Unlock instant, AI-driven research and patent intelligence for your innovation.

Taint analyzing method based on taint invariable set

A taint analysis and taint technology, applied in the field of computer software security testing, can solve problems such as low applicability, unsupported data processing, incomplete taint analysis, etc., to achieve the effect of low resource consumption and reduction of false alarm rate

Active Publication Date: 2014-08-20
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF1 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Lam and Chiueh proposed a method based on taint marking and tracking to monitor code. This method has two disadvantages: one is low applicability, because the code needs to be recompiled; the other is that the taint analysis is not comprehensive, mainly because it does not support control flow. data processing
It can even be said that the taint analysis technology with a high false positive rate is difficult to apply in practice

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Taint analyzing method based on taint invariable set
  • Taint analyzing method based on taint invariable set
  • Taint analyzing method based on taint invariable set

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] Step 1: Obtain the original taint data original_set through the traditional stain analysis method. The traditional stain analysis method is to mark common sources of stains, taking disk files as an example. Use the API provided by Pin to instrument operating system functions, such as open, read, mmap, etc., because operations on disk files generally use these functions. It should be noted that the functions that need to be instrumented are different for different operating systems. Taking Windows as an example, the functions that need to be instrumented are OpenFile, ReadFile, etc.

[0067] Step 2: Obtain the invariable_set of the stain invariant.

[0068] Step 2.1: Execute the program p whose input is input, and get the set var_set of all variables and their values, where input refers to the set of assignments to the externally accepted input;

[0069] Step 2.2: The number of initialization cycles is 0;

[0070] Step 2.3: When the number of cycles is less than the threshold,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A taint analyzing method based on a taint invariable set includes the following steps of firstly, obtaining original taint data original_set through the taint analyzing method; secondly, obtaining a taint invariable set invariable_set; thirdly, obtaining a final taint data taint_set, wherein the final taint data taint_set is equal to the difference between the original taint data original_set and the taint invariable set invariable_set; fourthly, setting up a taint data structure; fifthly, tracking taint spreading, and putting forward a light-weight taint spreading tracking method; sixthly, tracking a taint pointer, wherein in order to track the taint pointer, the target operation number is marked with taints as well when the addresses of indirection addressing or registers are taint data; seventhly, setting a bug detection rule, directly conducting pile insertion on a memory function, and detecting whether function parameters are marked with taints or not before the memory function is called, wherein the bug of the memory function is detected if yes.

Description

Technical field [0001] The stain analysis method based on stain invariant set proposed by the present invention is used to solve the problem of high false alarm rate in traditional stain analysis, and belongs to the field of computer software safety testing. Background technique [0002] Code audit, software verification, and software testing are all key technologies to ensure software reliability and safety, and software testing is the most common technology to verify software quality. The demand for high-quality software products promotes software testing to occupy an increasingly important position in the software development cycle. Recent surveys show that the proportion of software testing in software development costs has increased from 50% to 80%. Stain analysis technology was proposed in 1998 and became a research hotspot after 2005 because of its multiple advantages and wide application prospects, including software protection, software defect discovery, and software de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 牛伟纳张小松赖特陈瑞东王东陈厅冀风宇李杰
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA