CN103714288B - A kind of data flow tracking - Google Patents
A kind of data flow tracking Download PDFInfo
- Publication number
- CN103714288B CN103714288B CN201310733715.3A CN201310733715A CN103714288B CN 103714288 B CN103714288 B CN 103714288B CN 201310733715 A CN201310733715 A CN 201310733715A CN 103714288 B CN103714288 B CN 103714288B
- Authority
- CN
- China
- Prior art keywords
- instruction
- stain
- proceed
- stage
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention discloses a kind of data flow tracking, comprise three phases: client operating system instruction static disassembly, generate corresponding tainting instruction according to static client computer x86 instruction, carry out stain data dissemination and upgrade operation, count physical address for the internal memory operation that can not obtain when the static disassembly, obtain in Dynamic Execution process by the mode that adopts shared buffer memory; Compiling produces host run time version, generates the executable code on host according to stain instruction on last stage, generates with the form of processing function, facilitates the execution of next stage; Open new execution thread, carry out stain instruction, take out one by one stain instruction, call it and process function. The inventive method separates with simulator binary translation Executive Module by stain is followed the tracks of to operation, the stain semantic translation of realization based on x86 instruction-level and the tainting renewal of parallelization, reduce useless stain and follow the tracks of operation, raising system and user's interactive experience.
Description
Technical field
The invention belongs to computer safety field, more particularly, the present invention relates to a kind of data flow tracking.
Background technology
Data flow tracking technique is a kind of safe practice being widely used at information security field. Adopt the stain mark of byte level to carry out stain mark to rudimentary machine state (CPU register, physical memory, disk block etc.), interception and analytical system instruction stream simultaneously, thus analyze the impact renewal of instruction stream on stain mark and safeguard stain mark. Follow the tracks of required fine granularity analysis ability in order to obtain data flow, stain tracking system need to adopt binary pitching pile technology to carry out pitching pile or pass through simulator operational objective system destination application.
The stain tracking system realizing based on binary pitching pile technology, because needs obtain by the higher authority level of target program, is therefore only applicable to the pitching pile of the application program of application layer conventionally. Stain tracking system based on simulator, by moving whole goal systems environment at simulator in such as QEMU, can be followed the tracks of the code of kernel level. But such as TEMU, Argos etc., all there is the excessive problem of performance cost in the current stain tracking system realizing based on simulator.
QEMU simulator is in the time carrying out dry run goal systems to CPU, first carry out dis-assembling by the binary code piece to goal systems, translate into a kind of similar Reduced Instruction Set Computer (ReducedInstructionSetComputer, the intermediate command of platform independence RISC), is then further compiled into the instruction operation that can run on host operating system by these intermediate commands. Traditional stain tracking system based on QEMU is all to modify in intermediate command level in the time realizing; but an x86 instruction tends to be translated into many intermediate commands; such as for this x86 instruction of push%ebx; QEMU can be translated into 5 corresponding intermediate command: ld_i32tmp0; env, $ 0xc; Ld_i32tmp2, env, $ 0x10; Movi_i32tmp14, $ 0xfffffffc; Add_i32tmp2, tmp2, tmp14; Qemu_st32tmp0, tmp2, $ 0x0; St_i32tmp2, env, $ 0x10. Therefore for an x86 instruction, originally only need to carry out a stain and upgrade operation, realize based on intermediate command, will produce corresponding repeatedly tainting and upgrade operation, and wherein most of operation is all that the tracking that QEMU built-in variable is carried out is upgraded, it is useless operation. The stain tracking system realizing based on intermediate command, realizes simply directly, but has a large amount of useless operations, causes performance cost larger.
Summary of the invention
For above defect or the Improvement requirement of prior art, the invention provides a kind of data flow tracking, the method is carried out the optimization of data flow tracking based on simulator, comprise client operating system instruction is carried out to the stage of dis-assembling, the stage that compiling produces host run time version and the stage that finally code is carried out, wherein:
In the stage of client operating system instruction being carried out to dis-assembling, simulator produces stain instruction when client operating system instruction is carried out to dis-assembling, stain instruction is specific coding form, fixed size is 4 bytes, comprises command code (opcode), source operand, destination operand and ArgLogPos field;
Produce the stage of host run time version in compiling, the stain instruction producing is before compiled and produces the instruction moving on host, each stain instruction is processed function corresponding to one, upgrades operation for the stain of carrying out this stain instruction representative;
In the final code execution phase, open new thread execution stain instruction, carry out the operation of stain tracking, the process of execution is exactly to take out one by one stain instruction and call stain instruction process function.
Further preferably, described stain instruction fixed size is 4 bytes, comprising command code (opcode), accounts for 4 bit positions; Source operand and destination operand, account for respectively 6 bit positions, and ArgLogPos field, accounts for 16 bit positions, and ArgLogPos field has specified internal memory operation to count the position of address at shared buffer memory ArgLog.
Further preferably, in the stage of carrying out dis-assembling in described client operating system instruction, specifically proceed as follows:
(1-1) dis-assembling is carried out in an instruction of taking out client operating system;
(1-2) whether the instruction that judges current client operating system can produce tainting; If can not produce tainting, proceed to step (1-6);
(1-3) whether the instruction that judges current client operating system comprises internal memory operation number, whether needs the address of Dynamic Acquisition internal memory operation number; If do not comprise internal memory operation number, proceed to step (5);
(1-4) in ArgLog shared buffer memory, distribute a block space, count address for the internal memory operation of preserving Dynamic Acquisition below, the address by this space in ArgLog writes in the ArgLogPos field of stain instruction;
(1-5) instruction of analysis client operating system, the opcode of coding stain instruction, source operand and destination operand field;
(1-6) judge whether current client's operation also has instruction to translate; If also have instruction to translate, proceed to step (1-1).
Further preferably, produce the stage of host run time version in compiling, specifically proceed as follows:
(2-1) from the stain instruction buffer of first stage generation, take out a stain instruction;
(2-2) judge whether current stain instruction exists processing function; If there is processing function, proceed to step (2-6);
(2-3) judge whether current stain instruction needs Dynamic Acquisition internal memory operation to count address; If do not needed, proceed to step (2-5);
(2-4) notice simulator rear end compiling TCG module, the internal memory operation that Dynamic Acquisition needs in running is counted address and is write in the shared drive that ArgLog specifies;
(2-5) be the processing function that stain compiling of instruction is corresponding processing in function code buffer memory;
(2-6) instruction that judges whether also to have a stain need to be processed; If had, proceed to step (2-1).
Further preferably, in the final code execution phase, specifically proceed as follows:
(3-1) create new thread, call stain tracking execution function and go to carry out stain trace command;
(3-2) thread in the process of implementation, takes out a stain instruction from stain instruction buffer, and stain instruction is marked under being to process in function buffer memory and is addressed to corresponding processing function and calls execution;
(3-3) judge that internal memory operation that current stain instruction needs counts address whether in ArgLog buffer memory; If write, proceed to step (3-5);
(3-4) wait for that simulator carries out main thread and the internal memory operation of Dynamic Acquisition is counted to address write in ArgLog buffer memory;
(3-5) judge whether stain instruction is finished; If be not finished, proceed to step (3-2);
(3-6) cancel thread.
In general, the above technical scheme of conceiving by the present invention compared with prior art, has following beneficial effect:
(1) modular stain tracking system realizes
The present invention is with respect to traditional stain tracking system, the binary translation implementation of stain being upgraded to operation and simulator itself is considered as independently two processes, thereby can realize with module completely independently in implementation procedure, traditional stain tracking system need to be revised in a large number to the intrinsic function of simulator, and coupling is too strong.
(2) efficient stain tracking system performance
The present invention has designed a set of independently stain trace command, when being carried out to dis-assembling, guest instruction just produces corresponding stain instruction, thereby can carry out stain based on x86 instruction-level and upgrade operation, traditional stain tracking system is carried out stain in intermediate command level and is upgraded operation, cause a large amount of useless operating process, therefore stain tracking system of the present invention can be obtained very high stain tracking performance.
(3) improve goal systems and user-interaction experience
The execution of stain instruction is to be carried out by thread independently, reaches and the effect of the main thread executed in parallel of goal systems operation, can improve the interactive experience of the system of moving in simulator to user. Traditional code of stain tracking system tainting and the run time version of main thread mix, will have a strong impact on system operation time and user mutual.
Brief description of the drawings
Fig. 1 is the expansion schematic flow sheet of the present invention to simulator binary translation process;
The stain instruction format schematic diagram that Fig. 2 designs for the present invention;
Fig. 3 is the flow chart that dis-assembling client operating system instruction of the present invention generates stain instruction;
Fig. 4 is the flow chart that the present invention compiles stain instruction generation host run time version;
Fig. 5 is the flow chart that the present invention carries out stain instruction.
Detailed description of the invention
In order to make object of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated. Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention. In addition,, in each embodiment of described the present invention, involved technical characterictic just can combine mutually as long as do not form each other conflict.
The present invention is directed to x86 instruction and stain a set of simple stain trace command collection of having followed the tracks of operational design, revise the binary translation flow process of simulator simultaneously, the a set of virtual stain trace command collection of synchronous generation execution in the process of client operating system being carried out to the execution of binary translation generation host code, in order to complete stain tracking operation. The present invention follows the tracks of stain of operation and is considered as an independently process, independent with the binary translation process of simulator, in the process of carrying out, be finally also complete independence with simulator implementation originally, can on different threads, carry out, thereby further improve the performance of stain tracking system. Whole process as shown in Figure 1, in figure, right-hand component is the translation process of simulator itself, first the code block to client operating system (x86) carries out dis-assembling generation intermediate command (TCG), then intermediate command is further compiled into the instruction (x86) moving on host, finally removes to carry out final translated instruction block by the execution thread of QEMU. In this process, the present invention has added the flow process shown in the left side in figure, when simulator dis-assembling client operating system generates intermediate command, the x86 instruction that the present invention is directed to client operating system generates stain trace command (taintinstruction), and the function of these stain trace commands is to be responsible for carrying out corresponding stain to upgrade operation. Then the stain trace command of generation is compiled and generates the code that host is carried out, finally go the host code of carrying out generation to complete stain tracking operation by opening up new thread.
Tell about in detail the stain instruction of upgrading operation for completing stain that the present invention is directed to x86 instruction design below. It is the key operation of data flow tracking system that stain upgrades operation, by the instruction stream in system implementation is analyzed, can know that stain is marked at the communication process in system, such as for x86 instruction mov%ebx, %eax, this instruction will cause the stain marker propagation of eax register in ebx register. It has been exactly the process that stain mark upgrades that stain upgrades operation. For x86 instruction set, stain upgrades operation can be summarized as two kinds, and one is that (set) operation is set, and another kind is to merge (merge) operation. The stain mark of Set operation handlebar destination operand is arranged to the stain mark of source operand, such as this mov instruction for above, belongs to exactly set operation, i.e. Set(dst=ebx, src=eax). Merge operation will merge the stain mark of source operand and the stain mark of destination operand. Such as for add%eax, %ebx instruction. In x86 instruction set, have a large amount of conditional orders and REP instruction, therefore summing up taintopcode has 6 kinds of operations simultaneously. Be respectively setting (Set), merging (Merge), condition setting (CondSet), condition merging (CondMerge), repeat that (RepSet) is set, repeat to merge (RepMerge), for these 6 kinds of operations, in stain instruction, encode to 0x05 by 0x00.
Except opcode, stain instruction also comprises source operand and the destination operand that need to carry out stain flag update, and stain instruction format as shown in Figure 2. Opcode accounts for 4 bit, and source operand and destination operand account for respectively 6 bit. Finally also has the ArgLogPos field of 16 bit.
For the instruction that relates to memory address in x86, in the process of static disassembly, cannot get the address of internal memory operation number, such as push%ebx instruction, this instruction is pressed into ebx register in internal memory storehouse, upgrade operation for stain, the stain that need to upgrade the storehouse internal memory of being specified by esp is labeled as the stain mark of ebx register, but in static disassembly process, be the value that can not obtain in esp register, namely in static disassembly process, obtain the address less than storehouse internal memory. The present invention addresses this problem by add ArgLogPos field in stain instruction. First revise the binary translation Executive Module of simulator, in system running, Dynamic Acquisition is to the value of esp register, then open up in advance a shared buffer ArgLog, the esp register value of Dynamic Acquisition writes in this shared buffer, when stain instruction is in the time carrying out, the value of esp register of preserving before just can getting from this shared buffer, the address of the parameter that the ArgLogPos in stain instruction is used to specify the Dynamic Acquisition that current stain instruction needs in shared buffer.
Each stain trace command is fixed as 4 bytes, in the time carrying out, from translated instruction buffer, read out one by one stain instruction, call corresponding processing function and carry out " execution " of stain instruction, be responsible for the execution of stain trace command by independent thread, upgrade operation thereby complete stain.
The present invention adopts a kind of data flow follow-up mechanism of optimization to improve the performance of the data flow tracking system based on simulator, and optimization and the amendment of carrying out Data Flow Oriented tracking by the binary translation implementation to simulator realize. Be mainly reflected in three phases: 1, client operating system instruction is carried out to the stage 2 of dis-assembling, the stage 3 that compiling produces host run time version, the stage of final code execution.
For the first stage, as shown in Figure 3, key step is as follows:
(1-1) dis-assembling is carried out in an instruction of taking out client operating system.
(1-2) whether the instruction that judges current client operating system can produce tainting. If can not produce tainting, proceed to step (1-6).
(1-3) whether the instruction that judges current client operating system comprises internal memory operation number, whether needs the address of Dynamic Acquisition internal memory operation number. If do not comprise internal memory operation number, proceed to step (5).
(1-4) in ArgLog shared buffer memory, distribute a block space, count address for the internal memory operation of preserving Dynamic Acquisition below, the address by this space in ArgLog writes in the ArgLogPos field of stain instruction.
(1-5) instruction of analysis client operating system, the opcode of coding stain instruction, source operand and destination operand field.
(1-6) judge whether current client's operation also has instruction to translate. If also have instruction to translate, proceed to step (1-1).
(1-7) finish.
In this stage, dis-assembling was carried out in instruction to client operating system x86 at simulator, produce corresponding stain instruction, each stain instruction regular coding is 4 bytes, has comprised the stain that need to carry out and has upgraded operation. In this way, realize and carry out stain tracking in x86 instruction-level on the one hand, avoid a large amount of useless stain bringing in intermediate command level to follow the tracks of operation; On the other hand, by the Cheng Zhihang stain instruction that opens new routes, realize stain and upgrade separating of operation and simulator main thread, reach parallelization and carry out stain renewal.
For second stage, as shown in Figure 4, key step is as follows:
(2-1) from the stain instruction buffer of first stage generation, take out a stain instruction.
(2-2) judge whether current stain instruction exists processing function. If there is processing function, proceed to step (2-6).
(2-3) judge whether current stain instruction needs Dynamic Acquisition internal memory operation to count address. If do not needed, proceed to step (2-5).
(2-4) notice simulator rear end compiling TCG module, the internal memory operation that Dynamic Acquisition needs in running is counted address and is write in the shared drive that ArgLog specifies.
(2-5) be the processing function that stain compiling of instruction is corresponding processing in function code buffer memory
(2-6) instruction that judges whether also to have a stain need to be processed. If had, proceed to step (2-1).
(2-7) finish.
In this step compiles intermediate command at simulator and produces host instruction, to stain, instruction also compiles, take out each stain instruction, check whether stain instruction has corresponding stain instruction process function, if be dynamically no, its generation in stain instruction process function buffer memory. By adopting the mode of dynamic generation and buffer memory, to stain, instruction compiles processing function corresponding to generation, can require carry out balance to the room and time of system. If the mode that adopts static state to write alignment processing function for had a stain instruction, stain instruction process function code will take system executable file space, loads into EMS memory occupation Installed System Memory space while operation simultaneously. On the other hand, dynamically generate and process function, request memory to system when can reducing final executable file size and reducing operation, system is not that all stain instructions all can produce in the time of operation, only has the stain instruction of generation just need to have corresponding processing function. But dynamically generation can bring extra generation expense, by adopting the mode of buffer memory, can avoid repeatedly generating identical stain instruction process function.
For the phase III, as shown in Figure 5, key step is as follows:
(3-1) create new thread, call stain tracking execution function and go to carry out stain trace command.
(3-2) thread in the process of implementation, takes out a stain instruction from stain instruction buffer, and stain instruction is marked under being to process in function buffer memory and is addressed to corresponding processing function and calls execution.
(3-3) judge that internal memory operation that current stain instruction needs counts address whether in ArgLog buffer memory. If write, proceed to step (3-5).
(3-4) wait for that simulator carries out main thread and the internal memory operation of Dynamic Acquisition is counted to address write in ArgLog buffer memory.
(3-5) judge whether stain instruction is finished. If be not finished, proceed to step (3-2).
(3-6) cancel thread.
(3-7) finish.
This stage, when simulator is carried out dynamic translation code later, is opened up new execution thread, goes to carry out stain instruction, and the implementation of stain instruction, takes out stain instruction one by one, calls corresponding stain instruction process function. Because 4 bytes that stain instruction is fixed size, therefore allocate a memory array in advance, the stain of the record instruction that has a stain is processed function address, only need to be taking stain instruction as subscript, and just can in this array, navigate to fast corresponding stain and process function address and call. Processing function address in array is inserted by generating on last stage to process when function. Adopt new thread execution stain instruction, can with simulator main thread executed in parallel, upgrade operation owing to carrying out tainting in stain execution process instruction, and these upgrade operation and tend to take a large amount of CPU running times. Therefore during with the parallel processing of simulator main thread, can not affect the experience of main thread and user interactions, in multiple nucleus system, new thread, independently moving in CPU, reaches real executed in parallel simultaneously, and performance can further promote.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any amendments of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (1)
1. a data flow tracking, is characterized in that, the method is carried out data flow based on simulatorThe optimization of following the tracks of, comprises the stage, the compiling generation host that client operating system instruction are carried out to dis-assemblingThe stage that the stage of machine run time version and final code are carried out, wherein:
In the stage of client operating system instruction being carried out to dis-assembling, simulator refers to client operating systemOrder produces stain instruction when carrying out dis-assembling, and stain instruction is specific coding form, fixing largeLittle is 4 bytes, comprises command code (opcode), source operand, destination operand and ArgLogPosField;
Produce the stage of host run time version in compiling, the stain instruction producing is before compiledProduce the instruction moving on host, each stain instruction is processed function corresponding to one, for holdingThe stain of this stain instruction representative of row upgrades operation;
In the final code execution phase, open new thread execution stain instruction, carry out stain trackingOperation, the process of execution is exactly to take out one by one stain instruction and call stain instruction process function, wherein,In the stage of carrying out dis-assembling in described client operating system instruction, specifically proceed as follows:
(1-1) dis-assembling is carried out in an instruction of taking out client operating system;
(1-2) whether the instruction that judges current client operating system can produce tainting; If can notProduce tainting, proceed to step (1-6);
(1-3) whether whether the instruction that judges current client operating system comprises internal memory operation number, needWant the address of Dynamic Acquisition internal memory operation number; If do not comprise internal memory operation number, proceed to step(1-5);
(1-4) in ArgLog shared buffer memory, distribute a block space, for preserving Dynamic Acquisition belowInternal memory operation count address, the address by this space in ArgLog writes the ArgLogPos of stain instructionIn field;
(1-5) instruction of analysis client operating system, the opcode of coding stain instruction, source operandWith destination operand field;
(1-6) judge whether current client's operation also has instruction to translate; If also have instructionNeed to translate, proceed to step (1-1);
In the stage that produces host run time version in compiling, specifically proceed as follows:
(2-1) from the stain instruction buffer of first stage generation, take out a stain instruction;
(2-2) judge whether current stain instruction exists processing function; If there is processing function,Proceed to step (2-6);
(2-3) judge whether current stain instruction needs Dynamic Acquisition internal memory operation to count address; If noNeed, proceed to step (2-5);
(2-4) notice simulator rear end compiling TCG module, in running, Dynamic Acquisition needsInternal memory operation count address write ArgLog specify shared drive in;
(2-5) be the processing function that stain compiling of instruction is corresponding processing in function code buffer memory;
(2-6) instruction that judges whether also to have a stain need to be processed; If had, proceed to step(2-1);
In the stage of carrying out at final code, specifically proceed as follows:
(3-1) create new thread, call stain tracking execution function and go to carry out stain trace command;
(3-2) thread in the process of implementation, takes out a stain instruction from stain instruction buffer, withStain instruction is marked under being to process in function buffer memory and is addressed to corresponding processing function and calls execution;
(3-3) whether the internal memory operation that judges current stain instruction needs counts address at ArgLogIn buffer memory; If write, proceed to step (3-5);
(3-4) wait for that simulator carries out main thread and the internal memory operation of Dynamic Acquisition is counted to address writeIn ArgLog buffer memory;
(3-5) judge whether stain instruction is finished; If be not finished, proceed to step(3-2);
(3-6) cancel thread.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310733715.3A CN103714288B (en) | 2013-12-26 | 2013-12-26 | A kind of data flow tracking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310733715.3A CN103714288B (en) | 2013-12-26 | 2013-12-26 | A kind of data flow tracking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103714288A CN103714288A (en) | 2014-04-09 |
| CN103714288B true CN103714288B (en) | 2016-05-25 |
Family
ID=50407250
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310733715.3A Active CN103714288B (en) | 2013-12-26 | 2013-12-26 | A kind of data flow tracking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103714288B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106371890B (en) * | 2016-08-29 | 2019-05-28 | 山东乾云启创信息科技股份有限公司 | A kind of analogy method of GPU |
| CN106503560A (en) * | 2016-11-23 | 2017-03-15 | 中国人民解放军信息工程大学 | A kind of sensitive information tracking and system |
| US10521351B2 (en) | 2017-01-12 | 2019-12-31 | International Business Machines Corporation | Temporarily suppressing processing of a restrained storage operand request |
| US10621090B2 (en) | 2017-01-12 | 2020-04-14 | International Business Machines Corporation | Facility for extending exclusive hold of a cache line in private cache |
| US10572387B2 (en) | 2018-01-11 | 2020-02-25 | International Business Machines Corporation | Hardware control of CPU hold of a cache line in private cache where cache invalidate bit is reset upon expiration of timer |
| CN109324971B (en) * | 2018-09-30 | 2021-06-25 | 中国人民解放军国防科技大学 | Software data flow analysis method based on intermediate language and taint analysis |
| CN111857681B (en) * | 2020-06-08 | 2021-04-30 | 北京大学 | Software-defined key function positioning and extracting method of C + + system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081719A (en) * | 2009-12-01 | 2011-06-01 | 王伟 | Software security testing system and method based on dynamic taint propagation |
| CN102651062A (en) * | 2012-04-09 | 2012-08-29 | 华中科技大学 | System and method for tracking malicious behavior based on virtual machine architecture |
| CN103177210A (en) * | 2013-04-02 | 2013-06-26 | 中国人民大学 | Method of implanting dynamic stain analysis module in Android |
| CN103440201A (en) * | 2013-09-05 | 2013-12-11 | 北京邮电大学 | Dynamic taint analysis device and application thereof to document format reverse analysis |
-
2013
- 2013-12-26 CN CN201310733715.3A patent/CN103714288B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081719A (en) * | 2009-12-01 | 2011-06-01 | 王伟 | Software security testing system and method based on dynamic taint propagation |
| CN102651062A (en) * | 2012-04-09 | 2012-08-29 | 华中科技大学 | System and method for tracking malicious behavior based on virtual machine architecture |
| CN103177210A (en) * | 2013-04-02 | 2013-06-26 | 中国人民大学 | Method of implanting dynamic stain analysis module in Android |
| CN103440201A (en) * | 2013-09-05 | 2013-12-11 | 北京邮电大学 | Dynamic taint analysis device and application thereof to document format reverse analysis |
Non-Patent Citations (3)
| Title |
|---|
| 《A General Dynamic Information Flow Tracking Framework for Security Applications》;Lap Chung Lam等;《IEEE Computer Society》;20061231;全文 * |
| 《一种改进的动态污点分析模型》;黄昭;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20120715(第07期);第I139-150页 * |
| 《跨主机动态污点跟踪技术研究》;任飞飞等;《计算机工程》;20130315;第39卷(第3期);第162-166页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103714288A (en) | 2014-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103714288B (en) | A kind of data flow tracking | |
| JP6894377B2 (en) | Hardware instruction generation unit for dedicated processor | |
| RU2550558C2 (en) | Comparing and replacing dynamic address translation table entry | |
| KR101754462B1 (en) | Method and apparatus for implementing a dynamic out-of-order processor pipeline | |
| KR101826770B1 (en) | Fusible instructions and logic to provide or-test and and-test functionality using multiple test sources | |
| US8539463B2 (en) | Apparatus and method for improving the performance of compilers and interpreters of high level programming languages | |
| KR101712864B1 (en) | Methods and apparatus for fusing instructions to provide or-test and and-test functionality on multiple test sources | |
| US7568189B2 (en) | Code translation and pipeline optimization | |
| CN102360334B (en) | Dynamic and static combined software security test method | |
| Wang et al. | Uroboros: Instrumenting stripped binaries with static reassembling | |
| CN105051680B (en) | The processor and method of process instruction on road are executed for the hardware concurrent inside processor | |
| EP3218803B1 (en) | Live migration of virtual machines from/to host computers with graphics virtualization | |
| KR20150112778A (en) | Inter-architecture compatability module to allow code module of one architecture to use library module of another architecture | |
| CN102906700B (en) | For stoping the virtualization of function chemical industry tool of the command function of the multifunction instructions of virtual processor | |
| US10223091B2 (en) | Unaligned instruction relocation | |
| CN108874438A (en) | Patch generation method, device, electronic equipment and computer program product | |
| CN103793432A (en) | Method and device for splitting database reading and writing | |
| WO2013123405A1 (en) | Profiling and sequencing operators executable in an emulated computing system | |
| KR20090064397A (en) | Register-based instruction optimization for facilitating efficient emulation of an instruction stream | |
| CN105074657B (en) | The hardware and software solution of diverging branch in parallel pipeline | |
| KR20110069515A (en) | Virtualization apparatus and its processing method | |
| CN104156311A (en) | Embedded type C language target code level unit testing method based on CPU simulator | |
| TW200428288A (en) | Direct instructions rendering emulation computer technique | |
| EP3738028B1 (en) | Reduced instructions to generate global variable addresses | |
| US8600727B2 (en) | Streamlined execution of emulated code using block-based translation mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |