Compiler security test method based on system structure cross check

An architecture and cross-checking technology, applied in the field of compiler security testing, which can solve the problems of unable to find the architecture, unable to find unknown types, difficult to be migrated, etc.

Active Publication Date: 2021-12-24
NANJING UNIV
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This leads to the fact that these methods require prior knowledge and cannot detect unknown types of problems
[0011] 2. It is difficult to address the problems related to the architecture
On the one hand, the existing targeted static methods do not consider the architecture-related compiler optimization behavior, and cannot find architecture-related problems at all.
On the other hand, dynamic methods still face the following problems: (1) The deployment of multi-architecture is difficult: many methods are difficult to be migrated to multi-architecture environments because of their high dependence on architecture-related infrastructure; (2) ) The workload of duplicate detection is too large: the dynamic analysis of binaries with different architectures of the same source code must be independent. If multiple architectures are considered, the analysis amount will be greatly increased (many of which are repeated), making the inherent coverage of dynamic methods rate problem is more serious

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Compiler security test method based on system structure cross check
  • Compiler security test method based on system structure cross check
  • Compiler security test method based on system structure cross check

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0078] like figure 1 As shown, it is the compilation process of the pile compiler. Collect representative instruction information, IR level control flow information, IR and binary code basic block level corresponding information, and store this information into the customization of the relevant instructions. Debug information.

[0079] like figure 2 As shown, discriminate the change in the semantic state of the security-related instructions and the cross-check of the architecture. The BISF (Back-Endependent Semantic Fragment) is modeled and positioned in accordance with the method of the present invention. On the basis of being positioned to security related code, the security related code is correspondingly related to the secure correlation code in the binary code of different architectures. Finally, cross-check and analyze confirmation of real security issues.

[0080] The test case of the test compiler of the present invention is the source code of common large-scale open sourc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a compiler security test method based on system structure cross check. The method is used for detecting software security vulnerabilities introduced when a compiler compiles common open source software into different system structure binary codes. Due to the fact that the changes of the safety related codes before and after compiling meet the system structure consistency, the software vulnerabilities introduced by the compiler can be detected by comparing the changes and conducting system structure cross check. The method comprises the following steps of: modeling and positioning a safety related instruction, corresponding to an IR (Intermediate Representation) code and a binary code, judging the change of a semantic state of the safety related instruction, and carrying out cross check on a system structure. By means of the method, efficient and accurate positioning of the software security vulnerabilities introduced by the compiler is achieved.

Description

Technical field [0001] The present invention relates to a compiler safety test method based on an architecture cross-check. Background technique [0002] Software Vulnerability refers to a threat to the system security, confidentiality, integrity, availability, access control of the system or its application data. Compiler is a computer program that is widely used to convert source code written in some programming language into binary files used to actually run. [0003] Software vulnerabilities typically come from the source program itself, can be positioned to the software source code related errors. However, in recent years, more and more software security vulnerabilities have not been present directly in the source code, but is introduced by the compiler in the compiler. [0004] Each architecture is likely to have a question introduced by its compiler. The rear end of the compiler of each architecture is independent of each other, there are many proprietary code generation a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F8/52
CPCG06F11/3624G06F11/3688G06F8/52Y02D10/00
Inventor 徐坚皓丁柱茅兵
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products