Password misuse vulnerability detection method and system based on Petri net

Abstract

The invention belongs to the technical field of network information security, and in particular relates to a password misuse vulnerability detection method and system based on a Petri net. The methodcomprises the following contents: generating a key security vulnerability detection model based on a known key security vulnerability, and establishing a detection rule library for storing vulnerability detection rules; extracting API running information in an encrypted application program; performing taint analysis on a password API sequence to generate a colored Petri net description file; and performing password misuse vulnerability detection by combining the vulnerability detection rules with the colored Petri net description file. According to the password misuse vulnerability detection method and system provided by the invention, on the basis of analysis of a password API function calling method, automatic tracking, monitoring and recording of the runtime information of an API related function can be achieved by means of a dynamic binary pile insertion method, a parameter incidence relation between different password functions is identified based on binary analysis, the detectionefficiency is greatly improved, the pertinence is high, the identification rate is high, and it is of important guiding significance for the network information security technology.

Description

technical field [0001] The invention belongs to the technical field of network information security, in particular to a Petri net-based password misuse vulnerability detection method and system. Background technique [0002] With the development of information security and encryption technology, more and more applications use encryption to protect data security. Although the original design of the cryptographic algorithm usually undergoes professional analysis and testing, and its own security is guaranteed to a certain extent, in the actual application and implementation of the cryptographic algorithm, developers need to choose appropriate parameters, configurations, strategies, and consider Performance optimization, and errors in any link in these implementation steps may destroy the security protection provided by the cryptographic algorithm itself, thereby causing corresponding loopholes. MIT's statistical research on 269 password-related vulnerabilities in the CVE vuln...

AI Technical Summary

Problems solved by technology

At present, the two detection methods for password misuse vulnerabilities have problems to a certain extent: 1) For reverse analysis methods, although there are many reverse analysis tools available for analysts, these tools themselves cannot provide information about The direct conclusion of vulnerability detection needs to rely on manual analysis of the reverse results of each target sample and finally draw a conclusion. The correctness of the conclusion depends heavily on the skills and experience of ...

Images