Software security detection method based on combination of vulnerability model and symbolic execution
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A symbolic execution and software security technology, which is applied in the field of computer software security testing, can solve problems such as insufficient vulnerability mining, achieve efficient software security vulnerability detection, high efficiency, and improve software security.
Inactive Publication Date: 2016-07-06
THE PLA INFORMATION ENG UNIV
View PDF3 Cites 16 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0003] Symbolic execution technology can effectively guide the input data into a certain area of the program to be tested, and then still use the fuzzer to generate multiple samples in a local area for security testing. Although the efficiency of entering a specific area has been greatly improved, it is vulnerable to There are still deficiencies in sexual excavation
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0022] Embodiment one, see figure 1 As shown, a software security detection method based on the combination of vulnerability model and symbolic execution includes the following steps:
[0023] Step 1. Load the input data into the program under test, and the input data drives the execution of the program under test to detect abnormalities;
[0024] Step 2. Determine whether the program path coverage requirement is met, and if so, end the test, otherwise, enter step 3;
[0025] Step 3. Symbolize the input data, determine the input point and the size of the input data, mark the symbolic variables in the symbolic execution, and define these symbolic variables as a set of original symbolic variables, the symbolic variables include the original symbolic variables and intermediate symbolic variables, intermediate symbols The variable is the symbolic variable represented by the original symbolic variable expression. When the program starts symbolic execution and actual execution, the...
Embodiment 2
[0028] Embodiment two, see Figure 1~3 As shown, a software security detection method based on the combination of vulnerability model and symbolic execution includes the following steps:
[0029] Step 1. Load the input data into the program under test, and the input data drives the execution of the program under test to detect abnormalities;
[0030] Step 2. Determine whether the program path coverage requirement is met, and if so, end the test, otherwise, enter step 3;
[0031] Step 3. Symbolize the input data, determine the input point and the size of the input data, mark the symbolic variables in the symbolic execution, and define these symbolic variables as a set of original symbolic variables, the symbolic variables include the original symbolic variables and intermediate symbolic variables, intermediate symbols The variable is the symbolic variable represented by the original symbolic variable expression. When the program starts symbolic execution and actual execution, ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention relates to a software security detection method based on combination of a vulnerability model and symbolic execution. The method comprises following steps of symbolizing input test data interacted by a program and an external environment; determining symbolic variables in a symbolic execution process; starting symbolic execution and actual execution; collecting path constraint conditions in the symbolic execution process; obtaining corresponding relationship information of the input data and a program operation path; according to the path constraint conditions, checking whether there is a code region possibly triggering a vulnerability or not; calculating a constraint condition capable of driving the program to be guided to the code region; according to the vulnerability ode, calculating a constraint condition possibly triggering the vulnerability; invoking an STP constraint solver to calculate the path constraint condition possibly triggering the vulnerability, thus obtaining input data possibly triggering the vulnerability; and loading the new input data in a to-be-tested program, thus carrying out a new round of test. According to the method, the program path through risk code region can be analyzed deeply; relatively accurate test input data is generated; the program vulnerability detection is triggered; and the software security is improved.
Description
technical field [0001] The invention relates to the technical field of computer software security testing, in particular to a software security testing method based on the combination of vulnerability model and symbolic execution. Background technique [0002] Software analysis is the basis for testing security issues such as software vulnerability and software malicious behavior. In order to deal with the security risks brought by software vulnerabilities, researchers have carried out research on software vulnerability analysis techniques. Existing technologies have been able to discover and repair certain vulnerabilities to a certain extent, providing an important support for the safe operation of software. In order to make up for the blindness and low test coverage caused by traditional fuzz testing, many researchers began to apply symbolic execution technology to the vulnerability mining process. Symbolic execution is an information flow analysis technique, which repla...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more