一种基于代码静态分析的缓冲区溢出检测算法  被引量:16

A Method of Buffer Overflow Detection Based on Static Code Analysis

在线阅读下载全文

作  者:王雅文[1] 姚欣洪[1] 宫云战[1] 杨朝红[2] 

机构地区:[1]北京邮电大学网络与交换技术国家重点实验室,北京100876 [2]装甲兵工程学院信息工程系,北京100072

出  处:《计算机研究与发展》2012年第4期839-845,共7页Journal of Computer Research and Development

基  金:国家"八六三"高技术研究发展计划基金项目(2009AA012404);国家自然科学基金项目(91018002)

摘  要:缓冲区溢出目前已成为最常见的软件安全漏洞之一,从源代码形式来看,常见的缓冲区溢出漏洞主要有两种类型:数据拷贝和格式化字符串造成的缓冲区溢出.分析了常见缓冲区溢出漏洞发生的原因,给出了格式化字符串存储长度的计算方法,介绍了一种基于源代码静态分析的缓冲区溢出检测算法,该算法首先对源代码进行建模,构造其抽象语法树、符号表、控制流图、函数调用图,在此基础上运用区间运算技术来分析和计算程序变量及表达式的取值范围,并在函数间分析中引入函数摘要来代替实际的函数调用.最后使用该方法对开源软件项目进行检测,结果表明该方法能够有效地、精确地检测缓冲区溢出.With the Internet advances further,people pay more and more attention to information security.Particularly,buffer overflow has become one of the best-known software security vulnerabilities.In terms of source code,software security vulnerabilities can be caused in two ways,data-copy-related and format-control-string-related function calls.This paper summarizes the common functions which are prone to risk buffer overflows,and introduces an algorithm of how to compute the length of formatted string variables when calling the formatted input output functions.It also proposes a method of buffer overflow detection based on static code analysis.The detection method models the source code firstly by creating its Abstract syntax tree,symbol table,control flow graph and function call graph.Based on these models,the value range of variables and expressions in each program point is computed by interval calculation,and when encountering a function call,the function's summary is applied as a stand-in for the function.This method is scalable by allowing user to add functions under test in configure files.Experiments on open source project show that it would detect buffer overflow efficiently,and its output has both a lower false positive rate and a lower false negative rate than another testing tool,Klocwork K8.

关 键 词:安全漏洞 缓冲区溢出 静态分析 区间运算 函数摘要 

分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象