Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Symbolic execution scheduling method and system for vulnerability path priorities

A technology of symbolic execution and scheduling method, applied in the field of power information security, can solve problems such as memory exhaustion, computer occupation, path explosion, etc., to achieve the effect of efficient discovery, efficient vulnerability paths, and reduced calculation amount

Active Publication Date: 2020-08-25
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +3
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In power grid network assets, applications such as power distribution systems are mostly C / S architectures (for example: power distribution network security monitoring system), there is a large demand for binary program vulnerability mining, relying on the manual work of individual professionals. Mining is difficult to satisfy in terms of efficiency
[0003]At present, the analysis and mining of binary program vulnerabilities usually use the method of combining symbolic execution and constraint solving. Due to the problems of path explosion and incomplete path coverage in symbolic execution, the path Explosion is the biggest problem encountered by symbolic execution at present, because there are too many executable paths in the program. If each path is detected by symbolic execution, a large number of symbol states will be generated and need to be maintained in memory, which will occupy a large amount of computer memory resources, resulting in memory exhaustion and interrupted symbolic execution
If all code paths are randomly selected and vulnerability mining is performed, it will take a long period of time. For binary programs, there may be multiple reachable paths to the location of the vulnerability point, and the difficulty of each code path triggering the vulnerability is different. Similarly, the later the vulnerability is discovered, the greater the loss for commercial software
In actual use, symbolic execution can only test shallow code, and the vulnerability path is not fully covered, which increases the amount of calculation and calculation time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Symbolic execution scheduling method and system for vulnerability path priorities
  • Symbolic execution scheduling method and system for vulnerability path priorities
  • Symbolic execution scheduling method and system for vulnerability path priorities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] The embodiment of the present invention provides a vulnerability path priority symbolic execution scheduling method, which can be applied to the field of electric power information security technology, such as figure 1 shown, including the following steps:

[0051] Step S1: Obtain the readable text of the reverse compilation of the binary program to be exploited for vulnerabilities, and divide the readable text into multiple fragments, wherein each fragment contains at least one basic block.

[0052] In the embodiment of the present invention, a segment is divided based on a function, a function is divided into a segment, and a basic block is the smallest division unit. In a basic block, there is only one program execution entry and exit, and there is no branch.

[0053] Step S2: Calculate the complexity of each basic block, and calculate the complexity of the segment according to the complexity of each basic block.

[0054] In the embodiment of the present invention, ...

Embodiment 2

[0079] The embodiment of the present invention provides a symbolic execution scheduling system with vulnerability path priority, such as figure 2 shown, including:

[0080] Text acquisition module 1 is used to reverse compile the binary program to be exploited into readable text, and divide the readable text into multiple segments, wherein each segment contains at least one basic block; this module implements the The method described in step S1 will not be repeated here.

[0081] The segment complexity calculation module 2 is configured to calculate the segment complexity according to the complexity of each basic block; this module executes the method described in step S2 in Embodiment 2, which will not be repeated here.

[0082] The complexity calculation module 3 of the program execution path is used to calculate the complexity of the program execution path by using the complexity of the segments passed by the program execution path; this module executes the method describ...

Embodiment 3

[0087] An embodiment of the present invention provides a terminal, such as image 3 As shown, it includes: at least one processor 401 , such as a CPU (Central Processing Unit, central processing unit), at least one communication interface 403 , memory 404 , and at least one communication bus 402 . Wherein, the communication bus 402 is used to realize connection and communication between these components. Wherein, the communication interface 403 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 403 may also include a standard wired interface and a wireless interface. The memory 404 may be a high-speed RAM memory (Ramdom Access Memory, volatile random access memory), or a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 404 may also be at least one storage device located away from the aforementioned processor 401 . Wherein, the processor 401 may execute the method for sc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a symbolic execution scheduling method and system for bug path priorities, and the method comprises the steps: enabling a to-be-mined bug binary program to be reversely compiled into a readable text, dividing the readable text into a plurality of segments, and enabling each segment to comprise at least one basic block; analyzing the complexity of the basic blocks with highvulnerability potentiality; combining the complexity of fragments and the complexity of program execution paths with vulnerability existence factors to calculate the priorities of the program execution paths where suspected vulnerability points are located, sorting the priorities, scheduling symbolic execution testing according to the priorities of the program execution paths, so that path guidance is provided for efficient symbolic execution, and vulnerability paths can be found quickly and efficiently.

Description

technical field [0001] The invention relates to the technical field of electric power information security, in particular to a method and system for symbolic execution scheduling of vulnerability path priority. Background technique [0002] With the rapid development of social economy, source code-oriented application vulnerability mining technology has developed significantly. The mandatory requirement of security penetration testing before going online can effectively discover some loopholes in the application and improve the security of the application. However, source code-oriented application vulnerability mining also has some shortcomings. Since high-level languages ​​(C language, Java, etc.) Vulnerabilities are introduced for a variety of reasons, making these newly introduced vulnerabilities difficult to detect. However, vulnerability mining for binary programs is language-independent and does not require program source code, and does not need to be compiled and link...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F8/41G06F8/74G06F21/57
CPCG06F11/3616G06F8/41G06F8/74G06F21/577
Inventor 席泽生张波林为民张涛孙歆马媛媛邵志鹏周诚陈牧管小娟戴造建李勇
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com