Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Dynamic taint analysis device and its application in file format reverse analysis

A file format, dynamic taint technology, applied in the improved dynamic taint analysis device, the application field of gray box file format reverse parsing technology, can solve the problems of excessive overhead, low efficiency, lack of extended instruction set support, etc., to reduce Time overhead and space overhead, the effect of reducing I/O operations

Inactive Publication Date: 2016-05-18
BEIJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1. Excessive overhead
In addition to the inherent overhead introduced by the dynamic binary program instrumentation platform, the taint analysis logic needs to memorize the propagation state of the taint path, and perform state-by-instruction instrumentation to analyze the context state and memory values, etc., which will introduce a lot of additional computing time and space overhead ; while virtual machine implementations suffer from inefficiencies due to system-wide emulation
[0011] 2. Lack of extended instruction set support
[0012] 3. There is an I / O bottleneck
If the type of information recorded in the log is reduced, the path information of dynamic taint tracking will not be restored, so that the dynamic taint analysis tool will lose its usability, and the dynamic taint analysis results will not be reusable

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic taint analysis device and its application in file format reverse analysis
  • Dynamic taint analysis device and its application in file format reverse analysis
  • Dynamic taint analysis device and its application in file format reverse analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The specific implementation and features of the dynamic taint analysis device proposed according to the embodiments of the present invention and its application in file format reverse analysis will be described in detail below with reference to the accompanying drawings.

[0025] The file format reverse analysis system based on dynamic taint analysis in the embodiment of the present invention is as follows: figure 1 as shown, figure 1 The shown file format reverse analysis system mainly includes: a dynamic taint analysis device and a file format analysis module (ie figure 1 "File format analysis" on the lower right side), and the dynamic taint analysis device mainly includes two modules, that is, the dynamic instrumentation execution recording module (namely figure 1 "Dynamic instrumentation execution record" on the upper right side) and the static snapshot parsing taint tracking module (ie figure 1 "Static snapshot parsing taint tracking" in the middle right).

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a dynamic taint analysis device and application of the dynamic taint analysis device to document format reverse analysis, wherein the dynamic taint analysis device comprises a dynamic instrumentation executive logging module and a static snapshoot analysis taint tracking module, wherein the dynamic instrumentation executive logging module is used for calling and executing a tested program by using a binary program instrumentation platform, monitoring opening, analyzing and closing behaviors of a data document including original taint data in a process of executing the tested program, and acquiring snapshoot logs of all command processes, context information and memory access information in the process of executing the tested program according to the process of executing the tested program; the static snapshoot analysis taint tracking module is used for analyzing the snapshoot logs and simulating replay execution of a progress according to information obtained by analysis and recording processing and spread information of original taint data in the data document to obtain a taint data stream path. According to the dynamic taint analysis device, I / O (Input / Output), time and space overhead of dynamic taint analysis in a dynamic execution process can be reduced, an extended instruction set can be supported, and the continuity and incidence relation of original taint data can be obtained.

Description

technical field [0001] The invention relates to a dynamic stain analysis technology, in particular to an improved dynamic stain analysis device and the application of the improved dynamic stain analysis device in the gray box file format reverse analysis technology. Background technique [0002] The basic implementation idea of ​​taint analysis is: calibrate all input data as taint data, and track the flow path of these taint data during program execution, and then perform corresponding analysis on the basis of the flow path. [0003] At present, taint analysis is usually divided into dynamic taint analysis and static taint analysis for binary code, and dynamic taint analysis has been a research hotspot in the past ten years. [0004] The existing dynamic taint analysis mainly has two implementation methods: one is based on the system-wide virtual machine implementation, that is, the taint analysis is performed through internal or external plug-in codes, such as the taint an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 崔宝江王福维
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products