Due to the complexity of the software, the limitations of programmers level and consciousness have brought a lot of software security hazards. How to quickly and efficiently perform program security diagnosis, becoming important topics.
Antiy Labs refers to the ideas and results of international fault-tolerant and diagnostic technology, developed the INJECTER, which is based on the wrong injection of Linux systems. This system encloses the injection error to achieve the purpose of high-efficiency test software defects.
Almost all applications include user interfaces, application function calls, system function calls, and other feature application calls. For example, a string attack is in the user interface, a symbolic connection attack, a file description word attack is on a standard function call, and many of the competitive conditional attacks occur in a conflict, shared functions. Library attack, IFS attack, environment variable attacks occur on operating system application characteristics. Injecter Different mode error injection applications for different phases, select Different Error Injection methods to achieve targeted high-efficiency test software defects.
The current INJECTER can perform the following error injection behavior:
Ø Symbol connection attack
Ø Document Description Type Attack Ø Sharing Release Library Attack Ø IFS Attack Ø Format String Attack Ø Environment Variable Attack Ø Competitive Condition Attack Ø Competitive Condition Attack Ø Competitive Condition Attack
Ø Environment variable attack
Ø Competitive condition attack
Ø Competitive condition attack
Due to the adjustment of research direction, the Injector developers transferred to the development of the AV Leach network engine. The development of INJECTER was suspended in June 2002, but at the time, our progress has been leading the front of the international leadership. In Glibc (this is a project in the United States Berkeley University and the STANFORD University (ROC))
