Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A buffer overflow vulnerability automatic utilization method based on path analysis

A buffer overflow and path analysis technology, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problem of not being able to find and repair vulnerabilities in time, difficult to accurately confirm the location and type of vulnerabilities, and speed up the repair. and other problems to achieve the effect of improving vulnerability scanning performance, reducing false negative rate, and improving accuracy

Active Publication Date: 2018-12-07
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Exploitation of vulnerabilities means that attackers can execute arbitrary codes or leak user information by constructing abnormal input. The location and type of vulnerabilities can be provided by exploiting vulnerabilities, which is convenient for speeding up the discovery of vulnerabilities and the speed of patch repairs, thereby mitigating the vulnerability of the program. The damage caused by the vulnerability, and there is no effective way to exploit the vulnerability. Usually, the binary code is manually audited, and the target program is exploited by dynamic debugging, so it is difficult to accurately confirm the vulnerability. Locations and types of vulnerabilities exist, and vulnerabilities cannot be discovered and patched in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A buffer overflow vulnerability automatic utilization method based on path analysis
  • A buffer overflow vulnerability automatic utilization method based on path analysis
  • A buffer overflow vulnerability automatic utilization method based on path analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention will be further described below in conjunction with the accompanying drawings and specific preferred embodiments, but the protection scope of the present invention is not limited thereby.

[0035] Such as figure 1 , 2 As shown, the method for automatically exploiting buffer overflow vulnerabilities based on path analysis in this embodiment, the steps include:

[0036] S1. Obtain program information of the target binary program;

[0037] S2. Traversing the target binary program using a symbolic execution method according to the obtained program information, searching for software vulnerabilities existing in the program, and obtaining path information of the searched software vulnerabilities;

[0038] S3. Obtain the environmental information of the current system, and generate the required utilization protocol to bypass system protection according to the acquired environmental information and program information;

[0039] S4. Solve according to th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a buffer overflow vulnerability automatic utilization method based on path analysis. The method comprises the following steps: S1, acquiring program information of a target binary program; S2, traversing the target binary program according to the obtained program information by using a symbol execution method, searching the software vulnerability existing in the program, and obtaining the path information of the searched software vulnerability; S3, acquiring the environmental information of current system, and according to the acquired environmental information and theprogram information, generating the required utilization protocol to bypass the system protection; S4, according to the path information of the software vulnerability and the generated exploit specification, obtaining a solution, and finally generating the needed exploit input. The method has the advantages of simple realization, automatic searching of software vulnerability and automatic generation of vulnerability utilization, automatic bypass of system protection, high automation degree and execution efficiency.

Description

technical field [0001] The invention relates to the technical field of binary executable program vulnerability scanning, in particular to a method for automatically exploiting buffer overflow vulnerabilities based on path analysis. Background technique [0002] In recent years, with the rapid development of global informatization, computer software has become an important engine for the world's economic, technological, military and social development. At the same time, software security issues have become increasingly prominent. Software vulnerabilities are one of the root causes of information security issues. With the continuous development of the Internet and software technology, the number of software vulnerabilities is increasing, and the resulting damage is also increasing, which may cause problems including information theft, resource control, system crashes, etc., posing a major threat. [0003] In order to ensure the safe and effective operation of the program witho...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 董威贾维熙徐鲁杭尹良泽陈立前陈振邦王戟
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com