Detection method for software vulnerability

A detection method and technology for software defects, applied in the field of information security, can solve problems such as integrity affecting the effect of fuzzing, increasing the difficulty of writing fuzzer tools, etc., to achieve the effect of comprehensive detection results, practical detection, and guaranteed effectiveness

Inactive Publication Date: 2012-03-21
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF2 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the process of fuzzing the target, there may also be various problems: checksum, encryption, compression and other measures will greatly increase the difficulty of writing fuzzer tools; writing an intelligent fuzzer depends on the protocol document of the target program, so the protocol document Integrity affects the effect of fuzzing tests, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for software vulnerability
  • Detection method for software vulnerability
  • Detection method for software vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0078] The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0079] The present embodiment adopts the method of the present invention to test an executable program to be tested with a size of 172KB. The function of this executable program is to realize the verification of the password. If the verification result is correct, then output Access granted, if the verification result is wrong , then output Access denied.

[0080] Its operation process is as figure 1 As shown, specifically:

[0081] Step 1. Collect software source code programs containing known defects.

[0082] A total of 32 software programs with known defects and their source codes were collected. These include buffer overflow, format string, integer overflow and other vulnerable programs and programs with known related defects.

[0083] Step 2. Obtain the defect code list.

[0084] Process the software progr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a detection method for software vulnerability, and belongs to the technical field of information security. The detection method comprises the following specific steps of: (1) collecting a software source code program containing known vulnerability; (2) obtaining a vulnerability code table; (3) obtaining a control flow graph CFG and an assembly code of the program to be tested; (4) determining key analysis code segments in the assembly code of the program to be tested and obtaining all paths of passing through nodes corresponding to the key analysis code segments through the control flow graph CFG of the program to be tested; and (5) for each suspicious path, an improved Fuzzing test method is used for detection to obtain the test results of the program to be tested. In the invention, when a fitness function is determined, the dependence on the source code of the tested program is eliminated, and the availability of information is kept; and the redundant information in an abstract syntax tree is eliminated and the integrity of useful information is kept, therefore, the practicality is better, and the efficiency is higher.

Description

technical field [0001] The invention relates to a detection method for software vulnerability and belongs to the technical field of information security. Background technique [0002] With the rapid development of computer technology, the degree of informatization of human society is getting higher and higher, and the political, economic, military, cultural and other fields of the whole society rely more and more on computer information systems. In this case, the security of computer system has been paid more and more attention by people. However, the writing of large-scale software and systems requires many programmers to work together. They divide a software or system into several sections, divide the work into writing, then summarize and test; finally patch and release, so there are almost no security holes in the software. It is inevitable. Software defects include software security holes and other software errors. Software security loopholes are errors in data access...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 胡昌振秦强王崑声闫怀志
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap