Software security testing system and method based on dynamic taint propagation

Abstract

The invention discloses a software security testing system and method based on dynamic taint propagation. The system comprises a taint source marking module (108) used for generating a taint source marking rule, a detector module (110) used for generating a detection rule, a self-correction code module (104) used for dynamically tracing each binary command of software to be tested by using a self-correction code technology, an RING3 virtual machine module (106) used for analyzing each binary command of the software to be tested by using an RING3 virtual machine and analyzing the flowing direction of the data carried by the command so as to realize taint propagation, as well as calling the taint source marking rule to mark a taint source and calling the detection rule to detect each binary command of the software to be tested, and a log module (112) used for outputting related information violating the detection rule. The software security testing system and method provided by the invention can be used for improving the detection rate of software and reducing false alarm rate and missed alarm rate.

Description

technical field [0001] The invention relates to software safety testing, in particular to a software safety testing system and method based on Dynamic Taint Propagation. Background technique [0002] Software security testing is an important means to ensure software security and reduce software security risks. The main purpose of software security assurance is to prevent hackers or malicious insiders from attacking software, and to ensure that the software can still run normally even when it is attacked maliciously. Since the attacker mainly attacks the software by inputting malicious data, the security problem of the software mainly comes from the external input data. [0003] At present, the techniques for implementing software security testing by performing security testing on external input data mainly include static source code security testing techniques and dynamic penetration testing techniques. Static source code security testing technology mainly scans the source...

AI Technical Summary

Problems solved by technology

[0008] 1. Fortify Tracer needs to statically analyze the binary code of the software before checking to find out the Source code and Sink code. This is an extra workload, and the false positive rate and false negative rate depend heavily on finding out the Source code. and the algorithm of the Sink code;

[0009] 2. Since Fortify Tracer only analyzes a limited number of instrumentation points for software binary code, and the propagation and termination of a taint may be at a non-instrumentation point, dynamic taint propagation will be incomplete, resulting in false positives and missed increase in rate of return;

[0010] 3. Fortify Tracer cannot detect security vulnerabilities that require the support of the instruction tracking framework, such as Heap Buffer Overflow, Stack Buffer Overflow, Format String Overflow, and Integer Overflow (Integer Overflow), except 0 denial of service (Div Zero), etc.

Images