An android system heap overflow vulnerability verification method and device

A vulnerability and system process technology, applied in the field of information security, to achieve the effect of good scalability, high accuracy and strong pertinence

Active Publication Date: 2019-09-27
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This scheme verifies the stack overflow vulnerability of binary software. The implementation mechanism and memory layout of the stack memory space and the heap memory space are very different, so this scheme is not suitable for the heap overflow vulnerability.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An android system heap overflow vulnerability verification method and device
  • An android system heap overflow vulnerability verification method and device
  • An android system heap overflow vulnerability verification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0023] In the Android system, an instance of a C++ object is usually allocated in the heap memory space. If this C++ object implements virtual functions, its basic layout in memory is as follows figure 1 as shown, figure 1 A schematic diagram of the memory layout of a C++ object with virtual functions.

[0024] It can be seen that the instance of this C++ object is allocated in the heap memory space, and the virtual function table pointer of the four-byte length is stored in the starting position of the memory. Other data such as member variables are allocated behind this virtual function table pointer. The virtual function table pointer points to a virtual function ta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a heap overflow vulnerability verification method and apparatus for an Android system. The apparatus comprises a vulnerability detection module, an utilization judgment module and an utilization verification module, wherein the vulnerability detection module is used for filling a heap buffer area with a first input sample and detecting whether heap overflow occurs or not to determine existence of a heap overflow vulnerability; the utilization judgment module is used for filling the heap buffer area with a second input sample according to a result of the vulnerability detection module and triggering crash of a system process of the Android system through an executive vulnerability to determine a possibility that the heap overflow vulnerability is utilized; and the utilization verification module is used for filling the heap buffer area with a third input sample according to a result of the utilization judgment module and controlling an executive process of the system process of the Android system through the executive vulnerability to verify the utilizability of the heap overflow vulnerability. According to the method and the apparatus, whether the Android system has a specific heap overflow vulnerability or not and whether the heap overflow vulnerability can be utilized by an attacker or not can be effectively judged, and the security risk of the Android system due to the heap overflow vulnerability can be assessed, so that the system security is improved.

Description

technical field [0001] The present invention relates to the technical field of information security, and relates to a method for verifying a heap overflow vulnerability of an operating system of a mobile intelligent terminal, and more specifically, to a method for verifying a heap overflow vulnerability of an Android system. Background technique [0002] With the rapid development of the mobile Internet, the Android system has become the mobile smart terminal operating system with the highest market share in the world. Smart devices based on the Android system, as a medium for users' daily social communication and mobile office, store a large amount of user privacy information and sensitive data, so they are easy to become the main target of malicious attacks. [0003] In recent years, the Android system has continuously exposed various vulnerabilities, seriously affecting the security of the system itself, and threatening the data, business and code security of the upper-la...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
Inventor 朱大立李莹冯维淼郭辰阳邓习海
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap