检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]装备学院复杂电子系统仿真实验室,北京101416 [2]海军装备研究院,北京100161
出 处:《国防科技大学学报》2015年第5期141-148,共8页Journal of National University of Defense Technology
基 金:国家863计划资助项目(2012AA012902);"核高基"国家科技重大专项基金资助项目(2013ZX01045-004)
摘 要:针对二进制程序漏洞成因复杂难以分析的问题,提出运用污点分析的软件脆弱点定位方法,并实现了一个工具原型Sword Checker。以动态污点追踪为基础,依据漏洞模式通过特征匹配来定位软件中的脆弱点,运用二分查找定位影响脆弱点的敏感字节。实验表明,使用Sword Checker能够精确快速识别定位软件中三种类型的脆弱点,已成功分析了多个已公开漏洞的成因,并已辅助挖掘出几个未公开漏洞。Aiming at the difficulty in analysis of binary program vulnerabilities, an approach for software vulnerable spots localization based on taint analysis was proposed, and a corresponding tool named SwordCheeker was implemented. This method is based on dynamic taint tracing. Software vulnerable spots were localized by character matching according to vulnerability patterns, and sensitive bytes which affected the vulnerable spots were localized by binary-search. Experiment results show that SwordChecker can accurately identify and localize three types of software vulnerable spots fast, has successfully analyzed the causes of multiple open vulnerabilities, and has assisted mining several undisclosed vulnerabilities.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3