Binary software vulnerability detection system and method based on dynamic taint tracking

A dynamic binary and dynamic taint technology, applied in software testing/debugging, error detection/correction, hardware monitoring, etc., can solve the problems of incomplete taint propagation logic semantic information, high performance overhead of dynamic taint tracking, and poor applicability, etc. The effect of extending applicability, reducing performance overhead, and increasing efficiency

Active Publication Date: 2020-01-24
XIDIAN UNIV +1
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The object of the present invention is to address the deficiencies of the above-mentioned prior art, and propose a binary software vulnerability detection system and method based on dynamic taint tracking, which is used to solve the problems of high performance overhead and poor applicability of dynamic taint tracking in the prior art, and The problem of under-pollution caused by incomplete logical semantic information of taint propagation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary software vulnerability detection system and method based on dynamic taint tracking
  • Binary software vulnerability detection system and method based on dynamic taint tracking
  • Binary software vulnerability detection system and method based on dynamic taint tracking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] Embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0040] refer to figure 1 , the detection system of the present invention includes a taint marking module 1, a vulnerability detection module 2, a taint propagation analysis module 3 and an API call processing module 4, wherein:

[0041] The stain mark module 1 is used to store the stain mark of the data in the monitored software process address space and the thread general register, and provides the stain mark operation function for the stain propagation analysis module 3 and the API call processing module 4, and the stain mark operation function Including: setting taint marks, clearing taint marks, and getting taint marks.

[0042] The vulnerability detection module 2 is used to detect whether the pre-established software vulnerability detection rules are triggered during the running of the monitored software, and take corresponding security ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a binary software vulnerability detection system and method based on a dynamic taint tracking technology, which mainly solve the problems of high expenditure, poor applicabilityand under-pollution caused by incomplete semantic information during operation in the prior art. The detection system comprises a stain marking module, a vulnerability detection module, a stain propagation analysis module and an API call processing module. The API calls the processing module and the taint propagation analysis module to determine a taint source and a detection point of the system;the stain marking module allocates a stain marking storage structure. The taint propagation analysis module and the API call processing module track taint mark propagation of instructions, kernel system calls and C standard library functions in the running process of the monitored software. The vulnerability detection module detects whether the propagation of the taint data triggers a software vulnerability detection rule. According to the method, the dynamic stain tracking efficiency and accuracy of the system are improved, the applicability of the system is expanded, and the method can be used for detecting the vulnerability of binary software.

Description

technical field [0001] The invention belongs to the technical field of information security, and particularly relates to a binary software vulnerability detection system and method, which can be used in the ELF file format under the Linux environment or the PE file format under the Windows environment, and utilize dynamic stain analysis technology to detect the vulnerability of the binary software. Vulnerability detection to detect the vulnerability of binary software and defend against vulnerability attacks encountered by the software during operation. Background technique [0002] With the development of computer technology, computer software has penetrated into important fields such as national defense, enterprises and individuals. Once some key software is damaged, it will cause immeasurable losses to the entire computer information system. Therefore, the security of computer software has always been an issue. An important topic of information security research. [0003...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F11/30
CPCG06F11/3688G06F11/3093G06F11/3051
Inventor 孙聪阚啸李亚晖王中华马建峰杨子怡
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap