Software security testing system and method based on dynamic taint propagation

A technology for software security and testing systems, applied in software testing/debugging, computer security devices, instruments, etc., to solve problems such as inability to detect security vulnerabilities, increased false positive and false negative rates, and incomplete dynamic taint propagation.

Active Publication Date: 2011-06-01
阿里巴巴华北技术有限公司
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 1. Fortify Tracer needs to statically analyze the binary code of the software before checking to find out the Source code and Sink code. This is an extra workload, and the false positive rate and false negative rate depend heavily on finding out the Source code. and the algorithm of the Sink code;
[0009] 2. Since Fortify Tracer only analyzes a limited number of instrumentation points for software binary code, and the propagatio

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software security testing system and method based on dynamic taint propagation
  • Software security testing system and method based on dynamic taint propagation
  • Software security testing system and method based on dynamic taint propagation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] Various embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0020] refer to figure 1 , which shows a block diagram of a software security testing system 100 based on dynamic taint propagation according to an embodiment of the present invention. Please note that throughout the specification and claims, "application" and "software" have the same meaning and can be used interchangeably. In an embodiment of the present invention, the software security testing system 100 runs on a Windows operating system. However, as a general software security testing system, the software security testing system 100 can run on any operating system.

[0021] The software security testing system 100 includes a self-modifying code module 104, a RING3 virtual machine module 106, a mark pollution source module 108, a checker module 110, and a log module 112, wherein the self-modifying code module 104 and the RING3 virtual machi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software security testing system and method based on dynamic taint propagation. The system comprises a taint source marking module (108) used for generating a taint source marking rule, a detector module (110) used for generating a detection rule, a self-correction code module (104) used for dynamically tracing each binary command of software to be tested by using a self-correction code technology, an RING3 virtual machine module (106) used for analyzing each binary command of the software to be tested by using an RING3 virtual machine and analyzing the flowing direction of the data carried by the command so as to realize taint propagation, as well as calling the taint source marking rule to mark a taint source and calling the detection rule to detect each binary command of the software to be tested, and a log module (112) used for outputting related information violating the detection rule. The software security testing system and method provided by the invention can be used for improving the detection rate of software and reducing false alarm rate and missed alarm rate.

Description

technical field [0001] The invention relates to software safety testing, in particular to a software safety testing system and method based on Dynamic Taint Propagation. Background technique [0002] Software security testing is an important means to ensure software security and reduce software security risks. The main purpose of software security assurance is to prevent hackers or malicious insiders from attacking software, and to ensure that the software can still run normally even when it is attacked maliciously. Since the attacker mainly attacks the software by inputting malicious data, the security problem of the software mainly comes from the external input data. [0003] At present, the techniques for implementing software security testing by performing security testing on external input data mainly include static source code security testing techniques and dynamic penetration testing techniques. Static source code security testing technology mainly scans the source...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/22G06F11/36G06F21/57
Inventor 王伟
Owner 阿里巴巴华北技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap