Program exception analysis method based on dynamic stain propagation

A program exception and analysis method technology, applied in the field of network security, can solve problems such as staying on the surface, unable to deal with packer confusion, anti-debugging ability target software, insufficient analysis depth, etc., to achieve the effect of improving analysis efficiency

Active Publication Date: 2019-04-05
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] To sum up, the main drawbacks of the current program exception analysis method are: relying on debuggers and a large number of analysts, unable to deal with target software with packer obfuscation and ant

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program exception analysis method based on dynamic stain propagation
  • Program exception analysis method based on dynamic stain propagation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

[0034] Such as figure 1 As shown, a program anomaly analysis method based on dynamic taint propagation, including steps:

[0035] 1. Configure the virtualization environment

[0036] The present invention adopts the dynamic virtualization technology. Firstly, it is necessary to install the virtual machine operating system for running the target program, install and deploy the target program in the virtual machine operating system, import the input data files that cause abnormalities, and configure the required software and hardware environment for operation. network environment and other conditions.

[0037] 2. Dynamically run the target program

[0038] The present invention adopts a dynamic analysis method, uses a vi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a program exception analysis method based on dynamic stain propagation, which comprises the following steps of: dynamically running a target program in a virtualization environment, monitoring a target process of the target program and recording execution sequence information; Marking the input data causing the abnormity of the target program as a stain source, and performing stain propagation analysis according to the instruction semantics of the instruction executed by the target process to obtain stain state information of a memory; Identifying a memory access exception in the running process of the target program, extracting an exception position of an exception instruction, and detecting an operand of the exception position and a stain state of a register according to stain state information of the memory; If the operands and the registers are polluted, positioning error points through stain backtracking; And otherwise, carrying out reverse slice analysis onthe register, finding out a related data link, carrying out heap overflow detection and UAF detection on each node on the data link, and positioning an error point through comparative analysis.

Description

technical field [0001] The invention belongs to the technical field of network security, and specifically relates to a method for analyzing abnormalities or loopholes of binary programs and locating error points on a virtualization platform based on data flow analysis of dynamic stain propagation. Background technique [0002] With the continuous improvement of program functions, scale, and complexity and the intensification of update iteration speed, as well as the lack of security awareness of software developers, software vulnerabilities have seriously threatened the security of cyberspace, and the damage caused by them has become increasingly serious. The harm of the vulnerability is initially manifested in the crash and exception of the program, and most of these crashes and exceptions are caused by memory access exceptions. Currently, memory access exceptions include memory read exceptions, write exceptions, and execution exceptions. Common causes include null pointer ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 黄桦烽杨轶聂楚江苏璞睿和亮
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap