A method of mining and analyzing information security vulnerabilities

Abstract

The invention discloses a method of mining and analyzing information security vulnerabilities. The method comprises the following steps: establishing a configuration file for an object program, wherein a series of stain analysis strategies are described in the configuration file; starting object program by a dynamic binary pile insertion frame Pin, and initializing the dynamic pile insertion analysis tool PinTool; analyzing the conditional transfer instructions of the target program through the PinTool, and generating the control flow chart and control dependency information data for the target program. The staked object accesses PinTool and user-defined library files to complete the marking of the stain flow, propagation and vulnerability detection. The invention realizes the propagationof stain marks from two aspects of data flow and control flow. The invention can detect and prevent external untrusted data from being used for unsafe data operation, does not need to analyze the source code of the target program, has low computational load, is suitable for commercial software without open source, can defend the secondary attack based on the same vulnerability by extracting the signature, and has lower rate of omission and false positives than the existing vulnerability detection technology.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for mining and analyzing information security loopholes. Background technique [0002] With the rapid development of the Internet industry, the scale and complexity of software systems are constantly increasing, but at the same time, it inevitably leads to the emergence of more and more security vulnerabilities, among which the most representative one is buffer overflow. Vulnerabilities, format string vulnerabilities, SQL injection vulnerabilities, and cross-site scripting vulnerabilities, etc., attackers can use these vulnerabilities to change the original execution process of the program, execute the attacker's own malicious code, destroy user programs or steal user sensitive information. Although in-depth research on vulnerability attack detection has been carried out at home and abroad, there are still many shortcomings in these technologies. For example, the dete...

AI Technical Summary

Problems solved by technology

[0002] With the rapid development of the Internet industry, the scale and complexity of software systems are constantly increasing, but at the same time, it inevitably leads to the emergence of more and more security vulnerabilities, among which the most representative one is buffer overflow. Vulnerabilities, format string vulnerabilities, SQL injection vulnerabilities, and cross-site scripting vulnerabilities, etc. Attackers can use these vulnerabilities to change the original execution process of the program, execute the attacker's own malicious code, destroy user programs or steal user sensitive information

Although in-depth research on vulnerability attack detection has been carried out at home and abroad, there are still many shortcomings in these technologies. For example, the detection technology based on dynamic tracking of taint information during program compilation cannot detect applications written in non-type-safe languages. Program; detection technology based on source code analysis cannot detect vulnerability attacks against third-party libraries, and lacks support for runtime information, resulting in a high rate of false positives and false negatives

Images