Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method for security flaws in loop write-only memory of binary program

A binary program and memory writing technology, applied in computer security devices, software testing/debugging, instruments, etc., can solve the problems of huge number of paths and expensive loop unrolling, and achieve the effect of reducing computing cost

Inactive Publication Date: 2012-10-03
CHINA INFORMATION TECH SECURITY EVALUATION CENT +1
View PDF3 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Unrolling loops is computationally expensive for real applications
The number of paths of the binary program loop structure may be very large. For example, if the number of iterations of a single loop depends on some unbounded inputs, the feasible paths of the binary program loop structure may also grow infinitely. Therefore, the loop structure in the binary program is Bottlenecks for Static Analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for security flaws in loop write-only memory of binary program
  • Detection method for security flaws in loop write-only memory of binary program
  • Detection method for security flaws in loop write-only memory of binary program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The present invention provides a detection method for a binary program loop write memory safety loophole, the implementation of which is as follows figure 1 As shown, including the following operations:

[0016] Step 1, obtaining the summary information of the loop structure of the binary program related to the potential security holes in the binary program;

[0017] Step 2, generating test data according to the summary information of the loop structure;

[0018] Step 3. According to the test data, the binary program is tested for loop write memory security vulnerabilities.

[0019] The method provided by the embodiment of the present invention does not need to traverse all paths of the loop structure of the binary program when generating the test data, but only needs to obtain the test data according to the generated summary information of the loop structure. Since the loop structure summary information is related to the potential security vulnerabilities of the bina...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention aims at providing a detection method for security flaws in a loop write-only memory of a binary program, comprising the following steps of: step 1, obtaining loop structure abstract information of a binary program, related to the potential security flaws in the binary program; step 2, generating test data according to the loop structure abstract information; and step 3, performing loop write-only memory security flaw detection on the binary program according to the test data. According to the method provided by the embodiment of the invention, when generating the test data, a process of traversing all the paths of the binary program loop structure is not needed, and the test data can be obtained just according to the generated loop structure abstract information. Since the loop structure abstract information is related to the potential security flaws of the binary program, the generated test data are targeted more, and the calculation overhead for detecting the security flaws is reduced greatly.

Description

technical field [0001] The invention relates to the field of computer software security analysis, in particular to a detection method for a binary program loop write memory security loophole. Background technique [0002] Buffer overflow vulnerabilities in binary programs usually occur in complex loop structures. When the code of a binary program contains nested loops, there is often complex code-to-code interaction, and such code may be more prone to potential security holes. For example, a binary program writes a memory security vulnerability cyclically. This security vulnerability refers to a memory access violation caused by not considering the boundary of the memory interval when the memory is cyclically written. [0003] At present, static analysis techniques are usually used to detect loopholes in binary programs that write memory security loops. Its working principle is to use static symbolic execution technology to generate test data, traverse all paths of the bin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36G06F21/00G06F21/57
Inventor 吴世忠郭涛郝永乐崔宝江梁晓兵
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com