Unlock instant, AI-driven research and patent intelligence for your innovation.

A vulnerability mining method and device based on a Qemu platform

A vulnerability mining and vulnerability technology, applied in the field of network security, can solve the problems of low efficiency of fuzz testing and achieve the effect of improving efficiency

Active Publication Date: 2019-03-29
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the object of the present invention is to provide a method and device for exploiting vulnerabilities based on the Qemu platform, so as to alleviate the technical problem of the low efficiency of fuzzing when the existing operating system is fuzzed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A vulnerability mining method and device based on a Qemu platform
  • A vulnerability mining method and device based on a Qemu platform
  • A vulnerability mining method and device based on a Qemu platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] According to an embodiment of the present invention, an embodiment of a vulnerability mining method based on the Qemu platform is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0027] figure 1 It is a method for mining vulnerabilities based on the Qemu platform according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:

[0028] Step S102, simulating multiple operating system processes, and monitoring whether each operating system process crashes during the simulation process;

[0029] Step S104, if there is no process crash in the operating system process, then obtain the fuzz test sample set se...

Embodiment 2

[0065] The present invention also provides a vulnerability mining device based on the Qemu platform, which is used to implement the vulnerability mining device based on the Qemu platform provided by the above-mentioned content of the embodiment of the present invention. The following is the vulnerability based on the Qemu platform provided by the embodiment of the present invention Specific introduction of excavation equipment

[0066] Such as Figure 4 As shown, the device includes: a simulation unit 10, an acquisition unit 20 and a test unit 30, wherein,

[0067] The simulation unit 10 is used to simulate a plurality of operating system processes, and monitor whether each operating system process crashes during the simulation process;

[0068] The acquisition unit 20 is used to obtain the fuzz test sample set sent by the AFL fuzz module if the operating system process does not crash, wherein the fuzz test sample set includes test samples;

[0069] The test unit 30 is used ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a vulnerability mining method and a device based on a Qemu platform, which relate to the technical field of network security. The method comprises the following steps: simulating a plurality of operating system processes, and monitoring whether each operating system process collapses in the simulation process; If the process of the operating system does not crash, obtainingthe fuzzy test sample set sent by the AFL fuzz module, wherein, the fuzzy test sample set comprises test samples; Based on the system call sequence number of the operating system, calling the test sample, and obtaining the test result by carrying out fuzzy test on the operating system using the test sample, which solves the technical problem of low efficiency of fuzzy test when the operating system is carried out fuzzy test.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for mining vulnerabilities based on the Qemu platform. Background technique [0002] With the popularization of the Android system in the mobile Internet era, the security of the Android system has been valued by the majority of security practitioners, and the security of the Android kernel is the most important thing. The Android kernel is modified based on the Linux kernel. System security testing and vulnerability mining efficiency can directly affect the vulnerability mining efficiency of the Android kernel. [0003] However, in the traditional fuzzing test of the Linux kernel, the scene where the operating system is installed on the physical machine is generally used for fuzzing testing. Because when the Linux kernel crashes, the operating system will generally restart or crash, and the restarting time of the physical machine is relatively long. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 张凯范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD