计算机科学 ›› 2016, Vol. 43 ›› Issue (5): 80-86.doi: 10.11896/j.issn.1002-137X.2016.05.015
王涛,韩兰胜,付才,邹德清,刘铭
WANG Tao, HAN Lan-sheng, FU Cai, ZOU De-qing and LIU Ming
摘要: 软件漏洞静态分析是信息安全领域的重点研究方向,如何描述漏洞及判别漏洞是漏洞静态分析的核心问题。提出了一种用于描述和判别漏洞的漏洞静态检测模型。首先对软件漏洞的属性特征进行形式化定义,并对多种软件漏洞和其判定规则进行形式化描述;其次,针对传统的路径分析存在的状态空间爆炸问题,提出了一个新的程序中间表示——漏洞可执行路径集,以压缩程序状态空间。在该模型的基础上,设计了一个基于漏洞可执行路径集的软件漏洞静态检测框架,利用定义的漏洞语法规则求解漏洞可执行路径集上的漏洞相关节点集,利用漏洞判定规则对漏洞相关节点集进行判别得出漏洞报告。实验分析验证了该漏洞检测模型的正确性和可行性。
[1] Sandu R S,Samaratiy P.Access Control Principles and Practice[J].IEEE Communications Magazine,1994,32(9):40-48 [2] Krsul I V.Software Vulnerability Analysis[D].West Lafayette:Purdue University,1998 [3] Li Peng,Cui Bao-jiang.A Comparative Study on Software Vulnerability Static Analysis Techniques and Tools[C]∥2010 IEEE International Conference on Information Theory and Information Security.Beijing,China:IEEE Press,2010:521-524 [4] Chess B,McGraw G.Static Analysis for Security[J].IEEE Security & Privacy,2004,10(3):53-56 [5] Viega J,Bloch J T,Kohno Y,et al.ITS4:A Static Vulnerability Scanner for C and C++code[C]∥16th Annual Conference on Computer Security Applications.Piscataway,USA:IEEE,2000:257-267 [6] Flanagan C,Leino K R M,Lillibridge M,et al.Extended Static Checking for Java[C]∥2002 ACM SIGPLAN Conference on Programming Language Design and Implementation.Berlin,Germany:ACM Press,2002:234-245 [7] Clarke E,Grumberg O,Peled D.Model Checking[M].Cam-bridge:MIT Press,1999 [8] Quinlan D,Panas T.Source Code and Binary Analysis of Softw are defects[C]∥5th Annual Workshop on Cyber Security and Information Intelligence Challenges and Strategies.New York,USA:AMC Press,2009:1-4 [9] Wilander J.Modeling and Visualizing Security Properties ofCode Using Dependence Graphs[C]∥5th Conference on Software Engineering Research and Practice in Sweden(SERPS’05).Vasteras,Sweden:ACM Press,2005:65-74 [10] Liang Bin,Hou Kan-kan,Shi Wen-chang,et al.A Static Vulne-rabilities Detection Method Based on Security State Tracing and Checking[J].Chinese Journal of Computers,2009,32(5):899-909(in Chinese) 梁彬,侯看看,石文昌,等.一种基于安全状态跟踪检查的漏洞静态检测方法[J].计算机学报,2009,32(5):899-909 [11] Qin Xia-jun,Gan Shui-tao,Chen Zuo-ning.A Static DetectionTechnoogy of Software Code Secure Vulnerabiity Based on First-order Logic[J].Scientia Sinica Informationis,2014,44:108-219(in Chinese) 秦晓军,甘水滔,陈左宁.一种基于一阶逻辑的软件代码安全性缺陷静态检测技术[J].中国科学:信息科学,2014,44:108-219 [12] Zeng Fu-ping,Jin Hui-liang,LU Min-yan.Study on SoftwareDefect Patterns[J].Computer Science,2011,38(2):127-130(in Chinese) 曾福萍,靳慧亮,陆民燕.软件缺陷模式的研究[J].计算机科学,2011,38(2):127-130 [13] Gong Yun-zhan,Yang Chao-hong,Jin Da-hai,et al.Software Defect Patterns and Testing[M].Beijing:Science Press,2011:21-22(in Chinese) 宫云战,杨朝红,金大海,等.软件缺陷模式与测试[M].北京:科学出版社,2011:21-22 [14] Chen Z Q,Zhang Y,Chen Z R.A Categorization Framework for Common Vulnerabilities and Exposures[J].Computer Journal Archive,2010,53(5):551-580 [15] Wu Shi-zhong,Guo Tao,Dong Guo-wei,et al.Software Vulnerability Analysis Technology[M].Beijing:Science Press,2014:3-6(in Chinese) 吴世忠,郭涛,董国伟,等.软件漏洞分析技术[M].北京:科学出版社,2014:3-6 [16] Allen F E.Control Flow Analysis[J].ACM SIGPLAN Notices,1970,5(7):1-19 [17] Ferrante J,Ottenstein K J,Warren J D.The Program Depen-dence Graph and Its Use in Optimization[J].ACM Transactions on Programming Languages and Systems,1987,9(3):319-349 [18] Chen Yong-yan,Shu Hong-chun,Dai Wei.Function Vulnerability Detection Method Based on Parse Tree[J].Computer Science,2013,40(8):119-123(in Chinese) 陈永艳,束洪春,戴伟.基于语法解析树的函数漏洞发现方法[J].计算机科学,2013,40(8):119-123 [19] Howard M,LeBlanc D,Viega D J.24 Deadly Sins of SoftwareSecurity:programming flaws and how to fix them[M].董艳,包战,程文俊,译.北京:清华大学出版社,2006 [20] Lv Lei,Liu Hong,Li Xin.Method of Building Control Depen-dence Sub-graph[J].Computer Engineering,2009,35(15):50-52(in Chinese) 吕蕾,刘弘,李鑫.一种建立控制依赖子图的方法[J].计算机工程,2009,35(15):50-52 [21] Zheng Bian-hong.Generating of Static Call Graph and Use Case Model[D].Xi’an:Xidian University,2007(in Chinese) 郑变红.静态程序依赖图和用例模型的生成[D].西安:西安电子科技大学,2007 [22] Horwitz S,Reps T,Binkley D.Interprocedural Slicing Using Dependence Graphs[J].ACM Transactions on Programming Languages and Systems,1990,12(1):26-60 [23] NIST.http://samate.nist.gov/SARD/view.php |
No related articles found! |
|