High-efficiency dynamic software vulnerability exploiting method

A software vulnerability and dynamic technology, applied in the field of software engineering and information security, can solve problems such as impossible completion, heavy workload, relying on manual definition of abnormal data generation rules, etc., to achieve the effect of improving efficiency and increasing possibility

Inactive Publication Date: 2010-10-06
PEKING UNIV
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But such fuzzing tools rely heavily on manually defining the generation rules for malformed data
For complex data formats, manual definition of generation rules faces a huge workload, which is usually impossible; even for simple data formats, manual definition of rules is easy to introduce errors, resulting in generated malformed data that cannot trigger security vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High-efficiency dynamic software vulnerability exploiting method
  • High-efficiency dynamic software vulnerability exploiting method
  • High-efficiency dynamic software vulnerability exploiting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The specific implementation manner of the present invention will be described in more detail below in conjunction with the accompanying drawings.

[0037] Step 1. Run normal input data, collect runtime sensitive information.

[0038] This step is based on the binary dynamic code instrumentation technology, runs the target software in the instrumentation mode, and tracks the reading, dissemination, and use of input data. It is also possible to use a binary change method or a source code code insertion method (see document [1] GeorgeC.Necula.CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs.Proceedings of the 11th International Conference on Compiler Construction.2002.[ 2] Susanta Nanda. BIRD: Binary Interpretation using Runtime Disassembly. Fourth IEEE / ACM International Symposium on Code Generation and Optimization, 2006.)

[0039] The existing binary dynamic code instrumentation technology is very mature. Many famous IT companies such a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a high-efficiency dynamic software vulnerability exploiting method which comprises the following steps: 1. processing normal input data by target software, and collecting the bytes spread into system function parameters and library function parameters in the normal input data; 2. modifying the bytes spread into a system function and a library function in the normal input data, and generating malformed data; and 3. inputting the generated malformed data to the target software, and if the target software is abnormal in processing the malformed data, generating a vulnerability report. In the method of the invention, the malformed data generated by the bytes are modified with pertinency by automatically recognizing the bytes spread into the system function and the library function in the normal input data, thereby the possibility of triggering security vulnerabilities by the malformed data is markedly improved, and the efficiency of fuzzy testing is fully improved.

Description

technical field [0001] The invention belongs to the fields of software engineering and information security, and in particular relates to an efficient dynamic software loophole mining method. Background technique [0002] The rapid development and wide application of information technology such as computers, network communications, and software has promoted the modern society to move towards an information society, and a large number of loopholes and hidden dangers in it have also made the current information security situation increasingly severe. A core issue in information security It is the software security loopholes that exist in the computer system. Malicious attackers can use these security loopholes to elevate their privileges, access unauthorized resources, and even destroy sensitive data. Software security loopholes have become one of the root causes of many system security problems, so how to find security loopholes in software is very important. [0003] Fuzzin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 王铁磊李义春韦韬邹维戴帅夫张超丁羽
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap