检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京计算机技术及应用研究所,北京100854
出 处:《信息网络安全》2017年第9期5-9,共5页Netinfo Security
摘 要:目前对于开源软件的漏洞定位分析较为缺乏,且缺少一种自动化的快速定位方法。针对这些不足,文章提出一种基于补丁比对和静态污点分析的漏洞定位方法。该方法通过分析大量开源软件的缓冲区溢出错误的实例,提取6种缓冲区错误的漏洞定位模型;通过将补丁比对和污点传播结合,生成污点传播路径图;将补丁源码的污点传播路径图与定位模型匹配以定位某小块代码,采用污点查找精确定位漏洞所在行。At present,there is a lack of the analysis for vulnerabilities location m open source software and a lack of an automatic method for fast locating the vulnerabilities. To address these issues, this paper proposes a vulnerabilities location method based on patch matching and the static tamts analysis. By analyzing a large number of buffer errors instances of open source software,six wlnerabilities location models of buffer errors are extracted. By combining patch matching with taint propagation, a taint propagation path graph is generated. Match the taint propagation graph of patched source with the location models to locate a small block of code,which then locates vulnerabilities code rows accurately by searching for taints.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.222.231.86