Unlock instant, AI-driven research and patent intelligence for your innovation.

Taint analysis framework and method supporting correlation analysis between data

A technology of taint analysis and association analysis, which is applied in the field of network and information security, can solve problems such as inability to deal with multi-taint tags, inability to perform playback performance loss, etc., to avoid the data integration process, reduce performance overhead, and achieve the effect of analysis efficiency

Active Publication Date: 2021-07-27
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF12 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Aiming at the defects and problems existing in the current binary program dynamic taint analysis framework that cannot handle multi-taint labels, multi-taint sources, multi-sink points, cannot be played back, and performance loss is large, the present invention provides a taint that supports correlation analysis between data Analytical method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Taint analysis framework and method supporting correlation analysis between data
  • Taint analysis framework and method supporting correlation analysis between data
  • Taint analysis framework and method supporting correlation analysis between data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Embodiment 1: This embodiment provides a taint analysis framework that supports correlation analysis between data for binary programs, such as figure 1 As shown, the framework includes four parts, namely, the program execution track recording module, the data flow restoration module, the general taint analysis module and the data domain association analysis module; the program execution recording module is used to record the track information during the program running process; The data flow restoration module is used to restore the complete data flow propagation process of the program using the recorded program running track information; the general taint analysis interface module provides a general taint analysis interface; the data domain correlation analysis module is used to perform taint correlation analysis on multiple data domains . Each module is described in detail below.

[0041] 1. Program Execution Recording Module: online record the information content of...

Embodiment 2

[0061] Embodiment 2: This embodiment provides a taint analysis method that supports correlation analysis between data domains, and the method includes the following steps:

[0062] Step 1. Record program execution track: Use dynamic binary instrumentation technology to perform instrumentation after each module of the analyzed program is loaded, when a new thread is created, when a basic block is analyzed, when a basic block is executed, and before and after API calls. Information such as the image of each module loaded in the program, the initial context of the thread, the content of the basic block instruction, the execution sequence of the basic block, and the API call.

[0063] Step 2: Use the recorded program running information to restore the complete data flow propagation process: use the recorded program module image, initialize the context of the simulated execution according to the recorded thread initial context, and simulate and execute each one in turn according to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network and information security, and particularly relates to a taint analysis framework and method supporting correlation analysis between data. The taint analysis method comprises the following steps: firstly, the program execution track recording module records basic information of a program execution process, the data stream restoring module restores and records a complete data stream in the program execution process, and the universal taint analysis module provides a universal taint analysis interface; the data field association analysis module provides a method for quickly performing taint association analysis between data fields. By means of the invention, on the basis of one-time execution of a program, the playback analysis capacity and the efficient inter-data-domain taint correlation analysis capacity can be achieved, and the universality and efficiency of taint analysis can be further improved.

Description

technical field [0001] The invention belongs to the technical field of network and information security, and in particular relates to a stain analysis framework and method supporting correlation analysis between data. Background technique [0002] Taint analysis is a commonly used software analysis technology. It has been researched and applied in the field of information security. Typical applications include malicious code analysis, software vulnerability analysis, and network attack behavior detection. [0003] Taint analysis is to mark the "interesting" data as taint data in the process of program analysis. By setting the taint source (Source point), track the propagation path of the data in the process of program execution, and detect whether the taint data can finally reach the convergence point ( Sink point). Taint analysis includes three important contents: taint source, the location where taint data is introduced, and taint source is the starting point of taint ana...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3636G06F11/3624G06F11/3644
Inventor 舒辉康绯杨盼熊小兵赵耘田杨巨
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com