Research On Comprehensive Detection Method Of Software Based On Vulnerability Analysis

With the popularization of information sharing, various software applications have emerged. The software function is becoming more and more diverse, the control structure of the code becomes increasingly complex. The rapid expansion of software leads to some security issues, these issues have caused attention in all aspect of society. In order to maintain the security of information systems, efficient and practical software vulnerability analysis technologies are in short supply. More and more study teams have taken part in the study of software vulnerability detection method. But most research focuses on one aspect of vulnerability detection, and the understanding of software vulnerability analysis technology is not comprehensive. Based on the vulnerability analysis, this paper studies the comprehensive software security testing method. The main research work of this paper is as follows.First of all, on the basis of reading a large number of relevant documents, this paper studies deeply the definition and characteristics of software vulnerability, the classification and outline of software. At the same time, this paper, from two aspects of static analysis and dynamic analysis, summarizes the current domestic and international research results about software security testing methods and tools. This lays the foundation for the further research work of the paper.Secondly, based on the source code of software security testing, backward trace analysis and symbolic execution to detect vulnerabilities is proposed. Firstly, all security-sensitive functions in the source code are collected as hot spots by pattern matching techniques. According to the hot spots to build data flow tree, the possible execution paths are obtained through the data flow tree. Then the program constraints are generated by entering a symbol and performing all the execution paths. The security constraints are calculated according to the predefined security requirements. The program constraints and the security constraints’ generation algorithm are given. Finally, based on program constraints and security constraints, the approach of detection the vulnerabilities is given.Besides, based on the binary code of software security testing as the research direction, a method of dynamic symbolic execution based on taint analysis is proposed. This method employs a taint layer to perform data flow analysis and quickly locates the first instruction related with symbolic inputs. Three optimization strategies are utilized in symbolic execution to further speed enhancing, including white list, state elimination and path search optimization.Finally, in order to prove the effectiveness of the two software testing methods which are mentioned in paper, experiments are carried out. At the same time, the comparative analysis with other tools is also carried out. Through the analysis of data results, the advantages of backward trace analysis and symbolic execution are confirmed in precision and recall. The performance of the dynamic symbolic execution optimization method based on binary program is also very prominent in the execution speed.