Vulnerability Causation Analysis Based on Dynamic Execution Logging and Reverse Analysis
Software vulnerabilities pose a great threat to software security,and there are numerous security incidents due to software vulnerabilities around the world every year.However,in the actual development process,due to the lack of security awareness of developers and the increasing complexity of code and business logic,it is difficult to avoid the existence of security vulnerabilities in software code.Aiming at the challenges of inaccurate error code positioning and inefficient analysis faced by the existing methods,this paper broke through the challenges of obtaining and reverse analysis of instruction runtime information and accurate positioning of error code,and proposed a method for locating the cause of program errors based on trace logs and reverse execution,which was capable of tracking the code execution flow of the program,recording the register state information and storage access state information of the instruction in the runtime state,and analyzing the pointer associated with the pointer that triggered the execution error.It can track the code execution flow of the program,record the register state information and storage access state information in the running state of the instruction,analyze the set of instructions that generate,use,and compute the pointer value associated with the pointer that triggers the execution error,and realize the efficient and accurate vulnerability cause analysis and localization.
万方数据
维普
