CN102081719B - 基于动态污染传播的软件安全测试系统及方法 - Google Patents
基于动态污染传播的软件安全测试系统及方法 Download PDFInfo
- Publication number
- CN102081719B CN102081719B CN200910252813.9A CN200910252813A CN102081719B CN 102081719 B CN102081719 B CN 102081719B CN 200910252813 A CN200910252813 A CN 200910252813A CN 102081719 B CN102081719 B CN 102081719B
- Authority
- CN
- China
- Prior art keywords
- software
- rule
- testing
- data
- detected rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910252813.9A CN102081719B (zh) | 2009-12-01 | 2009-12-01 | 基于动态污染传播的软件安全测试系统及方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910252813.9A CN102081719B (zh) | 2009-12-01 | 2009-12-01 | 基于动态污染传播的软件安全测试系统及方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102081719A CN102081719A (zh) | 2011-06-01 |
CN102081719B true CN102081719B (zh) | 2015-05-20 |
Family
ID=44087677
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910252813.9A Active CN102081719B (zh) | 2009-12-01 | 2009-12-01 | 基于动态污染传播的软件安全测试系统及方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102081719B (zh) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102651062B (zh) * | 2012-04-09 | 2014-06-18 | 华中科技大学 | 基于虚拟机架构的恶意行为跟踪系统和方法 |
BR112015004035A2 (pt) | 2012-08-29 | 2017-07-04 | Hewlett Packard Development Co | sistema de computação, meio de armazenagem não transitório lido por máquina armazenando instruções e método |
US20140130153A1 (en) * | 2012-11-08 | 2014-05-08 | International Business Machines Corporation | Sound and effective data-flow analysis in the presence of aliasing |
CN103440201B (zh) * | 2013-09-05 | 2016-05-18 | 北京邮电大学 | 动态污点分析装置及其在文件格式逆向解析中的应用 |
CN103714288B (zh) * | 2013-12-26 | 2016-05-25 | 华中科技大学 | 一种数据流跟踪方法 |
CN104750602B (zh) * | 2013-12-27 | 2018-04-27 | 阿里巴巴集团控股有限公司 | 一种动态污点数据分析方法及装置 |
CN103729295A (zh) * | 2013-12-31 | 2014-04-16 | 北京理工大学 | 一种污点传播路径分析方法 |
US10803165B2 (en) * | 2015-06-27 | 2020-10-13 | Mcafee, Llc | Detection of shellcode |
CN111651773B (zh) * | 2020-08-05 | 2020-11-06 | 成都无糖信息技术有限公司 | 一种二进制安全漏洞自动化挖掘方法 |
CN113420298A (zh) * | 2021-05-26 | 2021-09-21 | 杭州孝道科技有限公司 | 一种基于PHP扩展的PHP Web应用程序漏洞检测方法及其存储介质 |
CN116451228B (zh) * | 2023-04-23 | 2023-10-17 | 北京安普诺信息技术有限公司 | 动态污点追踪方法、装置及相关在线污点传播分析系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101510241A (zh) * | 2009-03-12 | 2009-08-19 | 南京大学 | 整形溢出漏洞的二进制检测定位装置 |
CN101515320A (zh) * | 2009-04-10 | 2009-08-26 | 中国科学院软件研究所 | 一种攻击时漏洞检测方法及其系统 |
CN101539976A (zh) * | 2009-04-23 | 2009-09-23 | 南京大学 | 二进制程序内存腐烂攻击的实时检测系统 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7752459B2 (en) * | 2001-12-06 | 2010-07-06 | Novell, Inc. | Pointguard: method and system for protecting programs against pointer corruption attacks |
-
2009
- 2009-12-01 CN CN200910252813.9A patent/CN102081719B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101510241A (zh) * | 2009-03-12 | 2009-08-19 | 南京大学 | 整形溢出漏洞的二进制检测定位装置 |
CN101515320A (zh) * | 2009-04-10 | 2009-08-26 | 中国科学院软件研究所 | 一种攻击时漏洞检测方法及其系统 |
CN101539976A (zh) * | 2009-04-23 | 2009-09-23 | 南京大学 | 二进制程序内存腐烂攻击的实时检测系统 |
Non-Patent Citations (1)
Title |
---|
王宏 等.软件安全测试新武器--浅谈基于Dynamic Taint Propagation的测试技术.《程序员》.2008, * |
Also Published As
Publication number | Publication date |
---|---|
CN102081719A (zh) | 2011-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102081719B (zh) | 基于动态污染传播的软件安全测试系统及方法 | |
CN109002721B (zh) | 一种信息安全漏洞的挖掘分析方法 | |
Godefroid et al. | SAGE: Whitebox Fuzzing for Security Testing: SAGE has had a remarkable impact at Microsoft. | |
Ming et al. | {TaintPipe}: Pipelined symbolic taint analysis | |
Reid | Trustworthy specifications of ARM® v8-A and v8-M system level architecture | |
Seward et al. | Using Valgrind to Detect Undefined Value Errors with Bit-Precision. | |
CN101853200B (zh) | 一种高效动态软件漏洞挖掘方法 | |
Subramanyan et al. | Verifying information flow properties of firmware using symbolic execution | |
Lee et al. | Design and implementation of the secure compiler and virtual machine for developing secure IoT services | |
CN102402479B (zh) | 用于静态分析的中间表示结构 | |
CN109711159B (zh) | 一种基于信息流的ip核rtl级代码安全漏洞检测方法 | |
Arzt et al. | The soot-based toolchain for analyzing android apps | |
Vanegue et al. | Towards practical reactive security audit using extended static checkers | |
Cai et al. | SwordDTA: A dynamic taint analysis tool for software vulnerability detection | |
Schneider et al. | Bridging the semantic gap through static code analysis | |
Cloosters et al. | {SGXFuzz}: Efficiently synthesizing nested structures for {SGX} enclave fuzzing | |
CN111859380A (zh) | Android App漏洞的零误报检测方法 | |
Cheng et al. | Logextractor: Extracting digital evidence from android log messages via string and taint analysis | |
Chen et al. | Brick: A binary tool for run-time detecting and locating integer-based vulnerability | |
Hu et al. | Automatically patching vulnerabilities of binary programs via code transfer from correct versions | |
CN107368713B (zh) | 保护软件的方法和安全组件 | |
Shahriar et al. | Buffer overflow patching for C and C++ programs: rule-based approach | |
US8510713B1 (en) | Method and system for validating a disassembler | |
CN115795489B (zh) | 一种基于硬件级进程跟踪的软件漏洞静态分析方法及装置 | |
Ren et al. | A dynamic taint analysis framework based on entity equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: NANJING VULNHUNT INFORMATION TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: WANG WEI Effective date: 20140812 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 210015 NANJING, JIANGSU PROVINCE TO: 210000 NANJING, JIANGSU PROVINCE |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20140812 Address after: Building No. 20 Yuhuatai Avenue flora read City District of Nanjing City, Jiangsu province 210000 floor Applicant after: NANJING VULNHUNT Inc. Address before: Siping Road Nanjing city Jiangsu province 210015 Jianning Road No. three unit 301 room Applicant before: Wang Wei |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
ASS | Succession or assignment of patent right |
Owner name: ALIBABA GROUP HOLDING LTD. Free format text: FORMER OWNER: NANJING VULNHUNT INFORMATION TECHNOLOGY CO., LTD. Effective date: 20150710 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20150710 Address after: 310012 G building, 10 floor, A building, Paradise Software Park, 3 West Road, Hangzhou, Xihu District, Zhejiang Patentee after: Alibaba (China) Co.,Ltd. Address before: Building No. 20 Yuhuatai Avenue flora read City District of Nanjing City, Jiangsu province 210000 floor Patentee before: NANJING VULNHUNT Inc. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20221111 Address after: Room 101, Warehouse 1, No. 88, Jingbin Avenue, Jingbin Industrial Park, Wuqing District, Tianjin 301739 Patentee after: Alibaba Huabei Technology Co.,Ltd. Address before: 310012 G Block, 10th Building, Building A, Paradise Software Park, No. 3 Xidoumen Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: Alibaba (China) Co.,Ltd. |
|
TR01 | Transfer of patent right |