| Heap overflow vulnerability is a kind of vulnerability widely distributed in software vulnerabilities.How to analyze and detect heap overflow vulnerability quickly and effectively is one of the important issues in the field of vulnerability analysis.In view of this problem,considering the universality and universality of different heap overflow vulnerabilities,this paper selects three different kinds of heap overflow vulnerabilities: fastbin,double free,house of spirit.The main research contributions and innovative achievements are as follows:First,an automatic detection technology of heap overflow vulnerability of fastbin type is proposed.This technology aims at the type of fastbin heap overflow vulnerability,through the construction of the automatic detection module to realize the automatic detection technology of the type of fastbin heap overflow vulnerability,solves the automatic detection problem of the type of fastbin vulnerability.Second,an automatic detection technology of double free type heap overflow vulnerability is proposed.This technology aims at the double free type heap overflow vulnerability,through the construction of the automatic detection module to realize the automatic detection technology of double free type heap overflow vulnerability,solves the automatic detection problem of double free type vulnerability.Third,an automatic detection technology of heap overflow vulnerability of house of spirit type is proposed.This technology is aimed at the house of spirit type heap overflow vulnerability.By building the automatic detection module of heap overflow vulnerability,the automatic detection technology of house of spirit type heap overflow vulnerability is realized,which solves the automatic detection problem of house of spirit type vulnerability.Finally,on the basis of the previous research results,the paper designs and implements the automatic detection prototype system of heap overflow vulnerability by using symbol execution and taint analysis technology.The prototype system can realize the automatic detection of three kinds of heap overflow vulnerabilities.The validity of the prototype system is proved by experiments. |
PDF Full Text Request