多线程交互学习软件系统安全漏洞自动化检测  被引量:6

Automatic Detection of Security Vulnerabilities in Multi-Thread Interactive Learning Software System

在线阅读下载全文

作  者:徐晓君[1,2] 常会丽 XU Xiao-jun;CHANG Hui-li(School of Computer Science and Engineering Ningxia Universityof Technology,Shizuishan Ningxia 753000,China;School of Physics and Electronic and Electrical Engineering,Ningxia University,Yinchuan Ningxia 750021,China)

机构地区:[1]宁夏理工学院计算机科学与工程学院,宁夏石嘴山753000 [2]宁夏大学物理与电子电气工程学院,宁夏银川750021

出  处:《计算机仿真》2022年第4期335-340,共6页Computer Simulation

基  金:青年科学基金项目(61902117)。

摘  要:多线程交互学习软件系统源代码需要等价转化,明确依赖关系,以实现精准高效的安全漏洞检测,提升系统运行的可靠性与安全性。运用词法与语法分析器分析待测系统源代码,经AST转化器遍历后等价转化源代码为IR,流分析IR后得到IR内语句间的依赖关系信息,依据所得依赖信息生成依赖图,输入到安全漏洞静态检测算法,经静态检测获取到安全漏洞检测报告,检测系统安全漏洞。实验结果表明,漏洞检测结果精度高、耗时少,具有较高的检测效率,综合性能表现优越,可为多线程交互学习软件系统的安全可靠运行提供保障。The source code of multi-threaded interactive learning software system needs equivalent transformation and clear dependencies, so as to achieve accurate and efficient security vulnerability detection and improve the reliability and security of system operation. Lexical and parser were applied to analyze the source code of the system to be tested. After traversing the AST converter, the equivalent conversion source code becomes IR. After the flow analysis of IR, the dependency information between statements in IR was obtained. Based on the obtained dependency information, a dependency graph was generated. The dependency graph was input into the security vulnerability static detection algorithm. After static detection, the security vulnerability detection report was obtained to detect the security vulnerabilities of the system. The experimental results show that this method has high accuracy, detection efficiency and short time-consuming.

关 键 词:多线程 交互学习 软件系统 安全漏洞 自动化检测 静态检测 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象