Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A binary program vulnerability mining method and system

A binary program and vulnerability mining technology, which is used in instrumentation, computing, electrical digital data processing, etc.

Active Publication Date: 2019-02-26
XIAN HUMEN NETWORK TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Only relying on static or dynamic methods to mine vulnerabilities in binary programs obviously has certain disadvantages. How to use a combination of dynamic and static methods to effectively mine vulnerabilities is a technical problem that technicians in this field need to solve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A binary program vulnerability mining method and system
  • A binary program vulnerability mining method and system
  • A binary program vulnerability mining method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] The embodiment of the present invention provides a binary program vulnerability mining method and system. see figure 1 As shown, the method includes the steps of:

[0070] Step S110, using the decompiler IDA to convert the binary program into assembly language, and performing static analysis on the assembly language level based on IDA to obtain a function flow diagram;

[0071] Step S111, converting assembly language into BIL language through the intermediate language platform BAP, and performing Promela model modeling on BIL language in combination with the analysis results of static analysis;

[0072] Step S112, building a vulnerability model and inserting it into the Promela model;

[0073] Step S113, introducing external C code to patch SPIN, and executing the Promela model based on the patched SPIN simulation to detect vulnerabilities;

[0074] Step S114, outputting detection results and vulnerability information.

[0075] The embodiment of the present inventio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a binary program vulnerability discovery method. The binary program vulnerability discovery method comprises steps of converting a target binary program into an assembly language, and carrying out static analysis to the assembly language; carrying out Promela model modeling to an intermediate language by combining the analysis result of the static analysis; establishing a vulnerability model and inserting the vulnerability model into the Promela model; introducing an external C code, simulating and executing the Promela model based on an SPIN, and detecting the vulnerability. The invention also provides a binary program vulnerability discovery system comprising a preprocessor module, a code conversion module and a model detection module. With respect to the binary program vulnerability discovery method and system, the intermediate language BIL is introduced to serve as a conversion bridge through which the binary program is converted into the Promela model, automatic modeling of the binary program is achieved, the embedded C function of the SPIN is employed to achieve simulation and execution, and the external C code is introduced to correct the defect of model detection. Experimental results show that the binary program vulnerability discovery method can effectively detect memory destructive vulnerabilities of binary programs.

Description

technical field [0001] The invention relates to the technical field of computer applications, in particular to a binary program vulnerability mining method and system. Background technique [0002] From the object of vulnerability mining, software vulnerability mining can be divided into two categories: one is vulnerability mining for source code; the other is vulnerability mining for binary programs. The biggest feature of source code vulnerability mining is that it has rich and complete semantic information. Therefore, vulnerability mining for source code is relatively easy. Vulnerabilities can generally be detected by static analysis, and during static analysis, since there is a clear program execution path, it usually has a high code coverage rate. [0003] However, the source code is not a binary program after all, and the security at the source code level does not mean the security of the binary program. The correspondence between the two cannot be verified. For exam...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 崔艳鹏胡建伟
Owner XIAN HUMEN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com