Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automation positioning method for binary system program vulnerabilities

A technology of binary program and positioning method, which is applied in the field of binary program vulnerability automatic positioning and vulnerability positioning, which can solve the problems of being unable to find the real cause of the vulnerability, uncontrollable execution flow differences, and difficulty in finding the execution flow, so as to prevent malicious use and reduce The number of instructions and the effect of improving analysis efficiency

Active Publication Date: 2013-07-10
INST OF INFORMATION ENG CAS
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In order to solve the above problems, the existing methods are mainly divided into three categories: 1) a class of methods mainly analyze (such as buffer overflow) and generate patches for a single type of vulnerability, but can only solve one type of vulnerability and most The method needs the support of the source code; 2) A class of methods study invariants from the normal execution flow to locate the vulnerability, but this type of method cannot find the real cause of the vulnerability; 3) Differential slices can find differences in two similar paths , to help analysts identify abnormalities in execution, but a normal execution flow is required for comparison, and different program inputs will make the difference in execution flow uncontrollable, so it is difficult to find a suitable execution flow for comparison

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automation positioning method for binary system program vulnerabilities
  • Automation positioning method for binary system program vulnerabilities
  • Automation positioning method for binary system program vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] 1) Record the execution path of the error operation in the operation of the binary program to be detected, that is, record all instructions from the beginning of the program to the error process (it is known that a certain input will cause the program error, such as a crash phenomenon, and then start recording from the beginning). In order to avoid analyzing the program again, the recording process includes recording each branch instruction and selected branch. In the actual analysis, because the location of the vulnerability is close to the instruction, and considering the limitations of the program and hard disk space, we set a threshold for instruction tracking and recording. Currently, 100,000 instructions are selected. If this threshold is exceeded, the newly recorded instruction will overwrite the latest instruction. The command recorded first will be recorded in a loop. If the vulnerable code cannot be found in the recorded instructions, we will reset the thresho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an automation positioning method for binary system program vulnerabilities. The method includes: 1) running a binary system program to be detected, and recording all instructions in the process from the time the program starts to run to the time an error occurs; 2) creating a vulnerability dependency tree according to the recorded instructions, and detecting a vulnerability instruction from the recorded instructions according to the created vulnerability dependency tree; in the process of creating the vulnerability dependency tree, checking whether a vulnerability candidate node appears every time a plurality of nodes are increased, if so, generating an interim fix for the vulnerability candidate node; and 3) observing whether the interim fix is effective, if so, stopping creating the vulnerability dependency tree and regarding the interim fix a basis for positioning a vulnerability position; and if not, continuing creating the vulnerability dependency tree. The automation positioning method for the binary system program vulnerabilities reduces the number of instruction needing to be analyzed and greatly improves the analysis efficiency.

Description

technical field [0001] The present invention mainly relates to a loophole location method, more precisely relates to a binary program loophole automatic location method, and belongs to the field of network information security. Background technique [0002] Vulnerabilities have brought great threats to the Internet: on the one hand, attackers can exploit the vulnerabilities to invade the system; on the other hand, worms can spread and cause damage by exploiting the vulnerabilities. In recent years, the number of software vulnerabilities has continued to rise, but it takes a long time to generate patches. According to analysis, Microsoft's current 21 vulnerabilities (MS11-087~MS12-007) need an average of 115 days to publish and patch release. The main reason why patch generation takes a long time: First, the software is becoming more and more complex, and analysts need to analyze tens of thousands of instructions. Therefore, it is difficult to quickly locate the vulnerability...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F17/30
Inventor 陈恺张颖君赵险峰
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com