检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:王顺 徐向华[1] 王然 WANG Shun;XU Xianghua;WANG Ran(School of Computer,Hangzhou Dianzi University,Hangzhou 310018,China)
机构地区:[1]杭州电子科技大学计算机学院,浙江杭州310018
出 处:《电子科技》2024年第9期64-71,共8页Electronic Science and Technology
基 金:浙江省重点研发计划(2017C01065)。
摘 要:针对静态分析工具由于漏洞扫描流程代码强耦合于工具代码中导致其扩展漏洞成本较高的问题,文中提出了基于元操作的智能合约漏洞检测方法。该方法将工具中的基本检测流程转换为元操作抽象形式,通过不同元操作和逻辑运算符组合来自定义漏洞扫描流程,以达到通过编写少量漏洞扫描流程语法就可以实现检测不同漏洞,提高工具对智能合约新型漏洞的扩展能力。实验结果证明,根据文中方法所需编写的漏洞描述字符量仅为Slither工具漏洞检测逻辑字符量的8.9%~12.7%,假阳率相比Slither工具降低2%。证明了所提方法可以在保证工具检测可靠性的基础上提供了更强的扩展性和灵活性。In view of the problem that the static analysis tool has a high cost of expanding the vulnerability due to the strong coupling of the vulnerability scanning process code in the tool code,a smart contract vulnerability detection method based on meta-operations is proposed.This method can convert the most basic detection process in the tool into an abstract form of meta-operation and customize the vulnerability scanning process through the combination of different meta-operations and logical operators,so as to realize the detection of different vulnerabilities by writing a small amount of vulnerability scanning process syntax.The detection can improve the ability of the tool to expand the new vulnerabilities of smart contracts.The experiment results prove that the number of characters of the vulnerability description required to be written according to this method is only 8.9%~12.7%of the logic characters of the Slither tool vulnerability detection,and the false positive rate is 2%lower than that of the Slither tool.It is proved that this method can provide stronger scalability and flexibility based on ensuring the reliability of tool detection.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49