A Software Vulnerability Detection Method Based on Pointer Analysis

A software vulnerability and pointer analysis technology, applied in the field of software vulnerability detection, can solve problems such as inaccurate recovery of complex data types, insufficient use of pointer variable information, etc., and achieve the effect of improving security and accuracy
CN104021073BInactive Publication Date: 2017-02-01NANJING UNIV
4 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
NANJING UNIV
Publication Date
2017-02-01
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

A software vulnerability detection method based on pointer analysis includes the following steps that with the help of instrumentation software, three main instrumentation operations of basic data type recovery, complex data type recovery and vulnerability detection are respectively finished, wherein the instrumentation operation of basic data type recovery includes the processes that type collection codes are inserted behind instructions belonging to a type sensitive instruction set, and then propagation codes of different types are inserted according to different assembly instructions; the instrumentation operation of complex data type recovery includes the processes that pointer collection codes are inserted behind a memory application instruction set, pointer analysis codes are inserted according to different assembly instructions, and then complex data types are recovered in the pointer analysis process; the instrumentation operation of vulnerability detection includes the processes that pollution marking codes are inserted to external input positions of programs, stain spreading codes are inserted according to assembly instructions, and security detection codes are inserted to security sensitive points.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field

[0001] The invention relates to a software vulnerability detection method related to complex data types, in particular to a software vulnerability detection method based on pointer analysis. Background technique

[0002] Software vulnerabilities are systems that are vulnerable to attacks and affect system availability. Among software vulnerabilities, vulnerabilities related to complex data types account for a larger proportion, and vulnerabilities that can be exploited to achieve attacks account for a larger proportion. It is a common method to find and eliminate software vulnerabilities through analysis and detection of programs. To achieve effective vulnerability detection of executable programs, the recovery of complex data types is the key. At present, for the recovery of complex data types, most of them adopt simple type derivation or the method of analyzing the access interval of complex data types. The pointer variable information is not fully utilized, m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More