• Title/Summary/Keyword: 컨컬릭 실행

Search Result 1, Processing Time 0.016 seconds

Analyzing Vulnerable Software Code Using Dynamic Taint and SMT Solver (동적오염분석과 SMT 해석기를 이용한 소프트웨어 보안 취약점 분석 연구)

  • Kim, Sungho;Park, Yongsu
    • KIISE Transactions on Computing Practices
    • /
    • v.21 no.3
    • /
    • pp.257-262
    • /
    • 2015
  • As software grows more complex, it contains more bugs that are not recognized by developers. Attackers can then use exploitable bugs to penetrate systems or spread malicious code. As a representative method, attackers manipulated documents or multimedia files in order to make the software engage in unanticipated behavior. Recently, this method has gained frequent use in A.P.T. In this paper, an automatic analysis method to find software security bugs was proposed. This approach aimed at finding security bugs in the software which can arise from input data such as documents or multimedia. Through dynamic taint analysis, how input data propagation to vulnerable code occurred was tracked, and relevant instructions in relation to input data were found. Next, the relevant instructions were translated to a formula and vulnerable input data were found via the formula using an SMT solver. Using this approach, 6 vulnerable codes were found, and data were input to crash applications such as HWP and Gomplayer.