A program anomaly analysis method based on dynamic taint propagation

A technology of program exception and analysis method, which is applied in the field of network security, can solve problems such as staying on the surface, insufficient analysis depth, inability to deal with packing confusion, anti-debugging ability target software, etc., and achieve the effect of improving analysis efficiency

Active Publication Date: 2021-04-27
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] To sum up, the main drawbacks of the current program exception analysis method are: relying on debuggers and a large number of analysts, unable to deal with target software with packer obfuscation and anti-debugging capabilities, the depth of analysis is not enough, it stays at the surface, and cannot effectively analyze the abnormality caused by it deeply. root cause, has certain dependencies on the source code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A program anomaly analysis method based on dynamic taint propagation
  • A program anomaly analysis method based on dynamic taint propagation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

[0034] like figure 1 As shown, a program anomaly analysis method based on dynamic taint propagation, including steps:

[0035] 1. Configure the virtualization environment

[0036] The present invention adopts the dynamic virtualization technology. Firstly, it is necessary to install the virtual machine operating system for running the target program, install and deploy the target program in the virtual machine operating system, import the input data files that cause abnormalities, and configure the required software and hardware environment for operation. network environment and other conditions.

[0037] 2. Dynamically run the target program

[0038] The present invention adopts a dynamic analysis method, uses a virtu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a program abnormal analysis method based on dynamic taint propagation. The steps include: dynamically running a target program in a virtualized environment, monitoring the target process of the target program and recording execution sequence information; The input data is marked as a taint source, and the taint propagation analysis is performed according to the instruction semantics of the instructions executed by the target process, and the taint state information of the memory is obtained; the memory access exception during the running process of the target program is identified, and the exception of the abnormal instruction is extracted. location, according to the taint state information of the memory, detect the taint state of the operand and register at the abnormal position; if the operand and register are polluted, locate the error point through taint backtracking; otherwise, perform reverse engineering on the register Slice analysis to find out the relevant data link, and perform heap overflow detection and UAF detection on each node on the data link, and locate the error point through comparative analysis.

Description

technical field [0001] The invention belongs to the technical field of network security, and specifically relates to a method for analyzing abnormalities or loopholes of binary programs and locating error points on a virtualization platform based on data flow analysis of dynamic stain propagation. Background technique [0002] With the continuous improvement of program functions, scale, and complexity and the intensification of update iteration speed, as well as the lack of security awareness of software developers, software vulnerabilities have seriously threatened the security of cyberspace, and the damage caused by them has become increasingly serious. The harm of the vulnerability is initially manifested in the crash and exception of the program, and most of these crashes and exceptions are caused by memory access exceptions. Currently, memory access exceptions include memory read exceptions, write exceptions, and execution exceptions. Common causes include null pointer ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 黄桦烽杨轶聂楚江苏璞睿和亮
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap