检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张艺琼 文伟平[1] 刘成杰 ZHANG Yi-qiong;WEN Wei-ping;LIU Cheng-jie(School of Software and Microelectronics,Peking University,Beijing 100091,China)
出 处:《计算机工程与设计》2025年第1期81-87,共7页Computer Engineering and Design
基 金:国家自然科学基金项目(61872011)。
摘 要:针对权限控制漏洞和任意转账漏洞会让用户遭受经济损失的问题,提出一种基于符号执行的权限控制漏洞和任意转账漏洞检测方法。总结漏洞特征,设计漏洞检测算法,利用符号执行构建交易路径,通过漏洞特征构建约束条件并求解,实现工具PTGuard。实验结果表明,PTGuard的准确率、精确率、召回率和F1值相比其它漏洞检测工具有较大的提升;PTGuard已应用于科技部国家重点项目,挖掘出17个漏洞,已成功上报到国家共享漏洞数据库,验证了PTGuard的实际应用价值。In view of the problem that permission control vulnerabilities and arbitrary transfer vulnerabilities will cause users to suffer from economic losses,a symbolic execution-based detection method for permission control vulnerabilities and arbitrary transfer vulnerabilities was proposed.Vulnerability characteristics were summarized,vulnerability detection algorithms were designed,symbolic execution was used to construct transaction paths,constraint conditions were constructed and solved through vulnerability characteristics,and the tool PTGuard was implemented.Experimental results show that the accuracy,precision,recall and F1 value of PTGuard are greatly improved compared to that of other vulnerability detection tools.PTGuard has been used in national key projects of the Ministry of Science and Technology,and 17 vulnerabilities are discovered and successfully reported to the national shared vulnerability database,verifying the practical application value of PTGuard.
关 键 词:符号执行 以太坊 智能合约 权限控制漏洞 任意转账漏洞 合约漏洞 漏洞检测工具
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222