Pointer analysis-combined software security hole dynamic detection method

A pointer analysis and software security technology, applied in the field of information security, can solve the problem of high system resource overhead and achieve the effect of reducing system resource consumption

Inactive Publication Date: 2010-09-15
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to propose a new dynamic detection method for software security vulnerabilities combined with pointer analysis to solve the problem of high system resource overhead in the existing dynamic detection technology for software security vulnerabilities combined with pointer analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Pointer analysis-combined software security hole dynamic detection method
  • Pointer analysis-combined software security hole dynamic detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0024] A schematic flow chart of a dynamic detection method for software security vulnerabilities combined with pointer analysis of the present invention is as follows figure 1 As shown, the specific operation steps are as follows:

[0025] The procedure to be tested is as follows:

[0026] int a[10];

[0027] int*p=a;

[0028] int*q=p;

[0029] *(p+11)=5; / / generate buffer overflow vulnerability

[0030] int i = 10;

[0031] int*r = new(int);

[0032] r=&i;

[0033] delete r; / / If r is not assigned NULL, it may cause a floating pointer error

[0034] *r = 15; / / generate a floating pointer error

[0035] Step 1: Perform pointer preprocessing to obtain pointing sets of all pointers.

[0036] Step 1: Perform pointer preprocessing to obtain the pointing set of all pointers

[0037] Andersen algorithm is adopted, and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a software security hole dynamic detection method, in particular to a pointer analysis-combined software security hole dynamic detection method, and belongs to the technical field of information security. The software security hole dynamic detection method comprises the following steps of: identifying insecure pointers in a program to be detected; expressing the insecure pointers as fat pointers; and continuously checking the pointer state information contained in the fat pointers and finding the hole existing in the program to be detected by operating the program to be detected. The software security hole dynamic detection method can detect various holes simultaneously, such as a buffer area overflow hole, a suspended pointer hole, and the like, and can reduce the consumption of the system resources simultaneously.

Description

technical field [0001] The invention relates to a dynamic detection method for software security loopholes, in particular to a dynamic detection method for software security loopholes combined with pointer analysis, which belongs to the technical field of information security. Background technique [0002] With the increasing number of hacker attacks and the proliferation of worms on the Internet, information security has gradually become the focus of people's eyes. A core problem in information security is the software security loopholes in computer systems. Malicious attackers can use these security loopholes to elevate their privileges, access unauthorized resources, and even destroy sensitive data. The widespread application of computer software has brought more and more convenience to people and has increasingly affected people's daily life. However, there are a large number of errors and loopholes in computer software, which hide huge risks. The fundamental solution t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/22G06F21/14
Inventor 胡昌振王崑声曲洋马锐薛静锋
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap