检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]杭州电子科技大学通信工程学院,浙江杭州310018 [2]武汉轻工大学数学与计算机学院,湖北武汉430023 [3]武汉数字工程研究所系统软件部,湖北武汉430072 [4]华南理工大学软件学院,广东广州510006
出 处:《华中科技大学学报(自然科学版)》2014年第11期86-90,共5页Journal of Huazhong University of Science and Technology(Natural Science Edition)
基 金:国家自然科学基金资助项目(61272278,x2jsB55101680,61350001);浙江省教育厅资助项目(Y201224055);国防预研基金资助项目(9140A15040211CB3901)
摘 要:以C源码为研究对象,提出了一种基于静态插装和约束求解的整数漏洞检测方法.首先在C源码中可能的整数漏洞点前面插装检测代码,同时定位可能导致整数漏洞的输入源,并将其标记为符号变量.之后将静态插装后的源码编译成可执行代码,并进行(符号和具体执行的)混合执行.在动态执行的过程中,通过对插装代码对应的符号约束进行求解,可以检测整数漏洞是否存在,以及获得当整数漏洞存在时符号变量相应的具体取值.进一步地,通过对从程序入口点到整数漏洞点所经过路径上的所有条件跳转约束进行求解,获得引导程序到达整数漏洞点时符号变量相应的具体取值.结合两者可以辅助生成触发漏洞的输入用例.基于CVE(通用漏洞披露)通告的实验表明本系统能够成功检测到相应漏洞.A static instrumentation and constraint solving based approach for integer vulnerability detection in C source code was introduced.Firstly,vulnerability detection code was statically instrumented before the possible vulnerability positions in the source code.Then,all of the integer input sources that possibly trigger the vulnerabilities were marked as symbolic variants.Next,the instrumented source code was compiled and executed in a concolic manner.During runtime,each instrumented vulnerability detection code will correspond to a symbolic constraint,and each symbolic constraint will be sent to simple theorem prover(STP)(a constraint solver)to solve.Once a symbolic constraint can be satisfied,an integer vulnerability is detected.Furthermore,all of the conditional jump symbolic constraints in the path that leads the program trigger the vulnerability were also applied to STP.By solving both of the symbolic constraints,the input case that can trigger the vulnerability can be generated.Experimental results show that our approach can successfully detect vulnerabilities announced by CVE(common vulnerabilities and exposures).
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117