Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Software Security Detection Method Based on the Combination of Vulnerability Model and Symbolic Execution

A symbolic execution and software security technology, applied in the field of computer software security testing, can solve problems such as insufficient vulnerability mining, achieve efficient software security vulnerability detection, improve software security, and high efficiency

Inactive Publication Date: 2018-02-16
THE PLA INFORMATION ENG UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Symbolic execution technology can effectively guide the input data into a certain area of ​​the program to be tested, and then still use the fuzzer to generate multiple samples in a local area for security testing. Although the efficiency of entering a specific area has been greatly improved, it is vulnerable to There are still deficiencies in sexual excavation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Software Security Detection Method Based on the Combination of Vulnerability Model and Symbolic Execution
  • A Software Security Detection Method Based on the Combination of Vulnerability Model and Symbolic Execution
  • A Software Security Detection Method Based on the Combination of Vulnerability Model and Symbolic Execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] Embodiment one, see figure 1 As shown, a software security detection method based on the combination of vulnerability model and symbolic execution includes the following steps:

[0023] Step 1. Load the input data into the program under test, and the input data drives the execution of the program under test to detect abnormalities;

[0024] Step 2. Determine whether the program path coverage requirement is met, and if so, end the test, otherwise, enter step 3;

[0025] Step 3. Symbolize the input data, determine the input point and the size of the input data, mark the symbolic variables in the symbolic execution, and define these symbolic variables as a set of original symbolic variables, the symbolic variables include the original symbolic variables and intermediate symbolic variables, intermediate symbols The variable is the symbolic variable represented by the original symbolic variable expression. When the program starts symbolic execution and actual execution, sym...

Embodiment 2

[0028] Embodiment two, see Figure 1~3 As shown, a software security detection method based on the combination of vulnerability model and symbolic execution includes the following steps:

[0029] Step 1. Load the input data into the program under test, and the input data drives the execution of the program under test to detect abnormalities;

[0030] Step 2. Determine whether the program path coverage requirement is met, and if so, end the test, otherwise, enter step 3;

[0031] Step 3. Symbolize the input data, determine the input point and the size of the input data, mark the symbolic variables in the symbolic execution, and define these symbolic variables as a set of original symbolic variables, the symbolic variables include the original symbolic variables and intermediate symbolic variables, intermediate symbols The variable is the symbolic variable represented by the original symbolic variable expression. When the program starts symbolic execution and actual execution, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a software security detection method based on combination of a vulnerability model and symbolic execution. The method comprises following steps of symbolizing input test data interacted by a program and an external environment; determining symbolic variables in a symbolic execution process; starting symbolic execution and actual execution; collecting path constraint conditions in the symbolic execution process; obtaining corresponding relationship information of the input data and a program operation path; according to the path constraint conditions, checking whether there is a code region possibly triggering a vulnerability or not; calculating a constraint condition capable of driving the program to be guided to the code region; according to the vulnerability ode, calculating a constraint condition possibly triggering the vulnerability; invoking an STP constraint solver to calculate the path constraint condition possibly triggering the vulnerability, thus obtaining input data possibly triggering the vulnerability; and loading the new input data in a to-be-tested program, thus carrying out a new round of test. According to the method, the program path through risk code region can be analyzed deeply; relatively accurate test input data is generated; the program vulnerability detection is triggered; and the software security is improved.

Description

technical field [0001] The invention relates to the technical field of computer software security testing, in particular to a software security testing method based on the combination of vulnerability model and symbolic execution. Background technique [0002] Software analysis is the basis for testing security issues such as software vulnerability and software malicious behavior. In order to deal with the security risks brought by software vulnerabilities, researchers have carried out research on software vulnerability analysis techniques. Existing technologies have been able to discover and repair certain vulnerabilities to a certain extent, providing an important support for the safe operation of software. In order to make up for the blindness and low test coverage caused by traditional fuzz testing, many researchers began to apply symbolic execution technology to the vulnerability mining process. Symbolic execution is an information flow analysis technique, which repla...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3676G06F11/3688G06F11/3692
Inventor 魏强曹琰柳晓龙武泽慧任开磊王允超
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products