CN116028937A - Data security reinforcement method, device, equipment and medium - Google Patents

Data security reinforcement method, device, equipment and medium Download PDF

Info

Publication number
CN116028937A
CN116028937A CN202111247641.3A CN202111247641A CN116028937A CN 116028937 A CN116028937 A CN 116028937A CN 202111247641 A CN202111247641 A CN 202111247641A CN 116028937 A CN116028937 A CN 116028937A
Authority
CN
China
Prior art keywords
test
configuration information
target
jump
target program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111247641.3A
Other languages
Chinese (zh)
Inventor
孟国柱
李悦康
张晓东
陈恺
于泽平
吴石
王巨宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Institute of Information Engineering of CAS
Original Assignee
Tencent Technology Shenzhen Co Ltd
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd, Institute of Information Engineering of CAS filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202111247641.3A priority Critical patent/CN116028937A/en
Publication of CN116028937A publication Critical patent/CN116028937A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The embodiment of the application provides a data security reinforcement method, a device, equipment and a medium, and the method relates to the technical field of security and can be applied to application software of terminal equipment; comprising the following steps: acquiring conversion hit frequencies among basic function code blocks in a target program, and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequencies; variable configuration information for configuring program jump parameters is obtained, and an obstacle code containing a cooperative jump table is generated according to the variable configuration information; the cooperative jump table in the barrier code is used for blocking fuzzy test for the target program; and inserting barrier codes into the error processing paths of the target program to generate the reinforcement binary file for release. By adopting the embodiment of the application, the vulnerability detection capability in the fuzzy test can be reduced, and the security of data can be further improved.

Description

Data security reinforcement method, device, equipment and medium
Technical Field
The present application relates to the field of security technologies, and in particular, to a data security reinforcement method, apparatus, device, and medium.
Background
With the rapid development of application software, the frequency of using the application software by a user through a terminal device is increasing, and the application software brings convenience to the life of the user and also creates some security problems. For example, before the application software is released, a researcher of the application software may perform a software test on the application software to mine a bug in the application software, repair the mined bug, and release the bug after repair is completed. However, after the application software is released, an attacker can also test the application software, and when a researcher fails to detect all vulnerabilities before the application software is released, the attacker can find the vulnerabilities and develop the attacks, so that the user privacy is stolen, the user property is deceived, and the like, and great potential safety hazards are brought to the user.
Disclosure of Invention
The embodiment of the application provides a data security reinforcement method, device, equipment and medium, which can reduce the vulnerability detection capability in fuzzy test and further can improve the security of data.
In one aspect, an embodiment of the present application provides a data security reinforcement method, including:
acquiring conversion hit frequencies among basic function code blocks in a target program, and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequencies;
Variable configuration information for configuring program jump parameters is obtained, and an obstacle code containing a cooperative jump table is generated according to the variable configuration information; the cooperative jump table in the barrier code is used for blocking fuzzy test for the target program;
and inserting barrier codes into the error processing paths of the target program to generate the reinforcement binary file for release.
In one aspect, an embodiment of the present application provides a data security reinforcement device, including:
the path determining module is used for acquiring conversion hit frequencies among basic function code blocks in the target program and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequencies;
the code generation module is used for acquiring variable configuration information for configuring the program jump parameters and generating obstacle codes containing the cooperative jump table according to the variable configuration information; the cooperative jump table in the barrier code is used for blocking fuzzy test for the target program;
and the code insertion module is used for inserting barrier codes into the error processing path of the target program and generating a reinforcement binary file for release.
Wherein the path determination module comprises:
the effective data execution unit is used for acquiring an effective test set, executing a target program according to effective test data contained in the effective test set, and obtaining a target execution edge set; each executed edge in the target execution edge set is used for connecting two basic function code blocks in the target program;
The random data execution unit is used for acquiring a random test set, executing a target program according to random test data contained in the random test set, and obtaining a random execution edge set; each executed edge in the random execution edge set is used for connecting two basic function code blocks in the target program;
the hit frequency determining unit is used for counting the first occurrence times corresponding to each executed edge in the target execution edge set and the second occurrence times corresponding to each executed edge in the random execution edge set, and determining the conversion hit frequency between basic function code blocks in the target program according to the first occurrence times and the second occurrence times;
and the error processing path determining unit is used for determining the error processing path of the target program from the random execution edge set according to the conversion hit frequency.
Wherein the error processing path determination unit includes:
an executed edge obtaining subunit, configured to obtain an executed edge i from the random execution edge set; the executed edge i is used for connecting a basic function code block a and a basic function code block b in the target program, i is a positive integer less than or equal to the number of the executed edges in the random execution edge set, and a and b are both positive integers less than or equal to the number of the basic function code blocks in the target program;
An error processing edge determining subunit, configured to determine the executed edge i as an error processing edge if the conversion hit frequency between the basic function code block a and the basic function code block b is less than the frequency threshold and the executed edge i does not belong to the target execution edge set;
an error processing edge combination subunit, configured to combine error processing edges in the random execution edge sets to obtain D error edge sets, and determine an error processing path of the target program according to basic function code blocks associated with the error processing edges in each error edge set; d is a positive integer.
The program jump parameters comprise jump limiting parameters, length limiting parameters and jump table size parameters, and the variable configuration information comprises jump configuration information aiming at the jump limiting parameters, length configuration information aiming at the length limiting parameters and size configuration information aiming at the jump table size parameters;
the code generation module includes:
a jump table declaring unit for declaring K cooperative jump tables according to jump configuration information, length configuration information and size configuration information in the variable configuration information; k is a positive integer;
a tag inserting unit, configured to insert a tag for marking the jump position in each of the K cooperative jump tables, and generate an obstacle code including the K cooperative jump tables.
The size configuration information comprises first sub-configuration information and second sub-configuration information, and the size of the jump table determined by the first sub-configuration information is larger than that determined by the second sub-configuration information;
the jump table declaring unit is specifically configured to:
according to the jump configuration information, the length configuration information and the first sub-configuration information in the variable configuration information, declaring a first type jump table; the first type jump table is used for indicating that test cases are reserved in the fuzzy test to execute error processing paths;
according to the jump configuration information, the length configuration information and the second sub configuration information in the variable configuration information, declaring a second type jump table, and determining the first type jump table and the second type jump table as K cooperative jump tables; the second type of jump table is used for attenuating test cases of the fuzzy test.
Wherein the code insertion module includes:
a critical position determining unit, configured to determine a critical position corresponding to the barrier code in an error processing path of the target program, and insert the barrier code into the critical position through a compiler;
and the compiling processing unit is used for compiling the target program inserted with the barrier code in a compiler to generate a reinforcement binary file for release.
Wherein the apparatus further comprises:
the file issuing module is used for issuing the reinforcement binary file to the software management platform so that a first device in the software management platform can acquire the reinforcement binary file, load the reinforcement binary file and access application software corresponding to the reinforcement binary file.
Wherein the apparatus further comprises:
the target test set acquisition module is used for acquiring a target test set provided by the second equipment in the fuzzy test when the second equipment is detected to carry out the fuzzy test on the reinforced binary file;
the test case reservation module is used for reserving target test cases related to the error processing paths from the target test set by reinforcing barrier codes in the binary files; the target test case is used for blocking loophole searching capability in fuzzy test.
Wherein the cooperative jump table in the barrier code comprises a first type jump table;
the test case retention module includes:
the scheduling acquisition unit is used for acquiring the computational power scheduling of the test case x through a first type of jump table in the barrier code when the execution path of the test case x in the target test set in the reinforcement binary file is an error processing path; x is a positive integer;
The quality evaluation unit is used for carrying out quality evaluation on the calculation power schedule of the test case x through the test case evaluator of the fuzzy test to obtain a quality evaluation value of the test case x;
and the quality judging unit is used for determining the test case x as a target test case when the quality evaluation value of the test case x meets the evaluation threshold condition.
Wherein the cooperative jump table in the barrier code comprises a second type jump table;
the test case retention module includes:
the mutation processing unit is used for carrying out mutation processing on the test case y in the fuzzy test case mutagen according to a second type jump table in the barrier code when the execution path of the test case y in the target test set in the reinforcement binary file is an error processing path, so as to generate candidate test cases; y is a positive integer;
and the data length judging unit is used for determining the candidate test case as a target test case when the data length of the candidate test case is larger than that of the test case y.
Wherein the apparatus further comprises:
the execution track generation module is used for executing the reinforcement binary file according to the test cases in the target test set in the fuzzy test, and generating one or more execution tracks corresponding to the test cases in the target test set through random logic contained in the barrier codes in the reinforcement binary file;
The feedback information accumulation module is used for acquiring execution feedback information corresponding to one or more execution tracks respectively, and accumulating the execution feedback information corresponding to the test cases in the target test set to obtain the total feedback information;
the saturation record generation module is used for generating a storage saturation record when the memory space of the total amount of feedback information is larger than or equal to the storage space; the saturation record is stored for indicating that the fuzzy test stops collecting the execution feedback information.
An aspect of the embodiments of the present application provides a computer device, including a memory and a processor, where the memory is connected to the processor, and the memory is used to store a computer program, and the processor is used to call the computer program, so that the computer device performs the method provided in the foregoing aspect of the embodiments of the present application.
An aspect of the present application provides a computer readable storage medium, in which a computer program is stored, the computer program being adapted to be loaded and executed by a processor, to cause a computer device having a processor to perform the method provided in the above aspect of the embodiments of the present application.
According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the method provided in the above aspect.
According to the method and the device for processing the target program, the conversion hit frequency among basic function code blocks in the target program can be obtained, an error processing path is determined in the basic function code blocks of the target program according to the conversion hit frequency, variable configuration information for configuring program jump parameters can be obtained, an obstacle code comprising a cooperative jump table is generated according to the variable configuration information, the cooperative jump table in the obstacle code is used for blocking fuzzy test for the target program, the obstacle code is inserted into the error processing path of the target program, and a reinforcement binary file for issuing is generated. Therefore, after the error processing path is determined from the target program, the reinforcement binary file is obtained by inserting the barrier code into the error processing path, and the normal execution efficiency of the target program is not affected by the barrier code inserted into the error processing path, namely, the vulnerability detection capability in the fuzzy test can be reduced on the basis of normal execution of the data corresponding to the reinforcement binary file, and the safety of the data can be further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of a scenario for security reinforcement of an application program according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a network architecture according to an embodiment of the present application;
fig. 3 is a schematic diagram of an attack procedure provided in an embodiment of the present application;
fig. 4 is a flow chart of a data security reinforcement method according to an embodiment of the present application;
FIG. 5 is a schematic flow chart of generating a hardened binary file according to an embodiment of the present application;
fig. 6 is a flow chart of a data security reinforcement method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a component for gray scale blur test according to an embodiment of the present application;
FIG. 8 is a schematic structural diagram of a data security reinforcement device according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Embodiments of the present application relate to Cloud Security (Cloud Security) technology. Cloud security refers to the general term of security software, hardware, users, institutions and security cloud platforms based on cloud computing business model application. Cloud security fuses emerging technologies and concepts such as parallel processing, grid computing, unknown virus behavior judgment and the like, acquires the latest information of Trojan horse and malicious programs in the Internet through abnormal monitoring of a large number of network clients on software behaviors, sends the latest information to a server for automatic analysis and processing, and distributes solutions of viruses and Trojan horse to each client.
The application specifically relates to application attack protection in cloud security technology, before application software is released, source codes of the application software can be reinforced to generate protected binary code files, and then the protected binary code files can be released; when an attacker attacks the protected binary code file by adopting a fuzzy test, the protected binary code file can ensure that the attacker cannot access the source code of the application software so as to improve the security of the application software.
The present application also relates to the following concepts:
fuzzing test (fuzzing): fuzzing is a method of discovering software faults by providing unexpected inputs and monitoring for abnormal results; the fuzzy test is not used for guessing the data, which leads to damage, but rather, the fuzzy test is used for putting as much disordered data into the program as possible, and the fuzzy test has the advantages of high automation degree, good availability and low false alarm rate. In other words, the fuzzy test may run the target program using random inputs to observe the abnormal behavior of the target program, which often indicates that the target program is defective. The blurring test technique can be generally classified into a black box blurring test, a white box blurring test, and a gray box blurring test.
Black box blur test: the lack of internal knowledge structure of the target program limits the use of black box fuzziness testing by treating the target program as a black box and generating input data from mathematical or statistical models.
White box blur test: the target program can be fully accessed and a large number of program analyses, such as symbolic execution, can be performed, but the scalability of the white-box fuzzing test is poor due to the expensive program analysis.
And (3) gray box fuzzy test: a balance is struck between validity and scalability, with lightweight program analysis to capture execution feedback of the target program under test. Such feedback can effectively help generate high quality seeds (also referred to as test cases) without reducing the execution speed of the target program.
Basic block: the basic block refers to a sentence sequence executed by the target program sequentially, one basic block only has one entry and one exit, the entry can refer to a first executable sentence in the sentence sequence, and the exit is the last sentence. For a basic block, execution needs to enter from the entrance and exit from the exit. In the embodiment of the present application, the basic blocks may also be referred to as basic function code blocks in the target program.
Jump table: a jump table refers to a method of transferring program control from one part to another, where jumps can be made between marked locations in the code. Since the tags are stored in the jump table, program control may be transferred to any tagged location by querying the jump table.
Vulnerability: vulnerabilities are flaws in the specific implementation of hardware, software, protocols, or system security policies that may enable an attacker to access or destroy the system without authorization. Finding available vulnerabilities is typically the starting point for an attack.
Referring to fig. 1, fig. 1 is a schematic view of a scenario for security reinforcement of an application program according to an embodiment of the present application. As shown in fig. 1, in the development stage of the application software, after a developer completes code writing of the application software, source code (may also be referred to as a source program) of the application software may be obtained; the source code can refer to a file which is written according to a certain programming language specification and can be read by human beings, and is usually written in a high-level language; the source code may be a text file that may be compiled into a program executable by the computer device; of course, the source code may also take the form of a book or a tape or other carrier, and the carrier form of the source code is not specifically limited in this application. By compiling the source code of the application software to generate binary code (which may also be referred to as a binary file) that can be executed by the computer device, compilation herein may be understood as a process of translating the source code that is readable by a human into a program that can be executed by the computer device, which may be accomplished by various compilers.
In the test stage of the application software, a tester (it can be understood that the tester can default to a trusted person, such as any person in an application software development team, etc.) can test the source code, such as compiling the source code of the application software to obtain unprotected binary code, further testing the unprotected binary code, finding out a vulnerability of the application software in use, and repairing the found vulnerability to perfect the application software. After the loopholes found in the test stage are all repaired, the source code of the repaired application software can be reinforced to generate a self-protection binary code, the self-protection binary code can be used for resisting fuzzy test on the application software, and the self-protection binary code can be issued outwards. After the release of the protected binary, the application software can be used by the average user through this protected binary; when an attacker wants to attack the application software, the attacker can only obtain the protected binary code and cannot access the source code of the application software.
It should be noted that, the reinforcement related to the present application is only directed to the binary code for release, and does not affect the internal test process of the application software by the tester, and does not affect the normal execution of the application software. When an attacker wants to find a vulnerability in the application software through the fuzzy test and attack or destroy the application software by utilizing the vulnerability, the protected binary code can obstruct the fuzzy test of the attacker, such as reducing the vulnerability detection capability of the fuzzy test.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a network architecture according to an embodiment of the present application. As shown in fig. 2, the network architecture may include servers and terminal devices, and the number of servers and the number of terminal devices included in the network architecture may be one or more, and the terminal devices 10a, 10b and 10c shown in fig. 2 are only examples, and the number of servers and terminal devices is not limited in this application. The terminal device 10a and the terminal device 10b may be a smart phone, a tablet computer, a notebook computer, a palm computer, a mobile internet device (mobile internet device, MID), a wearable device (for example, a smart watch, a smart bracelet, etc.), a smart sound box, a vehicle-mounted terminal, a smart television, etc.; the server 10c may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligence platforms, but is not limited thereto.
After the application software is released, the terminal device 10a, the terminal device 10b and the server 10c shown in fig. 2 may obtain a release file (such as the protected binary code) of the application software, and if the terminal device 10a is a device used by a general user, the terminal device 10a may use the application software through the release file of the application software, for example, access a client corresponding to the application software, use a service in the application software, and so on; if the terminal device 10b is a device used by an attacker (the terminal device 10b may also be regarded as an attacker), after the attacker obtains the release file of the application software through the terminal device 10b, the attacker may perform a fuzzy test on the release file to try to find the vulnerability in the application software and attack it, and the release file (the protected binary code) may obstruct the fuzzy test of the application software by the terminal device 10b, so as to reduce the vulnerability detection capability in the fuzzy test.
The following describes an example of a device used by the terminal device 10b as an attacker. Referring to fig. 3, fig. 3 is a schematic diagram of an attack procedure according to an embodiment of the present application. When the terminal device 10b acts as an attacker, or a device used by an attacker, it tries to find available vulnerabilities in the application software and attacks the application software with the vulnerabilities. As shown in fig. 3, the terminal device 10b needs to satisfy the following three conditions for an attack on application software: (1) vulnerabilities exist in the application software; (2) the terminal device 10b has authority to access the application software with the vulnerability; (3) the vulnerability may be exploited by the terminal device 10 b. In other words, the terminal device 10b wants to achieve the object of: and carrying out fuzzy test on the release file of the application software, finding out the loopholes in the application software, selecting the loopholes which can be utilized from the loopholes which are found out in the process of accessing the application software, controlling the internal program of the application software through the loopholes, and destroying the application software.
In the embodiment of the present application, before the application software is not released, the binary file of the application software is strengthened and protected, that is, the released file obtained by the terminal device 10b is a protected binary code; even if the tester fails to detect all vulnerabilities before the application is released (i.e., vulnerabilities may still exist in the released application), the terminal device 10b may not detect the vulnerabilities existing in the application or only detect very few vulnerabilities when performing the fuzzy test on the protected binary, and thus the terminal device 10b may not use the vulnerabilities to attack the application at all. In other words, by reinforcing and protecting the release file of the application software, the vulnerability detection capability of an attacker can be reduced, and the security of the application software is further improved.
Referring to fig. 4, fig. 4 is a flow chart of a data security reinforcement method according to an embodiment of the present application. It can be understood that the data security reinforcement method can be applied after a test link and before a release link of the application software, and the reinforcement binary file obtained by the data security reinforcement method can be distributed to a terminal device or a server for running the application software; the method comprises the steps of carrying out a first treatment on the surface of the As shown in fig. 4, the data security reinforcement method may include the steps of:
Step S101 of acquiring a conversion hit frequency between basic function code blocks in the target program, and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequency.
Specifically, before the target data is released, the computer device may acquire a target program corresponding to the target data, where the target program may refer to a source code corresponding to the target data, and the target data may be a website, an applet, an application software, or the like, and the application does not limit the type of the target data; for convenience of description, the following description will take the example that the target data is application software. It may be understood that, the target program referred to in the embodiments of the present application may refer to source code after repairing a bug detected by a tester, where the target program may be composed of a series of basic functional code (basic block) blocks, and the basic functional code blocks refer to a statement sequence executed by the target program sequentially; the computer device may be a device for performing data consolidation on the target program, may be a terminal device, or may be a server, and is not limited in this application.
When executing the target program, all or part of basic function code blocks in the target program can be executed, for example, different basic function code blocks can be executed by inputting different test data, i.e. different test data can correspond to different execution tracks, and different test data can correspond to different services or functions of the application software. The computer device may acquire conversion hit frequencies between basic function code blocks included in the target program by inputting basic function code blocks executed by different test data; since there may be no real error handling code in the target program, the conversion hit frequency in this application may refer to the frequency at which any two basic function code blocks are sequentially executed (i.e., the frequency of the basic function code block call relationships), or may be understood as the access frequency of an edge in the control flow graph corresponding to the target program, instead of the access frequency of the basic function code blocks, where an edge may be used to connect two basic function code blocks in the target program, and the term "conversion" in the conversion hit frequency may be understood as "edge". For example, the path that test data 1 performs in the target program is: basic function code block 1- > basic function code block 2- > basic function code block 3, the path in which the test data 2 is executed in the target program is basic function code block 1- > basic function code block 2- > basic function code block 4- > basic function code block 5, it can be determined that the conversion hit frequency between basic function code block 1 and basic function code block 2 is 2, the conversion hit frequency between basic function code block 2 and basic function code block 3 is 1, the conversion hit frequency between basic function code block 2 and basic function code block 4 is 1, and the conversion hit frequency between basic function code block 4 and basic function code block 5 is 1. Optionally, the conversion hit frequency may also refer to a proportion of hit times of each side of the control flow graph corresponding to the target program in the total hit times of all sides, where the method for obtaining the conversion hit frequency between basic function code blocks is not limited in the present application.
Further, the computer apparatus may analyze the basic function code blocks in the target program according to the conversion hit frequency between the basic function code blocks, and determine an error processing path from among the basic function code blocks included in the target program, which may refer to a path in which invalid test data is executed in the target program, such as a path constituted by basic function code blocks which hit rarely in the normal execution case but are frequently used in the fuzzy test. In other words, the basic function code blocks on the error processing path are rarely executed under normal execution conditions, i.e., paths where valid test data is not executed.
In one or more embodiments, a computer device may generate a configuration file for determining error handling paths through a configuration file generator, where the configuration file may refer to a file containing one or more error handling paths in a target program. The computer equipment can acquire an effective test set, execute a target program according to effective test data contained in the effective test set, and obtain a target execution edge set, wherein each executed edge in the target execution edge set is used for connecting two basic function code blocks in the target program, namely, each executed edge in the target execution edge set can be used for representing the calling relation of the two basic function code blocks under the effective test data; meanwhile, the computer equipment can also acquire a random test set, execute the target program according to random test data contained in the random test set, and obtain a random execution edge set, wherein each executed edge in the random execution edge set is used for connecting two basic function code blocks in the target program, namely, each executed edge in the random execution edge set can be used for representing the calling relation of the two basic function code blocks under the random test data. The effective test set may include one or more effective test data, and the random test set may include one or more random test data, where the random test data may be effective test data or ineffective test data; the target execution edge set comprises edges between basic function code blocks executed by each valid test data in the valid test set in the target program, and execution paths of different valid test data in the target program may comprise the same executed edges, so that the same executed edge can appear one or more times in the target execution edge set; similarly, one or more executed edges may also appear in the set of randomly executed edges. Of course, the target execution edge set and the random execution edge set may contain the same executed edge, i.e., there may be a portion of the executed edge that is repeated in the target execution edge set and the random execution edge set.
The computer equipment can count the first occurrence times corresponding to each executed edge in the target execution edge set respectively, namely the frequency of each executed edge in the target execution edge set, and acquire the second occurrence times corresponding to each executed edge in the random execution edge set respectively, namely the frequency of each executed edge in the random execution edge set; according to the first occurrence times and the second occurrence times, the conversion hit frequency between basic function code blocks in the target program is determined, and then the error processing path of the target program can be determined from the random execution edge set according to the conversion hit frequency. Still further, for any one of the set of randomly executed edges (e.g., executed edge i), the executed edge i may be used to connect the basic function code block a and the basic function code block b in the target program, that is, to represent a call relationship between the basic function code block a and the basic function code block b, i is a positive integer less than or equal to the number of executed edges in the set of randomly executed edges, and a and b are both positive integers less than or equal to the number of basic function code blocks in the target program; if the conversion hit frequency between the basic function code block a and the basic function code block b is smaller than a frequency threshold (the frequency threshold can be set according to actual requirements, which is not limited in the application), and the executed edge i does not belong to the target execution edge set, the executed edge i can be determined as an error processing edge; combining error processing edges in the random execution edge sets to obtain D error edge sets, and determining an error processing path of a target program according to basic function code blocks associated with the error processing edges in each error edge set, wherein D is a positive integer, and if D can take values of 1,2 and … …; because the executed edges in the target execution edge set are all edges executed by valid test data, the executed edges in the target execution edge set cannot be error processing edges, and the error processing edges belong to random execution edge sets.
Optionally, the computer device may input the valid test data in the valid test set and the random test data in the random test set into a configuration file generator, where the configuration file generator uses the valid test data in the valid test set to execute an initial binary code corresponding to the target program (i.e., an unprotected binary code that may be used by an internal tester to test after compiling the target program, which may also be referred to as an initial binary file), and collect a set of executed edges, i.e., a set of target execution edges. The initial binary code corresponding to the target program is executed in the configuration file generator using random test data in the random test set, and a set of executed edges, namely a random execution edge set, is collected. After the conversion hit frequency is obtained through statistics, error processing edges can be determined from the random execution edge sets, all the error processing edges are combined, D error edge sets can be obtained, and the error processing edges in each error edge set can form one or more error processing paths.
Assuming that the valid test set is denoted as V, the random test set is denoted as R, the target execution edge set is denoted as E (V), the random execution edge set is denoted as E (R), and the erroneous edge set is denoted as EHE, the erroneous edge set EHE may be expressed as an executed edge corresponding to at least n% of the random test data, as shown in the following equation (1):
Figure BDA0003321399390000121
Wherein E is used to represent the error handling edges in the error edge set, P (E (R)) is represented as a power set of the randomly executing edge set E (R), E (i) is represented as a set of executed edges from which the test data comes, the value of i can be used to control the number of available critical positions, the higher the value of n, meaning that the fewer the number of executed edges contained in the error edge set EHE, n can be a positive integer, and i can be an integer; a configuration file containing the above described error edge sets EHE may be generated by a configuration file generator, in which a number of key positions available in each error edge set EHE may also be specified, which may be used for injecting subsequent barrier codes. It should be noted that, the above formula (1) is only one way to obtain the set of error edges, and the present application may also use other ways to determine the set of error edges, such as random combination.
Step S102, variable configuration information for configuring program jump parameters is obtained, and an obstacle code containing a cooperative jump table is generated according to the variable configuration information; the cooperative jump table in the barrier code is used to block the fuzzy test for the target program.
Specifically, the computer device may obtain variable configuration information for configuring a program jump parameter, where the program jump parameter may be one or more, for example, the program jump parameter may include a jump limit parameter (may also be referred to as a statement jump limit), a length limit parameter (may also be referred to as an input length limit), a jump table size parameter (may also be referred to as a size of a jump table), and the variable configuration information may include configuration information of each of the foregoing program jump parameters; generating an obstacle code containing a cooperative jump table according to the variable configuration information, wherein the core logic of the obstacle code can refer to a set of cooperative jump tables, and the cooperative jump table in the obstacle code can be used for preventing fuzzy testing for a target program (application software). Alternatively, the computer device may input the variable configuration information into a fuzzy test obstacle generator, where the fuzzy test obstacle generator may generate an obstacle code according to the variable configuration information, and the variable configuration information may be information configured by a user.
Optionally, when the program jump parameter includes a jump limit parameter, a length limit parameter, and a jump table size parameter, the variable configuration information may include jump configuration information for the jump limit parameter, length configuration information for the length limit parameter, and size configuration information for the jump table size parameter; the computer equipment can declare K cooperative jump tables according to jump configuration information, length configuration information and size configuration information in the variable configuration information; k is a positive integer; and inserting a tag for marking the jump position into each of the K cooperative jump tables to generate an obstacle code containing the K cooperative jump tables.
Wherein two different types of cooperative jump tables can be configured, and the first type of jump table can contain more tags; the second type of jump table may be multiple and the same size and smaller than the first type of jump table. For example, when the size configuration information includes first sub-configuration information and second sub-configuration information, and the size of the jump table determined by the first sub-configuration information is greater than the size of the jump table determined by the second sub-configuration information, the computer device may declare a first type jump table according to the jump configuration information, the length configuration information, and the first sub-configuration information in the variable configuration information, where the first type jump table is used to indicate that the test case is reserved in the fuzzy test to execute the error processing path, and may also be understood that the first type jump table is used to misguide the fuzzy tester to reserve more test cases to execute the error processing path, where the fuzzy tester may refer to a tool for performing the fuzzy test; according to the jump configuration information, the length configuration information and the second sub-configuration information in the variable configuration information, a second type jump table is declared, the first type jump table and the second type jump table are determined to be K cooperative jump tables, and the second type jump table is used for attenuating test cases of the fuzzy test. After declaring the collaborative jump table, a tag may be placed in the write jump table to mark the location of the jump. When jumping between marked locations, a jump limit parameter (statement jump limit) is responsible for controlling when to jump out, which limits the number of jumps before exiting the jump table logic. If the hop count limit is reached, the program will hop out of the collaborative hop table. The next location to jump to is randomly selected from the collaboration label table. In addition, only when the length configuration information corresponding to the length limiting parameter is larger than the length configuration information corresponding to the length limiting parameter, the program can continue to execute the next cooperative jump table, and the mechanism can cover more cooperative jump tables.
Step S103, inserting barrier codes into the error processing path of the target program, and generating a reinforcement binary file for release.
Specifically, the computer device may insert an obstacle code in the error handling path of the target program, and generate a self-protected binary code, i.e., a hardened binary file. The reinforcement binary file can prevent the vulnerability detection capability of the fuzzy test on the basis of ensuring the normal execution of the target program.
The computer equipment can determine a key position corresponding to the barrier code in an error processing path of the target program, the barrier code is inserted into the key position through a compiler, and the key position can be determined through an available position in a configuration file generated by a configuration file generator; and compiling the target program inserted with the barrier code in a compiler to generate a reinforcement binary file for release.
Further, the computer device may issue the hardened binary file to the software management platform, so that a first device in the software management platform obtains the hardened binary file, loads the hardened binary file, accesses application software corresponding to the hardened binary file, where the first device may refer to a terminal device used by an ordinary user, and the ordinary user may normally use the application software corresponding to the hardened binary file through the first device.
Referring to fig. 5, fig. 5 is a schematic flow chart of generating a hardened binary file according to an embodiment of the present application. As shown in fig. 5, the computer device may provide a set of valid inputs (i.e., a valid test set) and a set of random inputs (i.e., a random test set) to the configuration file generator, execute the initial binary code of the target program using the valid inputs, and collect the target execution edge set; the initial binary program is executed by using random input, a random execution edge set is collected, conversion hit frequencies among various basic function code blocks can be counted through the target execution edge set and the random execution edge set, further an error processing path can be determined based on the conversion hit frequencies, and a configuration file containing the error processing path is generated and can be input into a custom compiler. The ambiguity test obstacle generator may generate the obstacle code according to variable configuration information for configuring the program jump parameter. The custom compiler may break the error handling edge of the error handling path and insert a blocking code blocking the grey box fuzziness test in the error handling path of the source code (i.e., the target program) based on the configuration file generated by the configuration file generator and generate a hardened binary file.
In the embodiment of the application, after the error processing path is determined from the target program, the reinforcement binary file is obtained by inserting the barrier code into the error processing path, and the normal execution efficiency of the target program is not affected by the barrier code inserted into the error processing path, namely, the vulnerability detection capability in the fuzzy test can be reduced on the basis of normal execution of the data corresponding to the reinforcement binary file, so that the safety of the data can be improved; the reinforced binary file has robust anti-fuzzy test characteristics, which means that the gray box fuzzy test of different implementation modes can obtain similar results for the target program, and the vulnerability detection capability in the fuzzy test is further reduced; the reinforcement binary file does not interrupt normal functions nor significantly reduce the execution efficiency of the original program.
Referring to fig. 6, fig. 6 is a flowchart of a data security reinforcement method according to an embodiment of the present application. It will be appreciated that the data security reinforcement method may be performed by a computer device, which may be a server, or a terminal device; as shown in fig. 6, the data security reinforcement method may include the steps of:
Step S201, when the second device is detected to carry out fuzzy test on the reinforcement binary file, a target test set provided by the second device in the fuzzy test is obtained.
Specifically, when the second device wants to attack the application software, the second device may perform the fuzzy test on the hardened binary file by using the test cases in the target test set, and at this time, the computer device may obtain the target test set provided by the second device in the fuzzy test, where the target test set may include the test cases used when the second device performs the fuzzy test on the hardened binary file.
If the second device wants to attack the application software, the second device may obtain the published hardened binary file from the software management platform, and since the hardened binary file refers to a binary code generated after the barrier code is inserted into the source code, the second device cannot access the source code of the application program, and only a fuzzy test can be executed on the hardened binary file, where the fuzzy test may be a gray box fuzzy test or a black box fuzzy test. When the second device performs the fuzzy test on the reinforced binary file, input data (also referred to as an input vector) of the fuzzy test can be determined, and the input data can be file data, network data, environment variables and the like, so that the type of the input data is not limited; based on the input data, a test case for executing the fuzzy test can be generated, for example, by designing a method for the fuzzy test and a test data generation algorithm, the test case corresponding to the input data can be generated; the number of the test cases adopted in the fuzzy test process can be multiple, the multiple test cases can form a target test set, and the fuzzy test method and the test data generation algorithm are not limited in the application.
After the second device obtains the target test set, a target process for executing the fuzzy test can be started, the target test set is sent to the test device, and a reinforcement binary file and the like in the test device are opened; the test device may refer to any device with a reinforced binary file, and the type of the test device is not specifically limited in this application. For convenience of description, the test device is taken as an example of the foregoing computer device, and after the second device sends the target test set to the computer device, the computer device may receive the target test set sent by the second device.
Step S202, reserving target test cases associated with error processing paths from a target test set by reinforcing barrier codes in binary files; the target test case is used for blocking the vulnerability detection function in the fuzzy test.
Specifically, since the barrier code is injected into the reinforcement binary file, the computer device can reserve the target test case associated with the error processing path from the target test set through the barrier code in the reinforcement binary file, and the target test case can be used for performing fuzzy test on the reinforcement binary file. Referring to fig. 7, fig. 7 is a schematic diagram of a component structure of a gray scale blur test according to an embodiment of the present application. In the following, a dust box blur test is described as an example, and as shown in fig. 7, the dust box blur test may include a seed (also referred to as a test case) evaluator, a seed mutator, and a feedback collector. The seed evaluator is a component that maintains a seed queue, which may refer to a queue for storing test cases in a target test set. Generally, a seed evaluator is responsible for selecting the next seed to be mutated and proposes how much computing power (which may also be referred to as computational power scheduling) is spent on that seed, which can help maximize output by providing an optimal solution for seed selection and computational power scheduling. Since the enhanced binary file in the application contains the barrier code, that is, the barrier code falsifies the seed evaluator, the seed evaluator can be induced to evaluate the quality of the seeds by mistake, and even some high-quality seeds are abandoned.
The seed mutation device is the basis of all fuzzy test technologies, and can effectively generate high-quality new test cases. The reinforcement binary file contains barrier codes to tamper the seed mutator, so that the seed mutator cannot generate new test input different from seed content and coverage range, namely new test cases.
The feedback collector is a component that collects feedback from the testing of the hardened binary file during execution. The feedback collector may be used to provide accurate and concise feedback information, while feedback collectors tampered with by obstacle codes may collect reporting errors and feedback results.
As shown in fig. 7, the role of reinforcing the binary file (i.e., the role of the barrier code) in the present application may include: seed queue explosion, seed decay, and feedback contamination. The seed queue explosion can refer to a seed evaluator in the fuzzy test of the obstacle code confusion gray box, and the seed attenuation technology can refer to a process of generating larger seeds by the obstacle code distortion seed mutation device, so that the efficiency of the overall fuzzy test is reduced; the feedback information may also be contaminated by the barrier code generating saturated records and non-deterministic execution behavior.
Among them, the seed queue explosion is described below: the cooperative jump table in the barrier code may include a first type jump table, when an execution path of a test case x in the target test set in the reinforcement binary file is an error processing path, determining, by the first type jump table in the barrier code, a computational power schedule of the test case x, where x may be a positive integer, e.g., x may take a value of 1,2, … …, and the test case x may be any one test case in the target test set; the quality evaluation is carried out on the calculation power schedule of the test case x through a test case evaluator (namely the seed evaluator) of the fuzzy test, so as to obtain a quality evaluation value of the test case x; and when the quality evaluation value of the test case x meets the evaluation threshold condition, determining the test case x as a target test case. It will be appreciated that the purpose of the test case evaluator is to generate a high-quality test case, because the reinforcement binary file contains the barrier code, the test case evaluator cannot accurately evaluate the test case x, that is, after the quality evaluation value of the test case x is obtained by the test case evaluator, the quality evaluation value may satisfy an evaluation threshold condition, for example, the quality evaluation value is greater than an evaluation threshold (the evaluation threshold may be set according to actual requirements, which is not limited in the present application), however, the test case x may be a low-quality test case in nature. In other words, if the reinforcement binary file does not include the barrier code, if the reinforcement binary file does not include the first type jump table, the quality evaluation value obtained by the test case evaluator may not meet the evaluation threshold condition, however, due to the insertion of the barrier code, the evaluation result of the test case evaluator is misled, so that the quality evaluation value of the test case x meets the evaluation threshold condition, and the test case is determined to be a high-quality target test case.
In the embodiment of the application, the method can be used forMisleading fuzzy tests preserve a large number of target test cases to execute the error processing path, thereby causing the number of seed queues to explode. Since the hardened binary file can be jumped from one tagged location to another based on the collaborative jump table, a collaborative jump table containing n tags can provide n basic function code blocks and n 2 Conversion (which may be understood as edges) of individual basic function code blocks. Thus reinforcing the collaborative jump table (barrier code) injected in the binary file can provide considerable program coverage feedback to fool the fuzzy test to preserve a large amount of data as the target test case for executing the barrier code. In addition, since the obstacle code is injected into the error handling path, test cases of the new false path are preserved. Meanwhile, in the first type jump table of the obstacle codes, more target test cases can be reserved to practice error processing paths.
Optionally, the seed decay technique is described below: the cooperative jump table in the obstacle code may include a second type jump table; when the execution path of the test case y in the target test set in the reinforcement binary file is an error processing path, carrying out mutation processing on the test case y in a test case mutation device (namely the seed mutation device) of the fuzzy test according to a second type jump table in the barrier code to generate candidate test cases; wherein y can be a positive integer, for example, y can take the values of 1,2 and … …, and the test case y can be any test case in the target test set; and when the data length of the candidate test case is larger than that of the test case y, determining the candidate test case as a target test case. Among other things, fuzzy testing is substantially more prone to compact test cases, because test cases with less variation are more likely to hit valuable bytes and cover new paths in the hardened binary file. For example, if an XML (Extensible Markup Language ) file is modified to test an XML parser, then modifying the markup is more important than modifying the data, and modifying a smaller XML file is more likely to hit the markup in the hardened binary file. Thus, some fuzzy tests may attempt to trim seeds by deleting certain bytes that do not affect program coverage, and in embodiments of the present application, by reinforcing barrier code inserted in the binary file, the fuzzy test may be directed to retain larger and larger data as target test cases, weakening the impact of valuable bytes therein. In other words, under the guidance of the barrier code, the test case mutator can reserve the target test case with a larger data length, where the data length may refer to the byte length of the test case.
It should be noted that the second type skip list in the barrier code provides more feedback when the data length of the test case becomes larger. Optionally, an additional tool may be further used to monitor the input reading position of the target program and keep a copy of the input length of the barrier code, and the fuzzy test is guided by the length limiting parameter (i.e. the input length limiting variable) in the second type jump table, so that the target test cases with increasingly larger data length are gradually kept, and more target test cases with larger data length and lower mutation efficiency are finally kept in the fuzzy test.
Optionally, feedback contamination is described below: in the fuzzy test, executing a reinforcement binary file according to the test cases in the target test set, and generating one or more execution tracks corresponding to the test cases in the target test set through random logic contained in barrier codes in the reinforcement binary file; acquiring execution feedback information corresponding to one or more execution tracks respectively, and accumulating the execution feedback information corresponding to the test cases in the target test set to obtain the total feedback information; and when the memory space of the total amount of feedback information is larger than or equal to the storage space, generating a storage saturation record, wherein the storage saturation record can be used for indicating the fuzzy test to stop collecting the execution feedback information. One important feature of the fuzzy test is to collect feedback during operation to identify valuable input data and use the valuable input data as a test case for further mutation, while feedback information in the fuzzy test cannot be stored infinitely, i.e. a storage area for storing the feedback information may reach saturation, so that scalability of the fuzzy test can be limited; in addition, because multithreading or random logic is used in the hardened binary file, some test cases may generate different execution traces in different runs, which may lead to confusion of feedback information when fuzzy tests attempt to store feedback collected in the execution paths of the test cases.
For example, taking AFL (American Fuzzy Lop), which is an overlay-based fuzzy test tool, it may perform more calibration runs on test cases that behave differently, otherwise the feedback information of these test cases will contaminate the existing feedback records maintained by the fuzzy test, i.e., more computing power will be used to calibrate these test cases, while relatively less computing power may be used for abrupt changes, etc. The embodiment of the application can pollute the feedback record of the fuzzy test through the saturation feedback record (namely the storage saturation record) and the test case introducing the variable behavior, and can also be called as polluting the feedback information collected in the feedback collector.
It should be noted that, the cooperative jump table in the hardened binary file in the embodiment of the present application may provide a large amount of false feedback information for the fuzzy test, and may quickly saturate the feedback record, i.e. generate the storage saturation record. In addition, when the barrier code in the reinforcement binary file is executed, the next position of the jump is randomly selected from the cooperative jump table, so that the test case triggering the cooperative jump table naturally has different behaviors in the running process; in order to further cover the target test cases by using the test cases for executing the normal paths, random logic irrelevant to the target program can be added at the reading position of the monitoring test cases, and the random logic can be used for indicating that all the test cases have different execution tracks in different operations, so that the performance of the target test cases for executing the barrier codes is unstable, the feedback information is effectively utilized by the fuzzy test false transmission, and the vulnerability detection capability of the fuzzy test is reduced.
Alternatively, in order to verify the capability of the enhanced binary file to resist the fuzzy test, the embodiment of the present application performs an experiment on a different device, wherein the experiment is only one example of the present application, and the practical application of the enhanced binary file is not limited to the experiment. In experiments, two devices may be used, both of which may run over 2400 CPU (Central Processing Unit ) clocks, each machine configured Intel (R) Core (TM) i9-7940XCPU@3.10GHz (CPU performance parameters), 28 logical processor cores, 128GB RAM (random access memory ). Repeated experiments (for example, 10 times can be repeated) can be performed on the reinforcement binary file in the fuzzy test, and the times can be set according to actual requirements so as to reduce the randomness of the fuzzy test.
In this experiment, the parameter n in the formula (1) may be configured to be 95, and the jump limiting parameter is 10; the input length constraint (i.e., the length constraint parameter) starts at 100 and increases 5 to 8000 steps each, the memory space of the hardened binary file in this experiment being greater than the memory space of the original binary code. The reinforcement binary file may be evaluated on 3 different fuzzy testers, respectively, where the 3 different fuzzy testers may include AFL-QEMU (a black box fuzzy tester), AFL-Blackbox (AFL-BB, a gray box fuzzy tester), fairFuzz-QEMU (a gray box fuzzy tester). Suppose that the protected program in the hardened binary file may be exiv2 (an application extension file in the operating system), mjs (a file that may be used for an embedded engine), mp4aac (an online converted audio file), nm (a file associated with application software), obj dump (a command program for an executable file), etc. The experiment adopts the collapse quantity and the control flow graph edge coverage rate as the measurement for measuring the effect of reinforcing the binary file.
Compared with the initial binary code, the method has the advantages that when the AFL-QEMU is adopted to carry out fuzzy test on the reinforced binary file, the collapse detected by 87% of AFL-QEMU can be reduced averagely; the use of FairFuzz-QEMU for the fuzzy test of the reinforced binary file can average reduce the detected collapse of 74% FairFuzz-QEMU, and the reinforced binary file makes AFL-QEMU worse than black box fuzzy test in terms of detecting collapse on exvi2, mjs and mp42 aac. From the coverage rate, by reinforcing the barrier codes in the binary file, the fuzzy tester not only introduces a large number of test cases of the false path, but also enables fewer test cases of the generated real path, and the AFL-QEMU coverage rate is reduced by 23% on average and even worse than the black box fuzzy test effect. According to all experimental results, the fuzzy test technology can be effectively resisted by reinforcing the binary file, and the method has higher safety performance.
Optionally, a delayer may be set on some code paths (such as file format check error paths) that are rare or do not affect normal use of the user and are included in the source code, so as to delay the execution speed of the code, and further reduce the execution efficiency of the fuzzy test.
Optionally, the error may be encapsulated in the source code, so as to change the type of the error, so that the fuzzy tester of the attacker (for example, the second device) may missend the current feedback information accurately, and further may interfere with the efficiency of the whole fuzzy test process.
In the embodiment of the application, after the error processing path is determined from the target program, the reinforcement binary file is obtained by inserting the barrier code into the error processing path, and the normal execution efficiency of the target program is not affected by the barrier code inserted into the error processing path, namely, the vulnerability detection capability in the fuzzy test can be reduced on the basis of normal execution of the data corresponding to the reinforcement binary file, so that the safety of the data can be improved; the obstacle codes in the reinforcement binary codes can relate to the obstacle codes from the aspects of seed queue explosion, seed attenuation, feedback pollution and the like, so that fuzzy tests of attackers are resisted, the reinforcement binary files containing the obstacle codes have robust fuzzy test resistance, the reinforcement binary files can obtain similar results for gray box fuzzy tests of different implementation modes, and the vulnerability detection capability in the fuzzy tests is further reduced; the reinforcement binary file does not interrupt normal functions nor significantly reduce the execution efficiency of the original program.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a data security reinforcement device according to an embodiment of the present application. As shown in fig. 8, the data security reinforcement device 1 may include: a path determination module 11, a code generation module 12, a code insertion module 13;
a path determining module 11, configured to obtain a conversion hit frequency between basic function code blocks in the target program, and determine an error processing path in the basic function code blocks of the target program according to the conversion hit frequency;
a code generation module 12, configured to obtain variable configuration information for configuring a program jump parameter, and generate an obstacle code including a cooperative jump table according to the variable configuration information; the cooperative jump table in the barrier code is used for blocking fuzzy test for the target program;
the code insertion module 13 is configured to insert an obstacle code into an error processing path of the target program, and generate a hardened binary file for release.
The specific functional implementation manners of the path determining module 11, the code generating module 12, and the code inserting module 13 may refer to step S101-step S103 in the embodiment corresponding to fig. 4, which are not described herein.
In one or more embodiments, the path determination module 11 may include: a valid data execution unit 111, a random data execution unit 112, a hit frequency determination unit 113, an error processing path determination unit 114;
An effective data execution unit 111, configured to obtain an effective test set, execute a target program according to effective test data included in the effective test set, and obtain a target execution edge set; each executed edge in the target execution edge set is used for connecting two basic function code blocks in the target program;
a random data execution unit 112, configured to obtain a random test set, and execute a target program according to random test data included in the random test set, to obtain a random execution edge set; each executed edge in the random execution edge set is used for connecting two basic function code blocks in the target program;
a hit frequency determining unit 113, configured to count a first occurrence number corresponding to each executed edge in the target execution edge set, and a second occurrence number corresponding to each executed edge in the random execution edge set, and determine a transition hit frequency between basic function code blocks in the target program according to the first occurrence number and the second occurrence number;
an error processing path determination unit 114 for determining an error processing path of the target program from the random execution edge set according to the conversion hit frequency.
The specific functional implementation manner of the effective data execution unit 111, the random data execution unit 112, the hit frequency determination unit 113, and the error processing path determination unit 114 may refer to step S101 in the embodiment corresponding to fig. 4, and will not be described herein.
In one or more embodiments, the error processing path determination unit 114 may include: an executed edge acquisition subunit 1141, an error processing edge determination subunit 1142, an error processing edge combination subunit 1143;
an executed edge acquisition subunit 1141, configured to acquire an executed edge i from the random executed edge set; the executed edge i is used for connecting a basic function code block a and a basic function code block b in the target program, i is a positive integer less than or equal to the number of the executed edges in the random execution edge set, and a and b are both positive integers less than or equal to the number of the basic function code blocks in the target program;
an error processing edge determination subunit 1142, configured to determine the executed edge i as an error processing edge if the conversion hit frequency between the basic function code block a and the basic function code block b is less than the frequency threshold and the executed edge i does not belong to the target execution edge set;
an error processing edge combination subunit 1143, configured to combine error processing edges in the random execution edge sets to obtain D error edge sets, and determine an error processing path of the target program according to basic function code blocks associated with the error processing edges in each error edge set; d is a positive integer.
The specific functional implementation of the executed edge acquiring sub-unit 1141, the error processing edge determining sub-unit 1142, and the error processing edge combining sub-unit 1143 may refer to step S101 in the corresponding embodiment of fig. 4, and will not be described herein.
In one or more embodiments, the program jump parameters include a jump limit parameter, a length limit parameter, a jump table size parameter, and the variable configuration information includes jump configuration information for the jump limit parameter, length configuration information for the length limit parameter, and size configuration information for the jump table size parameter;
the code generation module 12 may include: a jump table declaration unit 121, a tag insertion unit 122;
a jump table declaring unit 121, configured to declare K cooperative jump tables according to jump configuration information, length configuration information, and size configuration information in the variable configuration information; k is a positive integer;
a tag inserting unit 122, configured to insert a tag for marking the jump position in each of the K cooperative jump tables, and generate an obstacle code including the K cooperative jump tables.
Optionally, the size configuration information includes first sub-configuration information and second sub-configuration information, and the size of the skip list determined by the first sub-configuration information is greater than the size of the skip list determined by the second sub-configuration information;
The jump table declaration unit 121 is specifically configured to:
according to the jump configuration information, the length configuration information and the first sub-configuration information in the variable configuration information, declaring a first type jump table; the first type jump table is used for indicating that test cases are reserved in the fuzzy test to execute error processing paths;
according to the jump configuration information, the length configuration information and the second sub configuration information in the variable configuration information, declaring a second type jump table, and determining the first type jump table and the second type jump table as K cooperative jump tables; the second type of jump table is used for attenuating test cases of the fuzzy test.
The specific functional implementation of the jump table declaration unit 121 and the tag insertion unit 122 may refer to step S102 in the embodiment corresponding to fig. 4, and will not be described herein.
In one or more embodiments, the code insertion module 13 may include: a key position determining unit 131, a compiling processing unit 132;
a critical position determining unit 131 for determining a critical position corresponding to the obstacle code in the error processing path of the target program, and inserting the obstacle code into the critical position through the compiler;
the compiling processing unit 132 is configured to compile a target program in which the barrier code is inserted in a compiler, and generate a hardened binary file for release.
The specific functional implementation of the key position determining unit 131 and the compiling processing unit 132 may refer to step S103 in the embodiment corresponding to fig. 4, and will not be described herein.
In one or more embodiments, the data security reinforcement device 1 may further include: a file issuing module 14;
the file publishing module 14 is configured to publish the hardened binary file to the software management platform, so that a first device in the software management platform obtains the hardened binary file, loads the hardened binary file, and accesses application software corresponding to the hardened binary file.
The specific functional implementation of the file publishing module 14 may refer to step S103 in the embodiment corresponding to fig. 4, and will not be described herein.
In one or more embodiments, the data security reinforcement device 1 may include: a target test set acquisition module 15, a test case retention module 16;
the target test set acquisition module 15 is configured to acquire a target test set provided by the second device in the fuzzy test when the second device is detected to perform the fuzzy test on the reinforcement binary file;
the test case retaining module 16 is configured to retain, from the target test set, a target test case associated with the error processing path by reinforcing an obstacle code in the binary file; the target test case is used for blocking loophole searching capability in fuzzy test.
The specific functional implementation manner of the target test set obtaining module 15 and the test case retention module 16 may refer to step S201 to step S202 in the embodiment corresponding to fig. 6, and will not be described herein.
In one or more embodiments, the collaborative jump table in the obstacle code includes a first type jump table;
the test case retention module 16 may include: a schedule acquisition unit 161, a quality evaluation unit 162, and a quality judgment unit 163;
a schedule obtaining unit 161, configured to obtain, when an execution path of a test case x in the target test set in the hardened binary file is an error processing path, a computational power schedule of the test case x through a first type jump table in the barrier code; x is a positive integer;
the quality evaluation unit 162 is configured to perform quality evaluation on the computation power schedule of the test case x by using the test case evaluator of the fuzzy test, to obtain a quality evaluation value of the test case x;
and a quality judging unit 163 for determining the test case x as a target test case when the quality evaluation value of the test case x satisfies the evaluation threshold condition.
Optionally, the cooperative jump table in the barrier code includes a second type jump table;
The test case retention module 16 may further include: a mutation processing unit 164, a data length judging unit 165;
the mutation processing unit 164 is configured to, when the execution path of the test case y in the target test set in the reinforcement binary file is an error processing path, perform mutation processing on the test case y in the test case mutagen of the fuzzy test according to the second type jump table in the barrier code, and generate a candidate test case; y is a positive integer;
the data length determining unit 165 is configured to determine the candidate test case as the target test case when the data length of the candidate test case is greater than the data length of the test case y.
The specific functional implementation manner of the schedule obtaining unit 161, the quality evaluating unit 162, the quality judging unit 163, the mutation processing unit 164, and the data length judging unit 165 may refer to step S202 in the embodiment corresponding to fig. 6, and the detailed description thereof will be omitted.
In one or more embodiments, the data security reinforcement device 1 may further include: the execution track generation module 17, the feedback information accumulation module 18 and the saturation record generation module 19;
the execution track generation module 17 is configured to execute, in the fuzzy test, a reinforcement binary file according to the test cases in the target test set, and generate one or more execution tracks corresponding to the test cases in the target test set by using random logic included in the barrier code in the reinforcement binary file;
The feedback information accumulating module 18 is configured to obtain execution feedback information corresponding to one or more execution tracks respectively, and accumulate the execution feedback information corresponding to the test cases in the target test set to obtain a total feedback information;
the saturation record generating module 19 is configured to generate a storage saturation record when the memory space of the total amount of feedback information is greater than or equal to the storage space; the saturation record is stored for indicating that the fuzzy test stops collecting the execution feedback information.
The specific functional implementation manner of the execution track generation module 17, the feedback information accumulation module 18, and the saturation record generation module 19 may refer to step S202 in the embodiment corresponding to fig. 6, and will not be described herein.
In the embodiment of the application, after the error processing path is determined from the target program, the reinforcement binary file is obtained by inserting the barrier code into the error processing path, and the normal execution efficiency of the target program is not affected by the barrier code inserted into the error processing path, namely, the vulnerability detection capability in the fuzzy test can be reduced on the basis of normal execution of the data corresponding to the reinforcement binary file, so that the safety of the data can be improved; the obstacle codes in the reinforcement binary codes can relate to the obstacle codes from the aspects of seed queue explosion, seed attenuation, feedback pollution and the like, so that fuzzy tests of attackers are resisted, the reinforcement binary files containing the obstacle codes have robust fuzzy test resistance, the reinforcement binary files can obtain similar results for gray box fuzzy tests of different implementation modes, and the vulnerability detection capability in the fuzzy tests is further reduced; the reinforcement binary file does not interrupt normal functions nor significantly reduce the execution efficiency of the original program.
Further, referring to fig. 9, fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 9, the computer device 1000 may be a user terminal or a server, which is not limited herein. For ease of understanding, this application will take a computer device as an example of a user terminal, and the computer device 1000 may include: processor 1001, network interface 1004, and memory 1005, in addition, the computer device 1000 may further comprise: a user interface 1003, and at least one communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may also include a standard wired interface, a wireless interface, among others. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1004 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also optionally be at least one storage device located remotely from the processor 1001. As shown in fig. 9, an operating system, a network communication module, a user interface module, and a device control application may be included in a memory 1005, which is one type of computer-readable storage medium.
The network interface 1004 in the computer device 1000 may also provide network communication functions, and the optional user interface 1003 may also include a Display screen (Display) and a Keyboard (Keyboard). In the computer device 1000 shown in fig. 9, the network interface 1004 may provide network communication functions; while user interface 1003 is primarily used as an interface for providing input to a user; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:
acquiring conversion hit frequencies among basic function code blocks in a target program, and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequencies;
variable configuration information for configuring program jump parameters is obtained, and an obstacle code containing a cooperative jump table is generated according to the variable configuration information; the cooperative jump table in the barrier code is used for blocking fuzzy test for the target program;
and inserting barrier codes into the error processing paths of the target program to generate the reinforcement binary file for release.
It should be understood that the computer device 1000 described in the embodiments of the present application may perform the description of the data security reinforcement method in any of the embodiments corresponding to fig. 4 and fig. 6, and may also perform the description of the data security reinforcement device 1 in the embodiment corresponding to fig. 8, which is not repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
Furthermore, it should be noted here that: the embodiments of the present application further provide a computer readable storage medium, in which the aforementioned computer program executed by the data security reinforcement device 1 is stored, and the computer program includes program instructions, when executed by a processor, can execute the description of the data security reinforcement method in any of the corresponding embodiments of fig. 4 and 6, and therefore, a detailed description will not be given here. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the embodiments of the computer-readable storage medium according to the present application, please refer to the description of the method embodiments of the present application. As an example, program instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or, alternatively, across multiple computing devices distributed across multiple sites and interconnected by a communication network, where the multiple computing devices distributed across multiple sites and interconnected by the communication network may constitute a blockchain system.
In addition, it should be noted that: embodiments of the present application also provide a computer program product or computer program that may include computer instructions that may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor may execute the computer instructions, so that the computer device performs the description of the data security reinforcement method in any of the foregoing embodiments corresponding to fig. 4 and 6, and thus, a detailed description will not be given here. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the computer program product or the computer program embodiments related to the present application, please refer to the description of the method embodiments of the present application.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the described order of action, as some steps may take other order or be performed simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.
The modules in the device of the embodiment of the application can be combined, divided and deleted according to actual needs.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by way of a computer program stored in a computer-readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing disclosure is only illustrative of the preferred embodiments of the present application and is not intended to limit the scope of the claims herein, as the equivalent of the claims herein shall be construed to fall within the scope of the claims herein.

Claims (14)

1. A method of data security reinforcement, comprising:
acquiring conversion hit frequencies among basic function code blocks in a target program, and determining an error processing path in the basic function code blocks of the target program according to the conversion hit frequencies;
variable configuration information for configuring program jump parameters is obtained, and an obstacle code containing a cooperative jump table is generated according to the variable configuration information; the cooperative jump table in the obstacle code is used for preventing fuzzy test for the target program;
and inserting the barrier code into the error processing path of the target program to generate a reinforcement binary file for release.
2. The method of claim 1, wherein the obtaining a transition hit frequency between basic function code blocks in a target program, determining an error processing path in the basic function code blocks of the target program based on the transition hit frequency, comprises:
Acquiring an effective test set, and executing the target program according to effective test data contained in the effective test set to obtain a target execution edge set; each executed edge in the target set of executed edges is used to join two basic function code blocks in the target program;
acquiring a random test set, and executing the target program according to random test data contained in the random test set to obtain a random execution edge set; each executed edge in the set of randomly executed edges is used to join two basic function code blocks in the target program;
counting the first occurrence times corresponding to each executed edge in the target execution edge set and the second occurrence times corresponding to each executed edge in the random execution edge set, and determining the conversion hit frequency between basic function code blocks in the target program according to the first occurrence times and the second occurrence times;
and determining the error processing path of the target program from the random execution edge set according to the conversion hit frequency.
3. The method of claim 2, wherein determining the error processing path of the target program from the set of randomly executed edges according to the transition hit frequency comprises:
Acquiring an executed edge i from the random execution edge set; the executed edge i is used for connecting a basic function code block a and a basic function code block b in the target program, i is a positive integer less than or equal to the number of executed edges in the random execution edge set, and a and b are both positive integers less than or equal to the number of basic function code blocks in the target program;
if the conversion hit frequency between the basic function code block a and the basic function code block b is smaller than a frequency threshold value and the executed edge i does not belong to the target execution edge set, determining the executed edge i as an error processing edge;
combining error processing edges in the random execution edge sets to obtain D error edge sets, and determining an error processing path of the target program according to basic function code blocks associated with the error processing edges in each error edge set; d is a positive integer.
4. The method of claim 1, wherein the program jump parameters include a jump limit parameter, a length limit parameter, a jump table size parameter, and wherein the variable configuration information includes jump configuration information for the jump limit parameter, length configuration information for the length limit parameter, and size configuration information for the jump table size parameter;
The generating the obstacle code containing the cooperative jump table according to the variable configuration information comprises the following steps:
according to the jump configuration information, the length configuration information and the size configuration information in the variable configuration information, K cooperative jump tables are declared; k is a positive integer;
and inserting a tag for marking the jump position into each of the K cooperative jump tables to generate an obstacle code containing the K cooperative jump tables.
5. The method of claim 4, wherein the size configuration information comprises first sub-configuration information and second sub-configuration information, the first sub-configuration information determining a jump table size that is greater than the jump table size determined by the second sub-configuration information;
the step of declaring K cooperative jump tables according to the jump configuration information, the length configuration information and the size configuration information in the variable configuration information includes:
according to the jump configuration information, the length configuration information and the first sub configuration information in the variable configuration information, a first type jump table is declared; the first type jump table is used for indicating that test cases are reserved in the fuzzy test to execute error processing paths;
According to the jump configuration information, the length configuration information and the second sub configuration information in the variable configuration information, a second type jump table is declared, and the first type jump table and the second type jump table are determined to be the K cooperative jump tables; the second type jump table is used for attenuating test cases of the fuzzy test.
6. The method of claim 1, wherein inserting the barrier code in the error handling path of the target program generates a hardened binary for release, comprising:
determining a key position corresponding to the barrier code in an error processing path of the target program, and inserting the barrier code into the key position through a compiler;
and compiling the target program inserted with the barrier code in the compiler to generate the reinforcement binary file for release.
7. The method as recited in claim 1, further comprising:
and publishing the reinforcement binary file to a software management platform so that a first device in the software management platform can acquire the reinforcement binary file, load the reinforcement binary file and access application software corresponding to the reinforcement binary file.
8. The method as recited in claim 1, further comprising:
when detecting that the second equipment carries out fuzzy test on the reinforcement binary file, acquiring a target test set provided by the second equipment in the fuzzy test;
reserving, from the target test set, a target test case associated with the error processing path by the barrier code in the hardened binary file; the target test case is used for blocking the vulnerability detection function in the fuzzy test.
9. The method of claim 8, wherein the cooperative jump table in the barrier code comprises a first type jump table;
the retaining, by the barrier code in the hardened binary file, the target test case associated with the error handling path from the target test set, including:
when the execution path of the test case x in the target test set in the reinforcement binary file is the error processing path, determining the computational power scheduling of the test case x through the first type jump table in the barrier code; x is a positive integer;
performing quality evaluation on the computing power schedule of the test case x through the test case evaluator of the fuzzy test to obtain a quality evaluation value of the test case x;
And when the quality evaluation value of the test case x meets an evaluation threshold condition, determining the test case x as the target test case.
10. The method of claim 8, wherein the cooperative jump table in the barrier code comprises a second type jump table;
the retaining, by the barrier code in the hardened binary file, the target test case associated with the error handling path from the target test set, including:
when the execution path of the test case y in the target test set in the reinforcement binary file is the error processing path, carrying out mutation processing on the test case y in the fuzzy test case mutation device according to the second type jump table in the barrier code to generate a candidate test case; y is a positive integer;
and when the data length of the candidate test case is larger than that of the test case y, determining the candidate test case as the target test case.
11. The method as recited in claim 8, further comprising:
in the fuzzy test, executing the reinforcement binary file according to the test cases in the target test set, and generating one or more execution tracks corresponding to the test cases in the target test set through random logic contained in the barrier codes in the reinforcement binary file;
Acquiring execution feedback information corresponding to the one or more execution tracks respectively, and accumulating the execution feedback information corresponding to the test cases in the target test set to obtain the total feedback information;
when the memory space of the total amount of the feedback information is larger than or equal to the storage space, generating a storage saturation record; the stored saturation record is used for indicating the fuzzy test to stop collecting execution feedback information.
12. A data security reinforcement device, comprising:
a path determining module, configured to obtain a conversion hit frequency between basic function code blocks in a target program, and determine an error processing path in the basic function code blocks of the target program according to the conversion hit frequency;
the code generation module is used for acquiring variable configuration information for configuring program jump parameters and generating obstacle codes containing a cooperative jump table according to the variable configuration information; the cooperative jump table in the obstacle code is used for preventing fuzzy test for the target program;
and the code insertion module is used for inserting the barrier code into the error processing path of the target program and generating a reinforcement binary file for release.
13. A computer device comprising a memory and a processor;
the memory is connected to the processor, the memory is used for storing a computer program, and the processor is used for calling the computer program to enable the computer device to execute the method of any one of claims 1-11.
14. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method of any of claims 1-11.
CN202111247641.3A 2021-10-26 2021-10-26 Data security reinforcement method, device, equipment and medium Pending CN116028937A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111247641.3A CN116028937A (en) 2021-10-26 2021-10-26 Data security reinforcement method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111247641.3A CN116028937A (en) 2021-10-26 2021-10-26 Data security reinforcement method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116028937A true CN116028937A (en) 2023-04-28

Family

ID=86071014

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111247641.3A Pending CN116028937A (en) 2021-10-26 2021-10-26 Data security reinforcement method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116028937A (en)

Similar Documents

Publication Publication Date Title
Manès et al. The art, science, and engineering of fuzzing: A survey
Perez et al. Smart contract vulnerabilities: Vulnerable does not imply exploited
Petsios et al. Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities
Tang et al. Nodemerge: Template based efficient data reduction for big-data causality analysis
Perez et al. Smart contract vulnerabilities: Does anyone care
US10387655B2 (en) Method, system and product for using a predictive model to predict if inputs reach a vulnerability of a program
Ma et al. Accurate, low cost and instrumentation-free security audit logging for windows
Zhang et al. Ethploit: From fuzzing to efficient exploit generation against smart contracts
US8646088B2 (en) Runtime enforcement of security checks
Huang et al. Software crash analysis for automatic exploit generation on binary programs
Ferreira Torres et al. Ægis: Shielding vulnerable smart contracts against attacks
Groce et al. What are the actual flaws in important smart contracts (and how can we find them)?
Luckow et al. Symbolic complexity analysis using context-preserving histories
Manes et al. The art, science, and engineering of fuzzing: A survey
Mouzarani et al. Smart fuzzing method for detecting stack‐based buffer overflow in binary codes
Smith et al. Sugarcoat: Programmatically generating privacy-preserving, web-compatible resource replacements for content blocking
CN111919214A (en) Automatic generation of patches for security violations
Lacombe et al. Combining static analysis and dynamic symbolic execution in a toolchain to detect fault injection vulnerabilities
Alnaeli et al. Source code vulnerabilities in IoT software systems
Wang et al. Tunter: assessing exploitability of vulnerabilities with taint-guided exploitable states exploration
Khodayari et al. It’s (dom) clobbering time: Attack techniques, prevalence, and defenses
Hamadouche et al. Virus in a smart card: Myth or reality?
Alnaeli et al. Vulnerable C/C++ code usage in IoT software systems
Munir et al. Pre-deployment Analysis of Smart Contracts--A Survey
Aloraini et al. Evaluating state-of-the-art free and open source static analysis tools against buffer errors in android apps

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination