Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Heap object Use-Afer-Free vulnerability detection method based on identifier consistency

A vulnerability detection and identifier technology, applied in platform integrity maintenance, instrumentation, computing, etc., can solve problems such as lack of and inability to detect Use-After-Free vulnerabilities, and achieve improved accuracy, low runtime overhead, and low memory. effect of overhead

Active Publication Date: 2021-03-12
NANJING UNIV OF SCI & TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For prediction-based dynamic detection methods, they are only suitable for detecting concurrent Use-After-Free vulnerabilities of multi-threaded programs, and cannot detect Use-After-Free vulnerabilities within a single thread of sequential programs and multi-threaded programs
Therefore, there is still a lack of a dynamic method that can effectively detect the use-after-free vulnerability of heap objects in C / C++ programs without being affected by memory reuse.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Heap object Use-Afer-Free vulnerability detection method based on identifier consistency
  • Heap object Use-Afer-Free vulnerability detection method based on identifier consistency
  • Heap object Use-Afer-Free vulnerability detection method based on identifier consistency

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0037]The invention is a heap object Use-After-Free vulnerability detection method based on identifier consistency, which takes the source code of C / C++ program as input and uses the detected heap object Use-After-Free vulnerability as output. In order to detect the heap object Use-After-Free vulnerability, first statically analyze the input C / C++ program to find the location of the code related to heap object allocation, pointer propagation and pointer dereferencing; after that, locate the relevant code location , perform code instrumentation on the C / C++ program to assign the same unique identifier to each allocated heap object and all pointers to that object and insert memory checks for pointer dereferences; finally, run the instrumented program , when the program is running, the instrumentation code will be executed to compare whether the object identifier of the pointer matches the identifier of the current object actually pointed to by the pointer, so as to detect whether...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a heap object Use-Ater-Free vulnerability detection method based on identifier consistency, which takes a source code of a C / C + + program as an input and takes a detected heapobject Use-Ater-Free vulnerability as an output. The method comprises the steps that firstly, static analysis is conducted on an input program, and code positions of heap object distribution, pointerpropagation and pointer dereferencing are found; thereafter, code instrumentation is performed on the program at these code locations to specify the same unique identifier for each assigned heap object and all pointers pointing to the object; and finally, the program subjected instrumentation is run, and an instrumentation code is executed in the program running process to compare whether the identifier of the pointer is matched with the identifier of the object actually pointed by the pointer or not, thereby judging whether a vulnerability exists or not. The method provided by the inventionhas the advantages of effectiveness and high efficiency, and can detect the heap object Use-After-Free vulnerability with lower performance overhead and memory overhead.

Description

technical field [0001] The invention belongs to the field of program analysis and testing, in particular to a heap object Use-After-Free vulnerability detection method based on identifier consistency. Background technique [0002] Low-level languages ​​such as C and C++ provide low-level management of heap memory, and developers can flexibly allocate and release heap objects on heap memory. Due to the flexibility and efficiency of C and C++ languages, a large number of system programs, such as browsers, databases, servers, etc., are developed using C and C++ languages ​​and are widely used in daily life. However, with the expansion of the program scale and the development of modular ideas, it is difficult for developers to allocate and release heap objects correctly all the time. Therefore, programs developed in C and C++ are prone to timing errors such as Use-After-Free vulnerabilities, which have become an important reason for insecurity in modern software systems. A res...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 宋巍桂滨法熊海龙
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com