Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Dynamic symbol execution visualization method for vulnerability mining

A technology of dynamic symbolic execution and symbolic execution, which is applied in the fields of instruments, platform integrity maintenance, and electrical digital data processing. It can solve problems such as low traversal efficiency and inability to dynamically present symbols, so as to improve teaching experience and improve understanding. Effect

Active Publication Date: 2017-03-15
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned prior art, the purpose of the present invention is to provide a dynamic symbolic execution visualization method for vulnerability discovery, to solve the problem that symbolic execution cannot be dynamically presented in the process of vulnerability discovery in the prior art, and it is difficult to overcome the low traversal efficiency caused by the bottleneck of code coverage. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic symbol execution visualization method for vulnerability mining
  • Dynamic symbol execution visualization method for vulnerability mining
  • Dynamic symbol execution visualization method for vulnerability mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Most symbolic execution tools support writing third-party plug-ins, and open internal interfaces for plug-ins to use. The calling algorithm for this visualization will be implemented in the plug-in code. The algorithm in the plug-in can obtain the type of code currently being executed by the symbolic execution tool, detect whether it is a branch statement, and call the visualization tool for visualization once detected.

[0034] The specific execution process of symbolic execution visualization is as follows:

[0035] Start the vulnerability digger and symbolic execution visualizer

[0036] Symbolic execution visualizer waiting to be invoked

[0037] The vulnerability mining tool executes to the branch point

[0038] The vulnerability mining tool invokes the symbolic execution tree drawing module of the symbolic execution visualization tool to construct a branch node, and passes in branch information (branch position, branch condition, true and false value of the bra...

Embodiment 2

[0064] 1) Symbolic execution tree drawing module: This module builds and draws a symbolic execution tree, and once called, draws branch nodes from the root of the symbolic execution tree according to the incoming branch data. When the symbolic execution tool executes a branch, it will call this module, and input the branch location information (the memory address value where the branch is located), the branch condition, the true and false value of the branch condition during execution, and the test case used in this round; at the same time, it will also Some data will be automatically generated in the module, such as the depth of the branch node, the time information when the branch point is found, and so on. Then this module will store this information in the newly constructed branch node, and at the same time draw the branch node on the user interface in real time. The corresponding true or false branch of the branch node is connected to the next node until the program is ex...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a dynamic symbol execution visualization method for vulnerability mining, and relates to the technical field of symbol execution visualization. The technical problems that in the prior art, symbol execution cannot be dynamically presented in the vulnerability mining process, and the low traversal efficiency caused by a code coverage bottleneck is difficult to overcome are solved. The method mainly comprises the steps that a vulnerability mining tool and a symbol execution visualization tool are started; the symbol execution visualization tool is set in the state of waiting to be called, and the vulnerability mining tool is executed to branch points; the vulnerability mining tool calls a symbol execution tree drawing module of the symbol execution visualization tool to construct branch nodes and then sends branch information to the branch nodes; overall statistic data of all the current branch nodes is updated through a data statistics module of the symbol execution visualization tool; in the overall statistic data, the symbol execution tree drawing module creates next branch nodes and sets the positions of the branch nodes according to calling data and branch information. The method is used for symbol execution visualization.

Description

technical field [0001] The invention relates to the technical field of symbolic execution visualization, in particular to a dynamic symbolic execution visualization method for exploiting vulnerabilities. Background technique [0002] Nowadays, the development of the field of software testing is more and more inclined to use automatic test generation technology to improve the efficiency of software testing. This technology has been industrially applied to a large number of software development projects. There are some methods to maintain automatic test generation by automatically generating test cases from source code, one of which is symbolic execution. Symbolic execution is a program analysis technique that collects constraints during execution and uses constraint expressions to represent code execution paths. By reversing constraints and solving them, test cases that can reach the corresponding new paths can be calculated. Repeating this process can gradually cover Differ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3676G06F11/3688G06F21/577G06F2221/033
Inventor 张小松陈厅张泽亮牛伟纳陈瑞东朱迦南全威龙王中晴周旷
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com