| Software vulnerability is a special kind of software faults. Usually, they don't affect software's normal function. But attackers can use them to access to unauthorized resource, destroy sensitive data, and threaten the information security. The software vulnerability digging becomes an important technology for guaranteeing information security.In this thesis, we explain the definition of software vulnerability based on the notion of security policies, analyze its essence and cause, summarize and compare the primary digging technology. After the principle and confirmation condition of typical software vulnerability are analyzed, a flow of software vulnerability digging is advanced. Then, the system frame and each function block of SVDP are introduced. A new algorithm of loop detection is implemented. Finally, test of SVDP is accomplished, whose result indicates that SVDP is effective and practicable.Here are the main works of this thesis:1 With the research of the definition and the cause of software vulnerability, current primary software vulnerability digging approaches are compared and analyzed. A flow of software vulnerability digging is provided.2 Making use the flow of software vulnerability digging, SVDP (Software Vulnerability Digging Plug-in) which is an automatic tool for software vulnerability digging based on IDA is designed. SVDP can accomplish the multi-patterns, the multi-engine vulnerability digging on the disassembled code level.3 We analyze the current algorithms used to detect natural loops, indicate the limitation of current algorithms, when they are used to detect irreducible loop, implement a new algorithms which can adapt to detect both reducible loop and irreducible loop. |
PDF Full Text Request