A Dynamic Detection Method of Buffer Overflow Vulnerabilities Based on Function Call

A buffer overflow and function call technology, applied in the field of information security, can solve the problems of abstract syntax tree occupying memory, inaccurate positioning, high false negative rate, etc., and achieve the effect of reducing dependence, high measurement accuracy and low false positive rate

Active Publication Date: 2018-02-13
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage is that the generated abstract syntax tree and other information contain a lot of messy information, which is not conducive to analysis. Moreover, for a small compilation unit, it can generate about 1000 times the abstract syntax tree text, and the final abstract syntax tree will occupy entire memory
But its obvious shortcoming is the dependence of dynamic detection technology on input. Only when the specific input is the program execution to the dangerous point, the vulnerability will be discovered. Therefore, the positioning is inaccurate and the false negative rate is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Dynamic Detection Method of Buffer Overflow Vulnerabilities Based on Function Call
  • A Dynamic Detection Method of Buffer Overflow Vulnerabilities Based on Function Call
  • A Dynamic Detection Method of Buffer Overflow Vulnerabilities Based on Function Call

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0032] The object of the present invention is to propose a method for detecting buffer overflow vulnerabilities based on function call sequences in view of the deficiencies in the prior art described above. The basic idea of ​​the present invention is: the stack (or buffer) is closely related to the function call, and when the function call is made, a new local stack related to the function will be generated on the basis of the original process stack to store Variables local to a function; the local stack is destroyed when the function returns. Use the function call as the judgment unit, and use the original EBP value stored in the function stack as the basis for judgment, compare the EBP value when the function call occurs and the EBP value at the end of the function call to judge whether the call has a buffer For overflow, it is judged every time a func...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for dynamic detection of buffer overflow vulnerabilities based on function calls, which comprises the following steps: firstly obtain the address of the function call instruction and the address of the return instruction of the program under test, construct input parameters, and run the program under test; when the function call occurs , get the value EBP_B in the base address register; at the end of the function call, get the value EBP_A in the base address register; if EBP_B≠EBP_A, record the loophole and report to the police; if EBP_B=EBP_A, then judge that there is no loophole; repeat the above process until After the program under test runs, continue to obtain the function call information of this run, and match it with the abnormal behavior model of the software. If it matches, record possible vulnerabilities; if it does not match, the behavior of the program under this input does not reflect the buffer overflow vulnerability. Characteristics. Construct a large number of input duplication detection. The method can perform dynamic detection and improve detection efficiency.

Description

technical field [0001] The invention belongs to the invention and relates to a detection method for a buffer overflow loophole, and belongs to the technical field of information security. Background technique [0002] With the rapid development of computer technology, the degree of informatization of human society is getting higher and higher, and the political, economic, military, cultural and other fields of the whole society rely more and more on computer information systems. In this case, the security of computer system has been paid more and more attention by people. However, the writing of large-scale software and systems requires many programmers to work together. They divide a software or system into several sections, divide the work into writing, then summarize and test; finally patch and release, so there are almost no security holes in the software. It is inevitable. Software security vulnerabilities refer to defects in data access or behavioral logic introduced...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
Inventor 胡昌振薛静锋周琦超李坚单纯
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products