CN110661804B - Stain analysis vulnerability detection method for firewall - Google Patents

Stain analysis vulnerability detection method for firewall Download PDF

Info

Publication number
CN110661804B
CN110661804B CN201910932056.3A CN201910932056A CN110661804B CN 110661804 B CN110661804 B CN 110661804B CN 201910932056 A CN201910932056 A CN 201910932056A CN 110661804 B CN110661804 B CN 110661804B
Authority
CN
China
Prior art keywords
memory
taint
access
instruction
indicating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910932056.3A
Other languages
Chinese (zh)
Other versions
CN110661804A (en
Inventor
肖甫
陈嘉琦
周剑
沙乐天
盛碧云
李群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN201910932056.3A priority Critical patent/CN110661804B/en
Publication of CN110661804A publication Critical patent/CN110661804A/en
Application granted granted Critical
Publication of CN110661804B publication Critical patent/CN110661804B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Abstract

A stain analysis vulnerability detection method for a firewall comprises the following steps: extracting a file system of the firewall firmware; introducing a stain into the target firewall program; defining a taint propagation rule according to the classification of the assembly instructions; and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not. The stain analysis vulnerability detection method aims at firewall equipment with an MIPS (microprocessor with interleaved stages architecture) framework in Internet of things equipment, and the prior art has less research on the firewall equipment, so that the technical blank in the field is filled up. The method expresses the taint propagation rule and the taint detection rule by formal description, and has higher accuracy and low false alarm rate.

Description

Stain analysis vulnerability detection method for firewall
Technical Field
The invention provides a stain analysis vulnerability detection method for a firewall in Internet of things equipment, which is mainly used for detecting a vulnerability of the firewall equipment and belongs to the field of Internet of things safety.
Background
In the information age of our body, the development of networks is thousands of days, and the networks bring benefits and convenience to our bodies and bring many risks to our bodies. Trojan, virus abuse, webpage tampering, frequent hacking attacks, various rogue software and spyware, and the wind and wave are generated in the internet-surfing equipment. As a strict "gatekeeper" of internet of things devices and networks, the importance of firewalls for security is self-evident. The firewall is responsible for each port of the gatekeeper system, helps us to intercept all suspicious programs or data packets, and further judges whether the programs or the data packets can be released or deleted. But if the firewall is breached, an attacker can obtain critical information using the firewall. The security of firewalls is therefore a central concern throughout the Internet network.
When deeply analyzing the safety principle of the bottom layer of the intelligent equipment, the hardware is inevitably required to be directly contacted. A common internet of things (called internet of things, IOT for short) product is generally developed by using an embedded Linux system, and one of the main purposes of chip research on embedded devices is to obtain firmware of a hardware system. The executable program of the embedded device is called firmware. Firmware is generally stored in ROM, which is a short for Read-Only Memory (Read-Only Memory) and is a solid-state semiconductor Memory capable of reading Only data stored in advance. Firmware is usually written in assembly language and serves as the most basic and bottom-level work for a system. The presence of firmware allows people to use embedded devices conveniently, but also with security risks. According to investigation, since individuals, enterprises and governments rarely update firmware versions after using firewall devices, hackers are more likely to attack old versions of the devices, so that confidential information is leaked and personal property is lost.
The current dynamic taint analysis platform also has the problems of both accuracy and performance. The accuracy rate is represented by false alarm caused by 'over pollution' and missing report problem caused by 'under pollution'.
Disclosure of Invention
With the rapid increase of the internet of things equipment, the increase of network attack means and the slight view of people on network safety, the safety of the internet of things equipment becomes more and more important, and the invention provides a stain analysis vulnerability detection method for a firewall, which is used for solving the safety problem of the firewall. By using the method provided by the invention, the safety of the firewall equipment can be improved, and the information and property safety of a user can be further ensured.
A stain analysis vulnerability detection method for a firewall comprises the following steps:
step 1: extracting a file system of the firewall firmware;
step 2: introducing a stain into the target firewall program;
and step 3: defining a taint propagation rule according to the classification of the assembly instructions;
and 4, step 4: and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not.
Further, step 1 comprises:
step 1-1: obtaining firewall firmware;
step 1-2: determining the type of a file system in firewall firmware;
step 1-3: the file system in the firmware is extracted.
Further, step 2 comprises: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
Further, the formalized description of the taint propagation rule defined in step 3 includes a taint propagation rule for a read access memory instruction, a taint propagation rule for a write access memory instruction, and a taint propagation rule for a non-memory access instruction.
Further, the taint propagation rule of the read access memory instruction is as follows:
Pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv);
wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Indicating a memory address R for a read accessaTaint mapping of stored content of (c);
the rule indicates that,for read access memory instructions, Ins is the result of a contamination of the memory address accessed or of the contents of the memory accessedloadThe intermediate destination operand is contaminated.
Further, the taint propagation rule of the write access memory instruction is as follows:
Pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv),
wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaWhere isaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Representing a taint map for write access to write memory contents;
the rule indicates that for a write access memory instruction, Ins is used if the memory address of the write access or the contents to be written into the memory are contaminatedstoreThe intermediate destination operand is contaminated.
Further, the taint propagation rule of the non-memory access instruction is as follows:
Figure BDA0002220504330000041
wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",
Figure BDA0002220504330000042
representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2);
the rule indicates that for non-memory access instructions, if there is an element opi
OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
Further, the formalized description of the taint detection rule defined in step 4 includes the taint detection rule of the jump instruction and the taint detection rule of the memory access instruction.
Further, the taint detection rule of the jump instruction is as follows:
Pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv);
wherein, Pbranch(Insbranch) Taint detection rules, Ins, representing jump instructionsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a taint detection rule with respect to the destination address of the jump instruction and the content at the destination address, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or whether the instruction content at the jump address is polluted or not is detected;
the rule indicates that the target program is determined to be likely to be attacked if the jump address is contaminated or the instruction content at the jump address is contaminated.
Further, the taint detection rule of the memory access instruction is as follows:
Pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta);
wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) A taint map representing valid access addresses for the memory;
the rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
The invention achieves the following beneficial effects:
(1) aiming at firewall equipment with an MIPS (micro processor with interleaved stepped statelocated architecture) architecture in equipment of the Internet of things, the method for detecting the taint analysis vulnerability provided by the invention has less research on the aspect in the prior art, and fills up the technical blank in the field.
(2) The method expresses the taint propagation rule and the taint detection rule by formal description, and has higher accuracy and low false alarm rate.
Drawings
Fig. 1 is a schematic flow chart of the dynamic taint analysis vulnerability detection method according to the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the drawings in the specification.
A stain analysis vulnerability detection method for a firewall comprises the following steps:
step 1: and extracting the file system of the firewall firmware.
The step 1 comprises the following steps:
step 1-1: and obtaining firewall firmware.
Step 1-2: the type of file system in the firewall firmware is determined.
Step 1-3: the file system in the firmware is extracted.
Step 2: introducing a smudge to the target firewall program.
The step 2 comprises the following steps: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
And step 3: according to the classification of the assembly instructions, a taint propagation rule is defined.
The formalized description of the taint propagation rule defined in the step 3 comprises a taint propagation rule of a read access memory instruction, a taint propagation rule of a write access memory instruction and a taint propagation rule of a non-memory access instruction.
The taint propagation rule of the read access memory instruction is as follows: pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv). Wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Display switchMemory address R in read accessaA taint mapping of stored content of (c). The rule indicates that, for a read access memory instruction, Ins is present if the memory address accessed or the contents of the memory accessed is contaminatedloadThe intermediate destination operand is contaminated.
The taint propagation rule of the write access memory instruction is as follows: pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv). Wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaWhere isaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Indicating a dirty map for write accesses to write memory contents. The rule indicates that for a write access memory instruction, Ins is used if the memory address of the write access or the contents to be written into the memory are contaminatedstoreThe intermediate destination operand is contaminated.
The taint propagation rule of the non-memory access instruction is as follows:
Figure BDA0002220504330000081
Figure BDA0002220504330000082
wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",
Figure BDA0002220504330000083
representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2). The rule indicates that for non-memory access instructions, if there is an element opi∈OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
And 4, step 4: and defining a taint detection rule according to the taint propagation rule, thereby detecting whether the target firewall program is attacked or not.
The formalization of the taint detection rule defined in step 4 describes the taint detection rule comprising a jump instruction and the taint detection rule comprising a memory access instruction.
The stain detection rule of the jump instruction is as follows: pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv). Wherein, Pbranch(Insbranch) Taint detection rules, Ins, representing jump instructionsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a taint detection rule with respect to the destination address of the jump instruction and the content at the destination address, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or that the instruction content at the jump address is tainted. The rule indicates if the jump address is tainted or the instruction content at the jump address is taintedThen it is determined that the target program may be under attack.
The taint detection rule of the memory access instruction is as follows: pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta). Wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) Representing a dirty map for a valid access address of the memory. The rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.

Claims (9)

1. A stain analysis vulnerability detection method for a firewall is characterized by comprising the following steps:
step 1: extracting a file system of the firewall firmware;
step 2: introducing a stain into the target firewall program;
and step 3: defining a taint propagation rule according to the classification of the assembly instructions;
and 4, step 4: defining a taint detection rule according to the taint propagation rule, thereby detecting whether a target firewall program is attacked or not;
the taint propagation rule of the read access memory instruction is as follows: pload(Insload)::=Pload(Ra,Rv)::=isTaint(Ra)∨isTaint(Rv);
Wherein, Pload(Insload) Taint propagation rules, Ins, representing read access to memory instructionsloadIndicating a read access to memory instruction, Pload(Ra,Rv) Indicating a taint propagation rule with respect to read access memory addresses and the contents of read access memory addresses, RaIndicating a read access memory address, RvMemory address R representing a read accessaWhere isaint () represents the mapping of the set V of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isaint (R)a) Indicating a dirty map, isTaint (R), for read access to a memory addressv) Indicating a memory address R for a read accessaTaint mapping of stored content of (c);
the rule indicates that, for a read access memory instruction, Ins is present if the memory address accessed or the contents of the memory accessed is contaminatedloadThe intermediate destination operand is contaminated.
2. The method of claim 1, wherein the method comprises the following steps: the step 1 comprises the following steps:
step 1-1: obtaining firewall firmware;
step 1-2: determining the type of a file system in firewall firmware;
step 1-3: the file system in the firmware is extracted.
3. The method of claim 1, wherein the method comprises the following steps: the step 2 comprises the following steps: when the firewall program is started, all variables, memory units, registers and the like are initialized to be non-pollution, then dynamic code instrumentation is carried out through a Dynamori code instrumentation tool, and received or read-in data are marked as a pollution source.
4. The method of claim 1, wherein the method comprises the following steps: the formalized description of the taint propagation rule defined in the step 3 comprises a taint propagation rule of a read access memory instruction, a taint propagation rule of a write access memory instruction and a taint propagation rule of a non-memory access instruction.
5. The method of claim 4, wherein the method comprises the following steps: the taint propagation rule of the write access memory instruction is as follows: pstore(Insstore)::=Pstore(Wa,Wv)::=isTaint(Wa)∨isTaint(Wv),
Wherein, Pstore(Insstore) Dirty propagation rules, Ins, representing write access to memory instructionsstoreIndicating a write access to memory, Pstore(Wa,Wv) Indicating a memory address for a write access and a dirty propagation rule for the contents of the write memory address, WaMemory address, W, indicating write accessvIndicating that memory address W is to be written toaWhere isaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ True, False ═ isTaint (W)a) Indicating a dirty map, isTaint (W), for write-access memory addressesv) Representing a taint map for write access to write memory contents;
the rule indicates that for a write access memory instruction, Ins is used if the memory address of the write access or the contents to be written into the memory are contaminatedstoreThe intermediate destination operand is contaminated.
6. The method of claim 4, wherein the method comprises the following steps: the taint propagation rule of the non-memory access instruction is as follows:
Figure FDA0003317208750000031
wherein, Pumem(Insumem) Indicating dirty propagation rules, Ins, for non-memory access instructionsumemIndicating a non-memory-access instruction, Pumem(Operandsrc) Indicating a dirty propagation rule for source operands in non-memory access instructions, OperandsrcRepresenting instructions InsumemSet of source operands, isTaint (op)i) Indicates about InsumemA dirty map of source operands in the instruction, isTaint () represents a map of the set of registers, memory data, and constants to a dirty attribute set T ═ True, False ",
Figure FDA0003317208750000032
representing a dirty map, op, that detects source operands in all non-memory access instructionsiRepresentation set OperandsrcN represents an opiThe number of (2);
the rule indicates that for non-memory access instructions, if there is an element opi∈OperandsrcAt this point, isTaint (op)i) True, denotes InsumemThe intermediate destination operand is contaminated.
7. The method of claim 1, wherein the method comprises the following steps: the formalization of the taint detection rule defined in step 4 describes the taint detection rule comprising a jump instruction and the taint detection rule comprising a memory access instruction.
8. The method of claim 7, wherein the method comprises: the stain detection rule of the jump instruction is as follows: pbranch(Insbranch)::=Pbranch(ba,bv)::=isTaint(ba)∨isTaint(bv);
Wherein, Pbranch(Insbranch) Taint detection rules, Ins, representing jump instructionsbranchIndicating a jump instruction, Pbranch(ba,bv) Indicating a destination address and a taint of content at the destination address with respect to a jump instructionDetection rules, baIndicating the destination address of the jump instruction, bvAs the jump address baThe instruction content of (c), isTaint () represents the mapping of the set of registers, memory data, and constants to the taint attribute set T ═ { True, False }, isTaint (b)a) Indicating a taint mapping with respect to the jump address, isTaint (b)v) Representing a taint map, isTaint (b), on the content of the instruction at the jump addressa)∨isTaint(bv) Indicating that the jump address is detected or whether the instruction content at the jump address is polluted or not is detected;
the rule indicates that the target program is determined to be likely to be attacked if the jump address is contaminated or the instruction content at the jump address is contaminated.
9. The method of claim 7, wherein the method comprises: the stain detection rule of the memory access instruction is as follows: pmem(Insmem)::=Pmem(ta,tv)::=isTaint(ta);
Wherein, Pmem(Insmem) Taint detection rules, Ins, representing memory access instructionsmemRepresenting memory access instructions, Pmem(ta,tv) Indicating a taint detection rule, t, with respect to memory access addresses and content at which valid memory addresses are accessedaEffective memory address, t, indicating a memory accessvRepresenting the mapping of the set of registers, memory data, and constants to the dirty attribute set T ═ True, False () representing the set of registers, memory data, and constants, isTaint (T) for either the contents at the effective memory address for a read access or the contents of the write memory for a write accessa) A taint map representing valid access addresses for the memory;
the rule indicates that the target program is determined to be likely to be attacked if the valid memory address accessed by the memory access instruction is contaminated.
CN201910932056.3A 2019-09-29 2019-09-29 Stain analysis vulnerability detection method for firewall Active CN110661804B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910932056.3A CN110661804B (en) 2019-09-29 2019-09-29 Stain analysis vulnerability detection method for firewall

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910932056.3A CN110661804B (en) 2019-09-29 2019-09-29 Stain analysis vulnerability detection method for firewall

Publications (2)

Publication Number Publication Date
CN110661804A CN110661804A (en) 2020-01-07
CN110661804B true CN110661804B (en) 2021-12-31

Family

ID=69039765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910932056.3A Active CN110661804B (en) 2019-09-29 2019-09-29 Stain analysis vulnerability detection method for firewall

Country Status (1)

Country Link
CN (1) CN110661804B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616151A (en) * 2009-07-31 2009-12-30 中国科学院软件研究所 A kind of automated network attack characteristic generation method
CN103995782A (en) * 2014-06-17 2014-08-20 电子科技大学 Taint analyzing method based on taint invariable set
CN108259514A (en) * 2018-03-26 2018-07-06 平安科技(深圳)有限公司 Leak detection method, device, computer equipment and storage medium
CN109002721A (en) * 2018-07-12 2018-12-14 南方电网科学研究院有限责任公司 A kind of mining analysis method of information security loophole
CN109583200A (en) * 2017-09-28 2019-04-05 中国科学院软件研究所 A kind of program exception analysis method based on dynamic tainting

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7853998B2 (en) * 2007-03-22 2010-12-14 Mocana Corporation Firewall propagation
CN101615238B (en) * 2009-07-28 2011-06-01 南京大学 Binary-based system for detecting memory modifying attack and positioning bug
CN102129538B (en) * 2011-03-04 2013-05-08 北京邮电大学 System and method for detecting buffer overflow vulnerability of source code of sensor network
CN104021073B (en) * 2014-05-06 2017-02-01 南京大学 Software vulnerability detection method based on pointer analysis
CN105808430B (en) * 2016-03-03 2018-07-03 中国科学院软件研究所 A kind of multi-semantic meaning dynamic stain analysis method
CN107291617B (en) * 2016-12-26 2020-08-11 中国科学院软件研究所 Vulnerability analysis method based on implicit taint propagation
CN108520180B (en) * 2018-03-01 2020-04-24 中国科学院信息工程研究所 Multi-dimension-based firmware Web vulnerability detection method and system
CN109325353A (en) * 2018-11-01 2019-02-12 南京邮电大学 A kind of cluster leak analysis method for home router
CN109753801B (en) * 2019-01-29 2022-04-22 重庆邮电大学 Intelligent terminal malicious software dynamic detection method based on system call

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616151A (en) * 2009-07-31 2009-12-30 中国科学院软件研究所 A kind of automated network attack characteristic generation method
CN103995782A (en) * 2014-06-17 2014-08-20 电子科技大学 Taint analyzing method based on taint invariable set
CN109583200A (en) * 2017-09-28 2019-04-05 中国科学院软件研究所 A kind of program exception analysis method based on dynamic tainting
CN108259514A (en) * 2018-03-26 2018-07-06 平安科技(深圳)有限公司 Leak detection method, device, computer equipment and storage medium
CN109002721A (en) * 2018-07-12 2018-12-14 南方电网科学研究院有限责任公司 A kind of mining analysis method of information security loophole

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于多属性决策及污点跟踪的大数据平台敏感信息泄露感知方法》;沙乐天等;《通信学报》;20170731;第56-69页 *

Also Published As

Publication number Publication date
CN110661804A (en) 2020-01-07

Similar Documents

Publication Publication Date Title
US20220377110A1 (en) Visual Detection of Phishing Websites Via Headless Browser
Yin et al. Panorama: capturing system-wide information flow for malware detection and analysis
US7370360B2 (en) Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US8307435B1 (en) Software object corruption detection
Carmony et al. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.
Mohaisen et al. Av-meter: An evaluation of antivirus scans and labels
JP4741782B2 (en) Computer immune system and method for detecting undesirable codes in a computer system
TWI483137B (en) Computing device including a port and a guest domain
US9135443B2 (en) Identifying malicious threads
US20080320594A1 (en) Malware Detector
US20110307956A1 (en) System and method for analyzing malicious code using a static analyzer
ES2829600T3 (en) Method and apparatus for detecting zombie behavior
CN107408176A (en) The execution of malicious objects dissects detection
US9575793B1 (en) Identifying kernel data structures
US8332941B2 (en) Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor
US11916937B2 (en) System and method for information gain for malware detection
Dornhackl et al. Malicious behavior patterns
Pektaş et al. A dynamic malware analyzer against virtual machine aware malicious software
Piromsopa et al. Secure bit: Transparent, hardware buffer-overflow protection
Quarta et al. Toward systematically exploring antivirus engines
Yin et al. Automatic malware analysis: an emulator based approach
CN110661804B (en) Stain analysis vulnerability detection method for firewall
Orgah et al. MemForC: Memory Forensics Corpus Creation for Malware Analysis
Kim The impact of platform vulnerabilities in AI systems
Jawhar A Survey on Malware Attacks Analysis and Detected

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant