Public component library vulnerability availability analysis method and device based on symbolized taint analysis

Public component library vulnerability availability analysis method and device based on symbolized taint analysis

The invention discloses a common component library vulnerability availability analysis method and device based on symbolized taint analysis. The method comprises the following steps: performing dynamic binary instrumentation on a binary program of a common component library by adopting Pin; performi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: TAKEZAWA KEI, WANG YUNCHAO, YUAN HUIJIE, HUANG HUIHUI, WEI QIANG, ZONG GUOXIAO, WANG XINLEI, ZHOU GUOMIAO
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a common component library vulnerability availability analysis method and device based on symbolized taint analysis. The method comprises the following steps: performing dynamic binary instrumentation on a binary program of a common component library by adopting Pin; performing taint marking on a Crash file generated by the fuzzy test facing the public component library, analyzing a path of calling the public component library by the instrumented binary program by adopting forward taint analysis, and analyzing a vulnerability position from the Crash file to the public component library by adopting reverse taint analysis; performing information extraction in combination with forward and reverse taint analysis; and designing an availability analysis rule according to the extracted information, dividing the availability into direct availability, possible availability and unavailability, and evaluating the availability of the public component library vulnerabilities. According to the metho