Binary program-oriented heap overflow detection method

A binary program and detection method technology, applied in the field of network security, can solve problems such as unsatisfactory efficiency, achieve the effect of preventing missed reports, reducing potential harm, and ensuring operating efficiency

Inactive Publication Date: 2018-02-23
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In view of the unsatisfactory efficiency of existing heap overflow detection methods and the lack of dependence on source code, the purpose of the present invention is to propose a heap overflow detection method for binary programs, through dynamic monitoring of heap allocation during program operation and Heap pointer, identifying out-of-bounds behavior during all heap access operations, so as to complete the detection of heap overflow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary program-oriented heap overflow detection method
  • Binary program-oriented heap overflow detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The technical scheme of the present invention will be described in detail below in conjunction with the drawings:

[0032] Such as figure 1 As shown, in one embodiment, a binary program-oriented heap overflow detection method is provided, which includes the following steps:

[0033] 1. Monitor program dynamic heap allocation, release and other behaviors;

[0034] Real-time record according to the call situation of heap management operation functions such as heap allocation, release, and reallocation during the running of the program, and related heap allocation (including reallocation), released size, heap starting address and other heap management operation information Make a record.

[0035] First of all, through program dynamic monitoring technology, obtain heap allocation (including reallocation), release and other behaviors, and on the basis of heap operation behavior records.

[0036] Specifically, the present invention uses heap information HeapInfo=(ThreadID, HeapBase, H...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a binary program-oriented heap overflow detection method. The method comprises the following steps: recording relevant heap management operation information according to the calling situation of a heap management operation function in a program running process; generating taint information according to the heap management operation information, and associating the taint information with the heap management operation information; dynamically monitoring all operations related to the taint information in the program running process by means of dynamic transmission of the taint information; if the taint data is found to be used in a command, taking the command as a heap overflow judgment command; determining the actual access memory address of the command according to the taint data, and judging whether the memory address has heap overflow or not. By dynamically monitoring the heap allocation and heap pointers in the program running process, the out-of-bounds behaviors in all heap access operation processes are identified, so that heap overflow detection is completed.

Description

Technical field [0001] The invention belongs to the technical field of network security, and specifically relates to a binary program-oriented heap overflow detection method. Background technique [0002] There are many types of existing software vulnerabilities, and program buffer overflow vulnerabilities are currently the most common and most exploitable type of vulnerabilities. They can be divided into stack overflow vulnerabilities and heap overflow vulnerabilities according to different buffer memory. Among them, stack overflow vulnerabilities are the oldest type of overflow vulnerabilities. There have been quite a wealth of research results on the mining, defense, and exploitability analysis of this type of vulnerabilities. For heap overflow vulnerabilities, due to the complexity of the heap's own structure The dynamic characteristics of performance and heap allocation are currently hot and difficult issues in the field of software vulnerability research for related vulnera...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 和亮苏璞睿杨轶闫佳黄桦烽贾相堃
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap