缓冲区溢出检测技术综述  被引量：1

作　　者：邵思豪 李国良[2] 朱宸锋 李典恩 Shao Sihao;Li Guoliang;Zhu Chenfeng;Li Dianen(School of Business Administration,Liaoning Technical University,Huludao,Liaoning 125105;Liaoning Provincial Big Data Management Center,Shenyang 110002;The University of Sydney Business School,Sydney NSW2006;Northeast Yucai School,Shenyang 110179)

机构地区：[1]辽宁工程技术大学工商管理学院,辽宁葫芦岛125105 [2]辽宁省大数据管理中心(辽宁省信息中心),沈阳110002 [3]悉尼大学商学院,悉尼NSW2006 [4]东北育才学校,沈阳110179

出　　处：《信息安全研究》2023年第12期1180-1189,共10页Journal of Information Security Research

基　　金：辽宁省数字政府建设重点项目(LNZC2020-0720)。

摘　　要：近年来随着信息社会软件规模不断扩大,缓冲区溢出漏洞的数目不减反增,亟需对已有缓冲区溢出漏洞检测技术进行脉络梳理、对比分析,以期取得技术创新与突破.针对上述问题,对缓冲区溢出漏洞检测技术进行梳理分析:将缓冲区溢出漏洞静态检测技术划分为特征分类和软件分析方法2类;将缓冲区溢出动态测试技术分为传统模糊测试、智能灰盒测试和输入变量覆盖率转换3类;将缓冲区漏洞运行防护技术划分为完整性防护、机密性防护和可用性防护3类;将自动利用技术划分为导致程序崩溃、劫持程序控制流、劫持程序数据流3类;将自动修复技术划分为单一修复策略和多元修复策略2类.在梳理分析的基础上,提出未来3个可能研究方向:1)优化静态检测技术;2)融合机器学习技术进行检测;3)多技术协同检测.In recent years,with the continuous expansion of the scale of software in the information society,the number of buffer overflow vulnerabilities is not decreasing but increasing.It is urgent to sort out the context of the existing buffer overflow vulnerability detection technologies and make a comparative analysis,so as to achieve technical innovation and breakthrough.In view of the above problems,this paper analyzes the buffer overflow vulnerability analysis techniques:the static detection technology is divided into feature classification and software analysis methods.The dynamic testing technology is divided into traditional fuzzy testing,intelligent gray box testing and input variable coverage conversion.The operation protection technology is divided into integrity,confidentiality and availability protection.The automatic utilization technology is divided into causing program crash,hijacking program control flow and hijacking program data flow.Automatic repair technology can be divided into single or multiple repair strategy.On the basis of the analysis,this paper puts forward three possible research directions in the future:1)optimizing static detection technology.2)Integrating machine learning technology for analysis;3)Analysis of multi-technology collaboration and mutual feeding.

关 键 词：缓冲区溢出 静态检测 动态测试 运行时防护 自动利用 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]