计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 352-358.doi: 10.11896/jsjkx.221200136
马莺姿, 陈哲, 殷家乐, 毛瑞琪
MA Yingzi, CHEN Zhe, YIN Jiale, MAO Ruiqi
摘要: C语言因其在运行速度及内存控制方面的优势而被广泛应用于系统软件和嵌入式软件的开发。指针的强大功能使得它可以直接对内存进行操作,然而C语言并未提供对内存安全性的检测,这就使得指针的使用会导致内存泄露、缓冲区溢出、多次释放等内存错误,有时这些错误还会造成系统崩溃或内部数据破坏等的致命伤害。当前已存在多种能够对C程序进行内存安全漏洞检测的技术。其中动态分析技术通过插桩源代码来实现对C程序的运行时内存安全检测,但是只有当程序执行到错误所在路径时才能发现错误,因此它依赖于程序的输入;而模糊测试是一种通过向程序提供输入并监视程序运行结果来发现软件漏洞的方法,但是无法检测出没有导致程序崩溃的内存安全性错误,也无法提供错误所在位置等详细信息。除此之外,由于C语言的语法比较复杂,在对一些大型复杂项目进行分析时,动态分析工具经常无法正确处理一些不常见的特定结构,导致插桩失败或者插桩后的程序无法被正确编译。针对上述问题,通过将动态分析技术与模糊测试技术结合,并对已有方法进行改进后,提出了一种能够对包含特定结构的C程序进行内存安全检测的方法。文中进行了可靠性和性能的实验,结果表明,在增加对C语言中特定结构的处理方法之后,能对包含C语言中特定结构的程序进行内存安全检测,并且结合模糊测试技术后具有更强的漏洞检测能力。
中图分类号:
[1]RITCHIE D M.The development of the C language[J].ACM Sigplan Notices,1993,28(3):201-208. [2]LI Y,TAN W,LV Z,et al.PACMem:Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication[C]//Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.2022:1901-1915. [3]GAO F,WANG Y,CHEN T,et al.Static Checking of Array Index Out-of-Bounds Defects in C Programs Based on Taint Analysis[J].Journal of Software,2021,11(2):121-147. [4]XU S,HUANG W,LIE D.In-Fat pointer:Hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection[C]//Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems.2021:224-240. [5]BABATI B,PATAKI N.Comprehensive performance analysisof C++ smart pointers[J].Pollack Periodica,2017,12(3):157-166. [6]CHEN Z,WANG C,YAN J,et al.Runtime detection of memory errors with smart status[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:296-308. [7]ZHU X,WEN S,CAMTEPE S,et al.Fuzzing:a survey for roadmap[J].ACM Computing Surveys(CSUR),2022,54(11s):1-36. [8]LIANG H,PEI X,JIA X,et al.Fuzzing:State of the art[J].IEEE Transactions on Reliability,2018,67(3):1199-1218. [9]CHEN C,CUI B,MA J,et al.A systematic review of fuzzing techniques[J].Computers & Security,2018,75:118-137. [10]KLEES G,RUEF A,COOPER B,et al.Evaluating fuzz testing[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:2123-2138. [11]ZALEWSKI M.Technical “whitepaper” for afl-fuzz[J/OL].URl:http://lcamtuf.coredump.cx/afl/technical details.txt,2014. [12]WANG Y,CUI B.The Study and Realization of a Binary-Based Address Sanitizer Based on Code Injection[C]//International Conference on Innovative Mobile and Internet Services in Ubi-quitous Computing.Cham:Springer,2020:125-134. [13]NAGARAKATTE S,ZHAO J,MARTIN M M K,et al.Soft-Bound:Highly compatible and complete spatial memory safety for C[C]//Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation.2009:245-258. [14]NAGARAKATTE S,ZHAO J,MARTIN M M K,et al.CETS:compiler enforced temporal safety for C[C]//Proceedings of the 2010 International Symposium on Memory Management.2010:31-40. [15]ROBSON D,STRAZDINS P.Parallelisation of the valgrind dynamic binary instrumentation framework[C]//2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.IEEE,2008:113-121. [16]CHEN Z,WU J,ZHANG Q,et al.A dynamic analysis tool for memory safety based on smart status and source-level instrumentation[C]//Proceedings of the ACM/IEEE 44th International Conference on Software Engineering:Companion Procee-dings.2022:6-10. [17]CHEN Z,YAN J,KAN S,et al.Detecting memory errors atruntime with source-level instrumentation[C]//Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.2019:341-351. [18]CHEN Z,YAN J,LI W,et al.Poster:Runtime Verification of Memory Safety via Source Transformation[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion).IEEE,2018:264-265. [19]KRONSER A.Common vulnerabilities and exposures:Analy-zing the development of computer security threats[D].Helsinki,Finland:University of Helsinki,2020. [20]PHAM V,DANG T.Cvexplorer:Multidimensional visualization for common vulnerabilities and exposures[C]//2018 IEEE International Conference on Big Data(Big Data).IEEE,2018:1296-1301. |
|