铁路应用系统源代码安全检测方案研究  

Security detection scheme for source code of railway application system

在线阅读下载全文

作  者:郑军 ZHENG Jun(Institute of Computing Technologies,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)

机构地区:[1]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081

出  处:《铁路计算机应用》2024年第10期73-77,共5页Railway Computer Application

基  金:中国国家铁路集团有限公司系统性重大项目(P2022S007)。

摘  要:针对铁路应用系统源代码工具检测中普遍存在的安全缺陷误报率与漏报率偏高等问题,提出一种基于自动化工具检测和人工检测相结合的铁路应用系统源代码安全检测方案。文章详细阐述了铁路应用系统源代码安全检测的流程,采用自动化检测工具从代码结构、词法、数据流、控制流和安全规则匹配等多维度对源代码进行检测,并引入人工检测机制,利用关键字检测和业务逻辑检测等方法,对自动化检查结果进行补充分析,实现了对铁路应用系统源代码安全缺陷的高效、精确识别。实验结果表明,该方案能够显著提升铁路应用系统源代码的安全检测质量与效率,为铁路应用系统的安全防护提供技术支撑。This paper proposed a security detection scheme for source code of railway application system based on a combination of automated tool detection and manual detection to address the common issues of high false positive and false negative rates in the detection of security defects in railway application system source code tools.The paper elaborated on the process of source code security detection in railway application systems,used automated detection tools to detect source code from multiple dimensions such as code structure,vocabulary,data flow,control flow,and security rule matching.It also introduced manual detection mechanisms and used methods such as keyword detection and business logic detection to supplement and analyze the automated inspection results,achieving efficient and accurate identification of source code security defects in railway application systems.The experimental results show that this scheme can significantly improve the quality and efficiency of security detection of railway application system source code,provide technical support for the security protection of railway application systems.

关 键 词:源代码 安全缺陷 漏洞测试 访问控制 自动化工具 

分 类 号:U29[交通运输工程—交通运输规划与管理] TP39[交通运输工程—道路与铁道工程]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象