Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Function call based dynamic detection method for buffer overflow vulnerability

A buffer overflow and function call technology, applied in the field of information security, can solve the problems of abstract syntax tree occupying memory, inaccurate positioning, and high false positive rate, and achieve the effects of reducing dependencies, high measurement accuracy, and low false positive rate.

Active Publication Date: 2015-07-08
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF6 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage is that the generated abstract syntax tree and other information contain a lot of messy information, which is not conducive to analysis. Moreover, for a small compilation unit, it can generate about 1000 times the abstract syntax tree text, and the final abstract syntax tree will occupy entire memory
But its obvious shortcoming is the dependence of dynamic detection technology on input. Only when the specific input is the program execution to the dangerous point, the vulnerability will be discovered. Therefore, the positioning is inaccurate and the false negative rate is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Function call based dynamic detection method for buffer overflow vulnerability
  • Function call based dynamic detection method for buffer overflow vulnerability
  • Function call based dynamic detection method for buffer overflow vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0032] The object of the present invention is to propose a method for detecting buffer overflow vulnerabilities based on function call sequences in view of the deficiencies in the prior art described above. The basic idea of ​​the present invention is: the stack (or buffer) is closely related to the function call, and when the function call is made, a new local stack related to the function will be generated on the basis of the original process stack to store Variables local to a function; the local stack is destroyed when the function returns. Use the function call as the judgment unit, and use the original EBP value stored in the function stack as the basis for judgment, compare the EBP value when the function call occurs and the EBP value at the end of the function call to judge whether the call has a buffer For overflow, it is judged every time a func...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a function cell based dynamic detection method for buffer overflow vulnerability. The method comprises the steps of acquiring a function call instruction address and a return instruction address of a detected program; building input parameters, and operating the detection program; in case of function call occurs, acquiring the value EBP_B in a base register; acquiring the value EBP_A of the base register when the function call is finished; if EBP_B is not equal to EBP_A, recording the vulnerability and alarming; if EBP_B is equal to EBP_A, determining that no vulnerability occurs; repeating the process until the detection program finishes the operation; continuously acquiring the function call information of the current operation; matching with an abnormal software behavior model; if matching, recording the possible vulnerability; if not matching, determining that the behavior of the program under the current input is free of the feature showing the buffer overflow vulnerability. The method is that a large number of inputs are built for repeated detection. The method can perform dynamic detection and improve the detection efficiency.

Description

technical field [0001] The invention belongs to the invention and relates to a detection method for a buffer overflow loophole, and belongs to the technical field of information security. Background technique [0002] With the rapid development of computer technology, the degree of informatization of human society is getting higher and higher, and the political, economic, military, cultural and other fields of the whole society rely more and more on computer information systems. In this case, the security of computer system has been paid more and more attention by people. However, the writing of large-scale software and systems requires many programmers to work together. They divide a software or system into several sections, divide the work into writing, then summarize and test; finally patch and release, so there are almost no security holes in the software. It is inevitable. Software security vulnerabilities refer to defects in data access or behavioral logic introduced...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
Inventor 胡昌振薛静锋周琦超李坚单纯
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products