Pointer analysis-combined software security hole dynamic detection method

Abstract

The invention relates to a software security hole dynamic detection method, in particular to a pointer analysis-combined software security hole dynamic detection method, and belongs to the technical field of information security. The software security hole dynamic detection method comprises the following steps of: identifying insecure pointers in a program to be detected; expressing the insecure pointers as fat pointers; and continuously checking the pointer state information contained in the fat pointers and finding the hole existing in the program to be detected by operating the program to be detected. The software security hole dynamic detection method can detect various holes simultaneously, such as a buffer area overflow hole, a suspended pointer hole, and the like, and can reduce the consumption of the system resources simultaneously.

Description

technical field

[0001] The invention relates to a dynamic detection method for software security loopholes, in particular to a dynamic detection method for software security loopholes combined with pointer analysis, which belongs to the technical field of information security. Background technique

[0002] With the increasing number of hacker attacks and the proliferation of worms on the Internet, information security has gradually become the focus of people's eyes. A core problem in information security is the software security loopholes in computer systems. Malicious attackers can use these security loopholes to elevate their privileges, access unauthorized resources, and even destroy sensitive data. The widespread application of computer software has brought more and more convenience to people and has increasingly affected people's daily life. However, there are a large number of errors and loopholes in computer software, which hide huge risks. The fundamental solution t...

Images