Automation positioning method for binary system program vulnerabilities

Abstract

The invention discloses an automation positioning method for binary system program vulnerabilities. The method includes: 1) running a binary system program to be detected, and recording all instructions in the process from the time the program starts to run to the time an error occurs; 2) creating a vulnerability dependency tree according to the recorded instructions, and detecting a vulnerability instruction from the recorded instructions according to the created vulnerability dependency tree; in the process of creating the vulnerability dependency tree, checking whether a vulnerability candidate node appears every time a plurality of nodes are increased, if so, generating an interim fix for the vulnerability candidate node; and 3) observing whether the interim fix is effective, if so, stopping creating the vulnerability dependency tree and regarding the interim fix a basis for positioning a vulnerability position; and if not, continuing creating the vulnerability dependency tree. The automation positioning method for the binary system program vulnerabilities reduces the number of instruction needing to be analyzed and greatly improves the analysis efficiency.

Description

technical field [0001] The present invention mainly relates to a loophole location method, more precisely relates to a binary program loophole automatic location method, and belongs to the field of network information security. Background technique [0002] Vulnerabilities have brought great threats to the Internet: on the one hand, attackers can exploit the vulnerabilities to invade the system; on the other hand, worms can spread and cause damage by exploiting the vulnerabilities. In recent years, the number of software vulnerabilities has continued to rise, but it takes a long time to generate patches. According to analysis, Microsoft's current 21 vulnerabilities (MS11-087~MS12-007) need an average of 115 days to publish and patch release. The main reason why patch generation takes a long time: First, the software is becoming more and more complex, and analysts need to analyze tens of thousands of instructions. Therefore, it is difficult to quickly locate the vulnerability...

AI Technical Summary

Problems solved by technology

[0003] In order to solve the above problems, the existing methods are mainly divided into three categories: 1) a class of methods mainly analyze (such as buffer overflow) and generate patches for a single type of vulnerability, but can only solve one type of vulnerability and most The method needs the support of the source code; 2) A class of methods study invariants from the normal execution flow to locate the vulnerability, but this type of method cannot find the real cause of the vulnerability; 3) Differential slices can find differences in two similar paths , to help analysts identify abnormalities in execution, but a normal execution flow is required for comparison, and different program inputs will make the difference in execution flow uncontrollable, so it is difficult to find a suitable execution flow for comparison

Images