检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:董玉霞 苏荣聪 DONG Yuxia;SU Rongcong(School of Software,Quanzhou University of Information Engineering,Quanzhou 352000,China)
机构地区:[1]泉州信息工程学院软件学院,福建泉州352000
出 处:《成都工业学院学报》2021年第4期40-44,共5页Journal of Chengdu Technological University
摘 要:动态分析方法受到输入测试用例影响,导致漏洞检出率较低,据此提出了基于静态分析的Java语言程序漏洞检测方法研究。从内存泄漏、Java并行循环漏洞和恶意Java应用程序3个方面分析Java语言程序漏洞,采用Coverity静态分析工具,对Java语言程序运行安全性规则检查。设计模式匹配流程,确定具体漏洞问题。依据漏洞检测详细流程,将触发模式匹配的变量绑定到自动机,根据基本评估利用因子,计算漏洞最终得分,即为漏洞检测结果。由实验结果可知,该方法检出率最高可达到99%,为保障Java语言程序安全运行提供技术支持。The dynamic analysis methods are affected by the input test cases,resulting in a low vulnerability detection rate.Therefore,a study on vulnerability detection methods for Java language program based on static analysis was proposed in this paper.Java language program vulnerabilities were analyzed from three aspects:memory leaks,Java parallel loophole vulnerabilities,and malicious Java applications.Coverity static analysis tool was used to run security rule checks on Java language programs.The pattern matching process was designed to determine specific vulnerability issues.According to the detailed process of vulnerability detection,the variable that triggers pattern matching is bound to the automaton,and the final score of the vulnerability is calculated based on t he basic evaluation utilization factor,which is the vulnerability detection result.It can be seen from the experimental results that the detection rate of this method can reach up to 99%,providing technical support for ensuring the safe operation of Java language programs.
关 键 词:静态分析 JAVA语言 漏洞检测 Coverity工具
分 类 号:TP311.[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49