Software vulnerability detection method based on simulation attack

A technology for simulating attacks and detection methods, applied in the field of software vulnerability detection, which can solve problems such as vulnerabilities that cannot be exploited, false positives, and lack of attack factors.

Active Publication Date: 2015-07-15
NANJING UNIV
View PDF4 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the use of program analysis for vulnerability detection lacks the consideration of attack factors, so that the detected vulnerabilities may not be exploitable, resulting in false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software vulnerability detection method based on simulation attack
  • Software vulnerability detection method based on simulation attack
  • Software vulnerability detection method based on simulation attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] Figure 1 shows the overall structure and workflow of this method, which is divided into two stages: static analysis and dynamic detection. In the static analysis stage, the static disassembly tool IDA Pro is used to disassemble the elf file to be detected to obtain the disassembly code, and the program information, including function information and constant information, is obtained through the analysis of the disassembly code. The program information extracted by the static analysis is stored in the elf_data file for use in the dynamic detection phase. In the dynamic detection stage, use the dynamic instrumentation platform PIN to run the program to be detected, and read the program information in the elf_data file for the detection of sensitive function calls and implementation conditions. The sensitive function information in the program information includes the sensitive function call address, and the sensitive function call detection mainly detects the match betwee...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software vulnerability detection method based on simulation attack. Function information related to sensitive operation is acquired through a static disassembling tool, and the processes of monitoring, attack simulation, attack influence analysis and the like are realized by using a dynamic inserting pile platform. The method mainly comprises the following steps: (1) executing static analysis to obtain program information; (2) dynamically executing a program, and detecting sensitive function calling; (3) analyzing an attack implementation condition; (4) executing simulation attack; (5) analyzing attack influences, and making a vulnerability judgment according to an attack influence result. In specific implementation, simulation attack is performed on the program by adopting a symbolic link, a corresponding vulnerability type is type I file access vulnerability, and through utilizing the vulnerability, a local attacker updates the program through the symbolic link to access a file as expected, so that access to file resources beyond the right of the attacker is realized.

Description

technical field [0001] The invention relates to the detection of software loopholes, in particular to a method for dynamic monitoring and detection of software loopholes combined with static analysis of programs and simulated attacks on the software to be detected. Background technique [0002] With the continuous development of information technology, software vulnerabilities, as one of the main threats to software system security, are becoming more and more serious. Attackers can use software vulnerabilities to access or damage the system without authorization, and even obtain the highest authority of the system. Most of the detection work for software vulnerabilities is concentrated on program analysis, and the vulnerability characteristics are extracted through static or dynamic analysis, so as to complete the vulnerability identification process. However, the use of program analysis for vulnerability detection lacks consideration of attack factors, so that the detected...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 曾庆凯杨继龙
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap