一种基于安全状态跟踪检查的漏洞静态检测方法  被引量：20

作　　者：梁彬[1,2] 侯看看[1,2] 石文昌[1,2] 梁朝晖[1,2] 

机构地区：[1]中国人民大学信息学院,北京100872 [2]数据工程与知识工程教育部重点试验室,北京100872

出　　处：《计算机学报》2009年第5期899-909,共11页Chinese Journal of Computers

基　　金：国家自然科学基金(60703102;60873213);北京市自然科学基金(4082018);国家"八六三"高技术研究发展计划项目基金(2007AA01Z414)资助~~

摘　　要：现有的采用基于源代码分析的漏洞静态检测方法中存在的主要问题是误报率和漏报率较高.主要原因之一是缺乏对数据合法性检查与非可信数据源等程序安全相关元素的精确有效的识别分析.文中提出了一种基于数据安全状态跟踪和检查的安全漏洞静态检测方法.该方法对漏洞状态机模型的状态空间进行了扩展,使用对应多个安全相关属性的向量标识变量安全状态,细化了状态转换的粒度以提供更为精确的程序安全行为识别;在漏洞状态机中引入了对合法性检查的识别,有效降低了误报的发生;建立了系统化的非可信数据鉴别方法,可防止由于遗漏非可信数据源而产生的漏报.基于此方法的原型系统的检测实验表明:文中方法能够有效检测出软件系统中存在的缓冲区溢出等安全漏洞,误报率明显降低,并能避免现有主流静态检测方法中存在的一些严重漏报.The main problem of existing static vulnerability detection methods based source code analysis is their high false positive and false negative rates. One main reason is lack of accurate and effective identification and analysis of security-related program elements, e.g. data validation checking, tainted data source, etc. A static vulnerability detection method based on data security state tracing and checking is proposed. In this method, the state space of state machine model is extended; the security state of a variable is identified by a vector that may correspond to multiple security-related properties rather than by a single property; Fine-grained state transition is provided to support accurate recognition of program seeurity-related behaviors; The recognition of validation checking is introduced in vulnerability state machine to reduce false positives; and a systematic discrimination mechanism for tainted data is constructed to prevent false negatives result from neglecting tainted data sources. The experimental results of a prototype system show that this method can effectively detect buffer overflow and other type＇s vulnerabilities in software systems, and with obviously lower false positive than existing mainstream static detection methods and avoid some serious false negatives of these methods.

关 键 词：漏洞检测 静态分析 状态机 漏报 误报 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]