Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Integrated System and Method for Pattern-Based Dynamic Vulnerability Mining

A technology that integrates systems and vulnerabilities, applied in the fields of software engineering and information security, can solve the problems of blind black box testing, difficult static analysis, low efficiency, etc., and achieve the effect of improving test coverage and easy expansion

Inactive Publication Date: 2018-02-09
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most of the software does not provide the source code, so it is difficult to carry out effective static analysis, especially in the case of using imported software and other commercial software, and cannot fully control all aspects of software development, it is necessary to conduct in-depth analysis and analysis of the security of software implementation. Strict evaluation is an important means to ensure the security of information systems, gray box testing is particularly important
[0006] In the process of dynamic vulnerability mining for binary programs, the most commonly used methods are white-box testing and black-box testing. The defects detected by white-box testing may not be triggered during operation, while black-box testing has great blindness.
At the same time, a single method is often used in the testing process, which is inefficient and poorly targeted, and different vulnerabilities have different patterns, so it cannot be generalized for all types of vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Integrated System and Method for Pattern-Based Dynamic Vulnerability Mining
  • An Integrated System and Method for Pattern-Based Dynamic Vulnerability Mining
  • An Integrated System and Method for Pattern-Based Dynamic Vulnerability Mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0035] Such as figure 1 As shown, the present invention adopts the task pipeline mechanism to clarify the cross-validation relationship and mutual data support capabilities between different vulnerability mining technologies and tools, and organize the core process of vulnerability mining according to the pipeline mode according to the specific vulnerability mode. Finally, three technologies of dynamic taint analysis, symbolic execution and fuzz testing are integrated, and an integrated system of dynamic vulnerability mining for binary programs is realized.

[0036] Functional structure of the present invention such as figure 2 As shown in , it presents the specific interaction and information transfer process among the system-integrated dynamic taint analysis technology, symbolic execution technology and fuzzing technology. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a pattern-based dynamic loophole mining integration system and method, which includes a dynamic stain analysis module, a test case selection module, a constraint solving module and a management module. First, the seed use case is transmitted to the application program, and the dynamic taint analysis module will track the propagation of taint data in the program, and symbolize the propagation trace, that is, combine dynamic taint analysis technology and symbolic execution technology to obtain symbolic The taint propagation path is then used as the input of the constraint solving module, and the constraint solving obtains new test cases, and retransmits the test cases to the application program to continue the follow-up operation. The whole process is carried out under the unified scheduling management of the management module . The invention improves the automation degree and efficiency of dynamic vulnerability data digging for binary programs, and the generated test data has high accuracy and efficiency, making the process of fuzzy testing more targeted.

Description

technical field [0001] The invention relates to a dynamic vulnerability data mining integration system and method for binary programs, belonging to the fields of software engineering and information security. Background technique [0002] With the rapid development of information technology and the continuous progress of society, information is becoming more and more important to the development of modern society, and the resulting information security issues have also attracted more attention. As an important part of information security, network security is related to national security and social stability, and its importance has become increasingly prominent with the acceleration of global informatization. [0003] For a long time, software security vulnerabilities have been the main root cause of various network security. According to the investigation and analysis of the National Computer Virus Emergency Response Center, "unpatched network (system) security holes" are ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 马恒太王雪飞吴晓慧景丽莎颜学雄
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products