of an analysis/verification and increases the type of analysis/verification and the size of the same that can be performed. It is also possible to test the program analysis/verification tools on various target programs. In particular, it is possible to test program analysis/verification tools on target programs that were difficult to test because of limited computational resources.
[00169] Therefore, the present invention has an effect of easily performing analysis/verification of a program by selecting an appropriate one from a plurality of program analysis/verification tools. Furthermore, the present invention can solve several practical problems of conventional program analysis/verification techniques by performing program analysis/verification on a shared system.
[00170] In addition, the program analysis/verification service provision system of the present invention further includes: tool assignment information obtaining means to obtain tool assignment information to designate which program analysis/verification tool is used for the analysis/verification of the target program that the target program obtaining means has obtained, wherein: the tool storage section stores the plurality of program analysis/verification tools in a state where the plurality of program tools program analysis/verification are associated with the respective pieces of tool-related information in the plurality of program analysis/verification tools; and the tool extraction means searches for a portion of the tool-related information based on the tool assignment information that the tool assignment information means obtained, and extracts to one or more program analysis/verification tools. associated with the part of the information related to the tool thus found.
[00171] According to the configuration, further, the tool storage section stores the plurality of program analysis/verification tools in a state in which the plurality of program analysis/verification tools is associated with the respective parts of tool-related information in the plurality of program analysis/verification tools. In addition, tool designation information to designate which program analysis/verification tool is used for the analysis/verification of the target program is obtained, and a part of the tool-related information is looked up on the basis of the tool designation information. , and then the one or more program analysis/verification tools associated with the tool-related piece of information thus found are extracted.
[00172] Therefore, it is possible to select a program analysis/verification tool according to a target program by associating program analysis/verification tools with the respective pieces of information related to the tool in advance and configure the target program together with the tool assignment information. In the tool-related information, it is possible to configure, for example, the type of programming language and the type of program (distinction between a user program and a system program) with which one or more analysis/verification tools program can handle, an execution environment in which one or more program analysis/verification tools operate (operating system type and version, library type and version, a required computational resource (clock and CPU type) , memory and disk sizes), etc.). Meanwhile, tool assignment information is the information to designate which program analysis/verification tool is used for analysis/verification, and can be selected from contents that have been defined as tool related information.
[00173] This makes it possible to provide a uniform user interface, so that users can easily select one or more appropriate program analysis/verification tools from the plurality of program analysis/verification tools.
[00174] Furthermore, in the program analysis/verification service provision system of the present invention, the tool storage section stores, like the plurality of program analysis/verification tools, virtual machines in each of which one corresponding of the plurality of program analysis/verification tools has been installed and configured, and the tool execution means analyses/verifies, in the virtual machine obtained by the tool obtaining means, the target program that the target program obtaining means obtained .
[00175] According to the configuration, further, as the plurality of program analysis/verification tools, virtual machines in each of which a corresponding one of the plurality of program analysis/verification tools has been installed and configured are prepared, and the target program can be analyzed/verified in this virtual machine.
[00176] Therefore, the present invention has the following effects. First, by performing analysis/verification using a virtual machine, it is quite easy to use a system between a plurality of users and a plurality of program analysis/verification tool providers. Second, by installing and configuring program analysis/verification tools on virtual machines, program analysis/verification tool providers can install and configure program analysis/verification tools in a runtime environment that is substantially similar to a runtime environment where program analysis/verification tool providers typically develop and test program analysis/verification tools. Therefore, in order to make program analysis/verification tools adapt to a special execution environment, program analysis/verification tools providers do not need to carry out additional work, such as program analysis/verification tools collection and preparation from another system to make program analysis/verification tools transmit/receive data to/from outside. Note that analysis/verification of a target program in a virtual machine can be performed while the target program is running in the virtual machine or not running in the virtual machine.
[00177] In addition, the program analysis/verification service provision system of the present invention further includes: virtual machine generation means for generating the virtual machines in each of which a corresponding one of the plurality of analysis/verification tools. The program has been installed and configured, in which the tool storage section stores, like the plurality of program analysis/verification tools, the virtual machines that the virtual machine generation means generated.
[00178] According to the configuration, still, in a case of receiving another analysis/program verification tool, it is possible to generate a virtual machine in which the other analysis/program verification tool was installed and configured and do the tool storage section storing the virtual machine.
[00179] Therefore, generating a virtual machine where a program analysis/verification tool has been installed and configured is performed in the program analysis/verification service provision system, so that the tool providers do not need to generate the virtual machine. Furthermore, a plurality of virtual machines in which respective different program analysis/verification tools have been installed and configured can be uniformly made in consideration of a particular virtual machine execution environment. Therefore, it is possible to handle the plurality of virtual machines in a similar way.
[00180] Furthermore, a program analysis/verification device according to the present invention, which configures the program analysis/verification service provision system, may include the means of obtaining target program, the means of obtaining of tool, and the means of tool execution.
[00181] Furthermore, a program analysis/verification tool management device according to the present invention, which configures the program analysis/verification service provision system, may include: the program analysis/verification tool management device. program analysis/verification comprises the tool storage section and the tool extraction means.
[00182] Note that the program analysis/verification service provision system, the program analysis/verification device, and the program analysis/verification tool management device, can be performed by a computer. In this case, the present invention encompasses: a control program that realizes the program analysis/verification service provision system, the program analysis/verification device, and the program analysis/verification tool management device with use of a computer by making the computer operate as each of the above means; and a computer-readable storage medium storing the driver program therein. (7. Supplemental Explanation)
[00183] Finally, program analysis/verification service provision system blocks 1, the analysis/verification section 100, the target program management section 200, and the tool management section 300, particularly the section of the analysis/verification control 110, the target program management control section 210, and the tool management control section 310 can be configured by means of hardware logic or, alternatively, can be performed by software in use. of a CPU (Central Processing Unit) as follows.
[00184] In the latter case, (each configuration device) the program analysis/verification service provision system 1 includes storage devices (storage medium) such as a CPU (central processing unit) for executing a command of a program, ROM (read-only memory) in which the program is stored, RAM (random access memory) for program development, and a memory in which the program and various data are stored. Furthermore, the object of the present invention can also be realized in such a way that: a recording means is provided for (each configuration device) the program analysis/verification service provision system 1, this recording means has codes of stored program (run-mode program, intermediate code program, and a source program) of the (each configuration device) program analysis/verification service provision system 1, which serves as the software to perform the functions mentioned above, so that the program codes can be read by a computer program; and program codes stored on the recording medium are read and performed by the computer (or CPU or MPU).
[00185] Examples of the recording medium include: tapes such as a magnetic tape, and a cassette tape; disks such as magnetic disks (for example, a floppy disk (trademark) and a hard disk) and optical disks (for example, a CD-ROM, an MO, an MD, a DVD, and a CD-R); cards such as an IC card (including a memory card) and an optical card; and semiconductor memories (eg, a mask ROM, an EPROM, an EEPROM (trademark) and a flash ROM).
[00186] Furthermore, (each device for configuration) the program analysis/verification service provision system 1 can be configured to be connected to a communication network, and the program code can be provided by the communication network. The communication network is not particularly limited, and examples of the communication network include the Internet, an intranet, extranet, a LAN, an ISDN, a VAN, a CATV communication network, a virtual private network, a telephone network, a network mobile communication, and a satellite communication network. Furthermore, a transmission medium constituting the communication network is not particularly limited, and examples of the transmission medium include: wired transmission medium such as IEEE1394, a USB, a power line carrier, a TV line and cable, telephone line and an ADSL; and wireless transmission media such as infrared rays (eg IrDA and a remote controller), Bluetooth (trademark), wireless 802.11, an HDR, a cellular telephone network, and a satellite line and a digital terrestrial network. Note that the present invention can also be realized by a computer data signal that has the specified program codes with electronic transmission and is embedded in a carrier wave.
[00187] The present invention is not limited to the description of the above embodiments, but may be modified in various ways, by a qualified person, as long as such modification is within the scope of the claims. An embodiment derived from a suitable combination of technical means described in different embodiments is also encompassed within the technical scope of the present invention. INDUSTRIAL APPLICABILITY
[00188] The present invention can be used for a device (system) for the analysis/verification of a target program using a program analysis/verification tool. SIGNALS REFERENCE LIST 1: Program analysis/verification service provision system (data processing service provision system) 100: Analysis/verification section (program analysis/verification device) 111: Interface section 114: Target Program Fetch Section (Target Program Fetch Means) 115: Tool Fetch Section (Tool Fetch Means) 120: Run Environment Section of virtual machine (tool execution means) 300: Tool management section (program analysis/verification tool management device) 312: Virtual machine generation section (virtual machine generation means) 313: Section of tool registration/search (tool extraction medium) 320: Tool storage section P: Target program T: Virtual machine

权利要求:
Claims (14)
[0001]
1. Data analysis/verification service provision system for target data analysis/verification using one or more data analysis/verification tools, the data analysis/verification service provision system characterized by the fact of comprising: target data acquisition means for obtaining the target data; a tool storage section in which a plurality of data analysis/verification tools are stored; tool extraction means to extract, from the plurality of data analysis/verification tools stored in the tool storage section, to one or more data analysis/verification tools for use in analyzing/verifying the target data that the means of obtaining target data obtained; tool retrieval means to obtain, from the tool storage section, the one or more data analysis/verification tools that the tool extraction means has extracted; means of executing a tool to analyze/verify, with the use of each of the one or more data analysis/verification tools that the means of obtaining the tool obtained, the target data that the means of obtaining the target data obtained, the tool executing means simultaneously verifying a plurality of target data received from respective users, wherein, a plurality of tool providers providing the data analysis/verification service provision system with the plurality of analysis/verification tools data verification has respective pieces of tool provider identification information for identifying the plurality of tool providers, and the one or more data analysis/verification tools for use in analysis/verification of the target data have been registered by the plurality of providers of tools.
[0002]
2. Data analysis/verification service provision system, according to claim 1, characterized in that each of the plurality of users has: (i) user identification information to identify each of the plurality of users and (ii) user permission information that defines access permission for each of the plurality of users, and the target data obtaining means obtains the target data, the user identification information, and the user permission information of each of the plurality of users.
[0003]
3. Data analysis/verification service provision system, according to claim 1 or 2, characterized in that it further comprises: means of obtaining tool designation information to obtain tool designation information to designate which data analysis/verification tool is used for the analysis/verification of the target data that the target data acquisition means has obtained, wherein: the tool storage section stores the plurality of data analysis/verification tools in one state wherein the plurality of data analysis/verification tools is associated with respective pieces of tool-related information in the plurality of data analysis/verification tools; and the tool extraction means searches for a portion of the tool related information based on the tool designation information that the tool designation information obtainment means has obtained, and extracts the one or more data analysis/verification tools associated with the part of the information related to the tool thus found.
[0004]
4. Data analysis/verification service provision system according to claim 3, characterized in that the tool storage section stores the plurality of data analysis/verification tools in a state where the plurality of data analysis/verification tools is associated with (i) the respective pieces of tool-related information in the plurality of data analysis/verification tools and (ii) the respective pieces of tool provider identification information of the plurality of tool providers.
[0005]
5. Data analysis/verification service provision system, according to any one of claims 1 to 4, characterized in that: the tool storage section stores, as the plurality of data analysis/verification tools , virtual machines on each of which a corresponding one of the plurality of data analysis/verification tools has been installed and configured; and the tool executing means analyses/verifies, in the virtual machine obtained by the tool obtaining means, the target data that the program obtaining means has obtained.
[0006]
6. Data analysis/verification service provision system, according to claim 5, characterized in that it further comprises: means of generating a virtual machine to generate the virtual machines in each of which a corresponding one of the plurality of data analysis/verification tools has been installed and configured, in which the tool storage section stores, like the plurality of data analysis/verification tools, the virtual machines that the virtual machine generation means generated.
[0007]
7. Data analysis/verification service provision system according to claim 3, characterized in that the data analysis/verification service provision system is to subsequently carry out a first process in which data pre- Pre-processed are pre-processed to obtain the target data and a second process in which the target data thus obtained through the first process is analyzed/verified using one or more data analysis/verification tools, the provisioning system. of data analysis/verification service further comprising a post-preprocessed data storage section for storing the target data, which has been obtained by preprocessing the pre-processed data, so that the target data is associated with feature descriptive information in the target data, wherein: the target data acquisition means obtains the target data from the post-preprocessed data storage section; and the tool designation information obtaining means obtains, as the tool designation information, from the post-preprocessed data storage section, the characteristic descriptive information associated with the target data that the obtaining means of target data obtained.
[0008]
8. Data analysis/verification service provision system according to claim 3, characterized in that the data analysis/verification service provision system is to subsequently carry out a first process in which the target data are analyzed/verified using one or more data analysis/verification tools and a second process in which result data obtained through the first process is post-processed, the data analysis/verification service provision system comprising also a result data storage section to store the result data, in which the tool execution means obtained through the analysis/verification of the target data using one or more data analysis/verification tools, in a state in which the result data is associated with descriptive information of features in the result data, where: the tool storage section stores at least a post-processing tool for post-processing the result data in a state in which the at least one post-processing tool is associated with a tool-related piece of information in the at least one post-processing tool; the tool designation information obtaining means obtains, as the tool designation information, from the result data storage section, the characteristic descriptive information associated with the result data; and the tool extraction means searches for the portion of tool related information based on the tool designation information that the tool designation information obtaining means has obtained, and extracts, from a plurality of post tools. processing stored in the tool storage section, the at least one post-processing tool associated with the tool-related piece of information thus found.
[0009]
9. Data analysis/verification service provision system, according to any one of claims 1 to 8, characterized in that it comprises: a data analysis/verification device; and a data analysis/verification tool management device, wherein the data analysis/verification device comprises the target data acquisition means, the tool acquisition means and the tool execution means.
[0010]
10. Data analysis/verification service provision system, according to claim 9, characterized in that the data analysis/verification tool management device comprises the tool storage section and the extraction means of tool.
[0011]
11. Method of controlling a data analysis/verification service provision system for target data analysis/verification using one or more data analysis/verification tools, the data analysis/verification service provision system comprising a tool storage section in which a plurality of data analysis/verification tools are stored, the method characterized in that it comprises the steps of: step of obtaining target data to obtain the target data, step of extracting tool to extract, from the plurality of data analysis/verification tools stored in the tool storage section, to one or more data analysis/verification tools for use in analyzing/verifying the target data that the step of obtaining data target data obtained; tool retrieval step to obtain the one or more data analysis/verification tools that have been extracted from the tool storage section in the tool extraction step; tool execution step for analysis/verification, using one or more of the data analysis/verification tools that were obtained in the tool acquisition step, the target data that were obtained in the target data acquisition step, the tool execution step by simultaneously verifying a plurality of data received from respective users, wherein, a plurality of tool providers providing the data analysis/verification service provision system with the plurality of analysis/verification tools data has respective pieces of tool provider identification information for identifying the plurality of tool providers, and the one or more data analysis/verification tools for use in analysis/verification of the target data have been registered by the plurality of data providers. tools.
[0012]
12. Method according to claim 11, characterized in that each of the plurality of users has: (i) user identification information for identifying each of the plurality of users and (ii) user permission information which sets access permission of each of the plurality of users, and the step of obtaining target data obtains the target data, the user identification information, and the user permission information of each of the plurality of users.
[0013]
13. Method according to claim 11 or 12, characterized in that the tool storage section stores the plurality of data analysis/verification tools in a state in which the plurality of data analysis/verification tools is associated with the respective tool provider identification information pieces of the plurality of tool providers.
[0014]
14. A computer-readable storage medium, characterized in that it comprises instructions, wherein the instructions, when executed by a computer, cause the computer to perform the method as defined in any one of claims 11 to 13.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112014011612B1|2021-08-31|DATA ANALYSIS / VERIFICATION SERVICE PROVISION SYSTEM, METHOD OF CONTROLLING IT, AND COMPUTER-READABLE STORAGE MEANS

---

US9942167B2|2018-04-10|Mesh platform utility computing portal

---

JP5726214B2|2015-05-27|Virtual software application deployment configuration

---

US10983774B2|2021-04-20|Extensions for deployment patterns

---

US10416970B2|2019-09-17|Analysis device, analysis method, and analysis program

---

US8352936B2|2013-01-08|Creating virtual appliances

---

US20200358671A1|2020-11-12|Integration and customization of third-party services with remote computing infrastructure

---

WO2017020459A1|2017-02-09|Method and apparatus for configuring plugin package for host

---

Capriolo2011|Cassandra high performance cookbook

---

US9411974B2|2016-08-09|Managing document revisions

---

WO2021077735A1|2021-04-29|Risc-v extension instruction-based source code coverage rate test method and system

---

CN107391528B|2021-04-20|Front-end component dependent information searching method and equipment

---

CN110427287A|2019-11-08|Main board function test all-purpose system and method

---

Sun et al.2009|V-mcs: A configuration system for virtual machines

---

Zenk et al.2020|A comparative study of Docker and Vagrant regarding performance on machine level provisioning

---

US20210303639A1|2021-09-30|Advanced search and document retrieval for development and verification system prototypes

---

US11231457B1|2022-01-25|Continuous integration for integrated circuit design

---

US20190324889A1|2019-10-24|Generating formatted memory content in a debugger

---

CN110765483A|2020-02-07|Configured log desensitization method and device and electronic equipment

---

CN113468032A|2021-10-01|Performance test method and device for application program

---

Wijesekara2018|Enhanced service oriented software framework for embedded android

---

CN113342632A|2021-09-03|Simulation data automatic processing method and device, electronic equipment and storage medium

---

CN112464242A|2021-03-09|Webpage platform vulnerability collection method, system, terminal and storage medium

---

Wylie2012|PRACE Spring 2012-Introduction & Overview of Performance Tools

同族专利:

---

公开号 | 公开日

---

TWI524206B|2016-03-01|

---

RU2586016C2|2016-06-10|

---

BR112014011612A2|2017-05-30|

---

EP2782039A4|2015-08-26|

---

JPWO2013073504A1|2015-04-02|

---

WO2013073504A1|2013-05-23|

---

US9400887B2|2016-07-26|

---

SG11201402290VA|2014-07-30|

---

TW201331779A|2013-08-01|

---

CN103930898B|2016-10-12|

---

US20140304815A1|2014-10-09|

---

JP5540160B2|2014-07-02|

---

CN103930898A|2014-07-16|

---

EP2782039A1|2014-09-24|

---

RU2014123633A|2015-12-20|

---

EP2782039B1|2021-10-13|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

JPH09288592A|1996-04-23|1997-11-04|Nec Corp|Maintenance diagnostic program managing system for information processing system|

---

JP2002108778A|2000-09-27|2002-04-12|Japan Business Computer Co Ltd|Virus checking server and virus checking method|

---

CN1147795C|2001-04-29|2004-04-28|北京瑞星科技股份有限公司|Method, system and medium for detecting and clearing known and anknown computer virus|

---

US6944775B2|2001-07-26|2005-09-13|Networks Associates Technology, Inc.|Scanner API for executing multiple scanning engines|

---

US7424706B2|2003-07-16|2008-09-09|Microsoft Corporation|Automatic detection and patching of vulnerable files|

---

US20060161982A1|2005-01-18|2006-07-20|Chari Suresh N|Intrusion detection system|

---

US7734607B2|2005-02-01|2010-06-08|University Of Massachusetts|Universal visualization platform|

---

JP4770306B2|2005-07-12|2011-09-14|日本電気株式会社|Terminal security check service providing method and system|

---

US7996901B2|2006-03-31|2011-08-09|Lenovo Pte. Ltd.|Hypervisor area for email virus testing|

---

US20070261124A1|2006-05-03|2007-11-08|International Business Machines Corporation|Method and system for run-time dynamic and interactive identification of software authorization requirements and privileged code locations, and for validation of other software program analysis results|

---

US7778987B2|2006-10-06|2010-08-17|Microsoft Corporation|Locally storing web-based database data|

---

JP4607918B2|2007-03-27|2011-01-05|株式会社東芝|Program verification specification generation apparatus, method and program|

---

CN101661425B|2008-08-26|2012-03-21|国际商业机器公司|Test coverage analytical method and device|

---

JP5440973B2|2009-02-23|2014-03-12|独立行政法人情報通信研究機構|Computer inspection system and computer inspection method|

---

JP5119185B2|2009-03-10|2013-01-16|Ｋｄｄｉ株式会社|Communication terminal, data inspection server, and data inspection system|CA2923231C|2013-09-12|2020-06-02|Virsec Systems, Inc.|Automated runtime detection of malware|

---

US10275333B2|2014-06-16|2019-04-30|Toyota Jidosha Kabushiki Kaisha|Risk analysis of codebase using static analysis and performance data|

---

CA2953793C|2014-06-24|2021-10-19|Virsec Systems, Inc.|System and methods for automated detection of input and output validation and resource management vulnerability|

---

US10048974B1|2014-09-30|2018-08-14|Amazon Technologies, Inc.|Message-based computation request scheduling|

---

US9146764B1|2014-09-30|2015-09-29|Amazon Technologies, Inc.|Processing event messages for user requests to execute program code|

---

EP3203333B1|2014-09-30|2019-12-04|Makino Milling Machine Co., Ltd.|Control device for machine tool and machine tool|

---

US9600312B2|2014-09-30|2017-03-21|Amazon Technologies, Inc.|Threading as a service|

---

US9323556B2|2014-09-30|2016-04-26|Amazon Technologies, Inc.|Programmatic event detection and message generation for requests to execute program code|

---

US9715402B2|2014-09-30|2017-07-25|Amazon Technologies, Inc.|Dynamic code deployment and versioning|

---

US9678773B1|2014-09-30|2017-06-13|Amazon Technologies, Inc.|Low latency computational capacity provisioning|

---

US9830193B1|2014-09-30|2017-11-28|Amazon Technologies, Inc.|Automatic management of low latency computational capacity|

---

EP3222024A1|2014-11-21|2017-09-27|Bluvector, Inc.|System and method for network data characterization|

---

US9413626B2|2014-12-05|2016-08-09|Amazon Technologies, Inc.|Automatic management of resource sizing|

---

JPWO2016117317A1|2015-01-22|2017-11-02|日本電気株式会社|Software judgment device, software judgment method, software judgment program, software analysis device, and malware diagnosis device|

---

US9588790B1|2015-02-04|2017-03-07|Amazon Technologies, Inc.|Stateful virtual compute system|

---

US9733967B2|2015-02-04|2017-08-15|Amazon Technologies, Inc.|Security protocols for low latency execution of program code|

---

US9785476B2|2015-04-08|2017-10-10|Amazon Technologies, Inc.|Endpoint management system and virtual compute system|

---

US9930103B2|2015-04-08|2018-03-27|Amazon Technologies, Inc.|Endpoint management system providing an application programming interface proxy service|

---

DE102015211308A1|2015-06-19|2016-12-22|Robert Bosch Gmbh|Tool system for an assembly plant with user-specific report and a method for a tool system of a monthly plant|

---

US10042660B2|2015-09-30|2018-08-07|Amazon Technologies, Inc.|Management of periodic requests for compute capacity|

---

WO2017094519A1|2015-11-30|2017-06-08|日本電気株式会社|Software analysis device, software analysis method, and recording medium|

---

US10754701B1|2015-12-16|2020-08-25|Amazon Technologies, Inc.|Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions|

---

US10013267B1|2015-12-16|2018-07-03|Amazon Technologies, Inc.|Pre-triggers for code execution environments|

---

US9811434B1|2015-12-16|2017-11-07|Amazon Technologies, Inc.|Predictive management of on-demand code execution|

---

US10067801B1|2015-12-21|2018-09-04|Amazon Technologies, Inc.|Acquisition and maintenance of compute capacity|

---

US10002026B1|2015-12-21|2018-06-19|Amazon Technologies, Inc.|Acquisition and maintenance of dedicated, reserved, and variable compute capacity|

---

US9910713B2|2015-12-21|2018-03-06|Amazon Technologies, Inc.|Code execution request routing|

---

US10528734B2|2016-03-25|2020-01-07|The Mitre Corporation|System and method for vetting mobile phone software applications|

---

US11132213B1|2016-03-30|2021-09-28|Amazon Technologies, Inc.|Dependency-based process of pre-existing data sets at an on demand code execution environment|

---

US10162672B2|2016-03-30|2018-12-25|Amazon Technologies, Inc.|Generating data streams from pre-existing data sets|

---

US10891145B2|2016-03-30|2021-01-12|Amazon Technologies, Inc.|Processing pre-existing data sets at an on demand code execution environment|

---

US10282229B2|2016-06-28|2019-05-07|Amazon Technologies, Inc.|Asynchronous task management in an on-demand network code execution environment|

---

US10102040B2|2016-06-29|2018-10-16|Amazon Technologies, Inc|Adjusting variable limit on concurrent code executions|

---

US10203990B2|2016-06-30|2019-02-12|Amazon Technologies, Inc.|On-demand network code execution with cross-account aliases|

---

US10277708B2|2016-06-30|2019-04-30|Amazon Technologies, Inc.|On-demand network code execution with cross-account aliases|

---

US10061613B1|2016-09-23|2018-08-28|Amazon Technologies, Inc.|Idempotent task execution in on-demand network code execution systems|

---

US10884787B1|2016-09-23|2021-01-05|Amazon Technologies, Inc.|Execution guarantees in an on-demand network code execution system|

---

US11119813B1|2016-09-30|2021-09-14|Amazon Technologies, Inc.|Mapreduce implementation using an on-demand network code execution system|

---

WO2018066040A1|2016-10-03|2018-04-12|株式会社日立製作所|Management computer and test environment determination method|

---

CA2977847A1|2017-01-27|2018-07-27|Hootsuite Media Inc.|Automated extraction tools and their use in social content tagging systems|

---

CN108932429A|2017-05-27|2018-12-04|腾讯科技（深圳）有限公司|Analysis method, terminal and the storage medium of application program|

---

US10564946B1|2017-12-13|2020-02-18|Amazon Technologies, Inc.|Dependency handling in an on-demand network code execution system|

---

US10303492B1|2017-12-13|2019-05-28|Amazon Technologies, Inc.|Managing custom runtimes in an on-demand code execution system|

---

US10831898B1|2018-02-05|2020-11-10|Amazon Technologies, Inc.|Detecting privilege escalations in code including cross-service calls|

---

US10572375B1|2018-02-05|2020-02-25|Amazon Technologies, Inc.|Detecting parameter validity in code including cross-service calls|

---

US10733085B1|2018-02-05|2020-08-04|Amazon Technologies, Inc.|Detecting impedance mismatches due to cross-service calls|

---

US10353678B1|2018-02-05|2019-07-16|Amazon Technologies, Inc.|Detecting code characteristic alterations due to cross-service calls|

---

US10725752B1|2018-02-13|2020-07-28|Amazon Technologies, Inc.|Dependency handling in an on-demand network code execution system|

---

US10776091B1|2018-02-26|2020-09-15|Amazon Technologies, Inc.|Logging endpoint in an on-demand code execution system|

---

US10649749B1|2018-06-26|2020-05-12|Amazon Technologies, Inc.|Cross-environment application of tracing information for improved code execution|

---

US11146569B1|2018-06-28|2021-10-12|Amazon Technologies, Inc.|Escalation-resistant secure network services using request-scoped authentication information|

---

US10949237B2|2018-06-29|2021-03-16|Amazon Technologies, Inc.|Operating system customization in an on-demand network code execution system|

---

US11099870B1|2018-07-25|2021-08-24|Amazon Technologies, Inc.|Reducing execution times in an on-demand network code execution system using saved machine states|

---

US11243953B2|2018-09-27|2022-02-08|Amazon Technologies, Inc.|Mapreduce implementation in an on-demand network code execution system and stream data processing system|

---

US11099917B2|2018-09-27|2021-08-24|Amazon Technologies, Inc.|Efficient state maintenance for execution environments in an on-demand code execution system|

---

US10884812B2|2018-12-13|2021-01-05|Amazon Technologies, Inc.|Performance-based hardware emulation in an on-demand network code execution system|

---

US11010188B1|2019-02-05|2021-05-18|Amazon Technologies, Inc.|Simulated data object storage using on-demand computation of data objects|

---

US11138098B2|2019-03-27|2021-10-05|At&T Intellectual Property I, L.P.|Disk image selection in virtualized network environments|

---

US11119809B1|2019-06-20|2021-09-14|Amazon Technologies, Inc.|Virtualization-based transaction handling in an on-demand network code execution system|

---

US11115404B2|2019-06-28|2021-09-07|Amazon Technologies, Inc.|Facilitating service connections in serverless code executions|

---

US11190609B2|2019-06-28|2021-11-30|Amazon Technologies, Inc.|Connection pooling for scalable network services|

---

US11159528B2|2019-06-28|2021-10-26|Amazon Technologies, Inc.|Authentication to network-services using hosted authentication information|

---

US11263220B2|2019-09-27|2022-03-01|Amazon Technologies, Inc.|On-demand execution of object transformation code in output path of object storage service|

---

US11250007B1|2019-09-27|2022-02-15|Amazon Technologies, Inc.|On-demand execution of object combination code in output path of object storage service|

---

US10908927B1|2019-09-27|2021-02-02|Amazon Technologies, Inc.|On-demand execution of object filter code in output path of object storage service|

---

US10996961B2|2019-09-27|2021-05-04|Amazon Technologies, Inc.|On-demand indexing of data in input path of object storage service|

---

US11055112B2|2019-09-27|2021-07-06|Amazon Technologies, Inc.|Inserting executions of owner-specified code into input/output path of object storage service|

---

US11023311B2|2019-09-27|2021-06-01|Amazon Technologies, Inc.|On-demand code execution in input path of data uploaded to storage service in multiple data portions|

---

US11023416B2|2019-09-27|2021-06-01|Amazon Technologies, Inc.|Data access control system for object storage service based on owner-defined code|

---

US11106477B2|2019-09-27|2021-08-31|Amazon Technologies, Inc.|Execution of owner-specified code during input/output path to object storage service|

---

US10942795B1|2019-11-27|2021-03-09|Amazon Technologies, Inc.|Serverless call distribution to utilize reserved capacity without inhibiting scaling|

---

US11119826B2|2019-11-27|2021-09-14|Amazon Technologies, Inc.|Serverless call distribution to implement spillover while avoiding cold starts|

---

US11188391B1|2020-03-11|2021-11-30|Amazon Technologies, Inc.|Allocating resources to on-demand code executions under scarcity conditions|

法律状态:
2019-11-26| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2021-04-13| B07A| Application suspended after technical examination (opinion) [chapter 7.1 patent gazette]|

---

2021-07-27| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-08-31| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 12/11/2012, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

JP2011249978|2011-11-15|

---

JP2011-249978|2011-11-15|

---

PCT/JP2012/079304|WO2013073504A1|2011-11-15|2012-11-12|Program analysis/verification service provision system, control method for same, control program, control program for directing computer to function, program analysis/verification device, program analysis/verification tool management device|

---