Efficient method and device for judging reuse vulnerabilities after software program release

A technology of software program and determination method, which is applied in the field of network security to achieve the effect of improving determination efficiency, improving detection and protection capabilities, and improving performance problems

Active Publication Date: 2020-09-04
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the efficiency of existing software program reuse vulnerability determination methods after release and the dependence on the heap manager, the purpose of the present invention is to propose an efficient software program reuse vulnerability determination method after release, which is applicable to binary code and source code, through Dynamic monitoring of instruction records, crash instructions, and heap operation-related behaviors during program running, and reverse-backtracking analysis starting from crash instructions, so as to complete the efficient detection of reuse-after-free vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Efficient method and device for judging reuse vulnerabilities after software program release

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The technical scheme of the present invention is described in detail below in conjunction with accompanying drawing:

[0032] This embodiment provides an efficient binary program reuse determination method, including the following steps:

[0033] 1. Monitor every instruction in the process of program crash and the instruction at the time of crash

[0034] Through the program dynamic monitoring technology, the instruction execution record set InsnTrace={(TraecID, Instruction, OperandAddress, OperandValue, ThreadID)} and the program crash information CrashInfo=(TraecID, Instruction, OperandAddress, OperandValue, ThreadID) are obtained. Among them, TraceID indicates the record ID corresponding to the instruction, Instruction indicates the specific assembly form of the instruction, OperandAddress indicates the memory address of the instruction operand, if it is a register, it needs to be mapped to a specific memory, OperandValue indicates the value of the instruction operan...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an efficient method and device for judging reuse vulnerability after software program release. The method mainly comprises the following steps: (1) enabling a program to crashin a running process by utilizing a known vulnerability triggering sample, and recording all executed instructions from the start of running of the program to the occurrence of crash; (2) recording all heap management operation behaviors in real time according to a calling condition of a system function in a program running process; (3) adopting a reverse dynamic taint propagation technology, andperforming forward backtracking on a propagation instruction set related to the crash instruction from the time when the program crashes; and (4) carrying out association analysis, finding out an object assignment moment related to the crash instruction, finding out a corresponding object allocation and release period on the basis of the object assignment moment, further judging whether the objectis released when crash occurs, and if yes, indicating that a reuse vulnerability after release exists. According to the method, the detection and protection capability of the released reuse vulnerability in the actual environment can be improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an efficient method and device for judging vulnerabilities of reused software programs after release. Background technique [0002] Although the current fuzz testing technology can discover a large number and variety of software vulnerabilities more and more quickly, the reuse-after-free vulnerability is currently recognized as the most common and most exploitable type of vulnerability. , making this type of vulnerability extremely powerful in destroying network and system security. Although there are many schemes for the detection and determination of reuse-after-free vulnerabilities, the common feature of these schemes is that they need to start from the normal execution of the program and record the dynamic allocation, use, release, and reallocation of a large number of objects. The detection and judgment efficiency of the reuse-after-free vulnerability i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577Y02D10/00
Inventor 和亮苏璞睿杨轶闫佳黄桦烽
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap