Unlock instant, AI-driven research and patent intelligence for your innovation.

Binary-based system for detecting memory modifying attack and positioning bug

A binary and memory technology, applied in the direction of instrumentation, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as low efficiency, inaccuracy, and complex implementation details, and achieve the effect of simple implementation and expanded attack detection range

Inactive Publication Date: 2011-06-01
NANJING UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Several works related to vulnerability location have at least one of the following shortcomings: (1) the implementation details are too complicated; (2) there are inherent inaccuracies; (3) low efficiency; (4) no library functions special treatment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary-based system for detecting memory modifying attack and positioning bug
  • Binary-based system for detecting memory modifying attack and positioning bug
  • Binary-based system for detecting memory modifying attack and positioning bug

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] The present invention is built on Valgrind and its plugin Flayer.

[0066] Such as figure 1 As shown, the binary-based memory tampering attack detection and vulnerability location method 10 of the present invention includes: a code conversion unit 20 , a basic block data dependency recording unit 21 , a code insertion unit 22 and a vulnerability location unit 23 .

[0067] The code conversion unit 20 is used to convert binary-level codes into Valgrind intermediate code form VEX, which is a reduced instruction set (RISC). There are 10 types of statements in the VEX instruction set. There are 12 kinds of expressions. Such as image 3 As shown, the VEX instruction set is divided into statements and expressions. The difference between a statement and an expression is: a statement modifies a register / memory / temporary variable, while an expression only uses the value of a register / memory / temporary variable. Data objects in the VEX instruction set are divided into four c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a binary-based method for detecting a memory modifying attack and positioning a bug, which comprises a code converting unit, a basic block data dependency relation recording unit, a code inserting unit and a bug positioning unit, wherein the code converting unit is used for converting x86 binary codes into VEX in the form of Valgrind intermediate codes; the code inserting unit comprises a color transmission code inserting part, an attack detecting code inserting part and a memory pollution command recording code inserting part, is used for dynamic staining analysis andcan effectively detect the abnormal condition of memory data with the implementation of a program and record a writing command of a polluted memory; and the bug positioning unit comprises a modified memory address positioning part and a memory modifying command positioning part and is used for finding a memory address modified by an outer input and finding the address of the writing command modifying the memory to complete final positioning. The binary-based system can effectively detect the memory modifying attack and position the bug accurately.

Description

technical field [0001] The present invention relates to a method and tool for detecting program memory tampering attacks and locating vulnerabilities, in particular to detect program memory tampering by dynamically analyzing and tracking binary programs at runtime on the basis of binary level without source code A method for detecting and locating vulnerabilities based on binary memory tampering attacks that attacks and locates the location of vulnerabilities. Background technique [0002] At present, most network attacks and worms are caused by memory-related program vulnerabilities. Memory vulnerabilities can cause attackers to perform arbitrary read and write operations on memory through malicious input, thereby controlling program behavior and even obtaining system root privileges. . Many vulnerabilities exist only in programs written in unsafe languages ​​such as C / C++. In the C language, due to the lack of strong type checking and buffer boundary checking, there may ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/22G06F21/56
Inventor 茅兵谢立房陈
Owner NANJING UNIV