计算机科学 ›› 2010, Vol. 37 ›› Issue (4): 120-.
• 软件工程与数据库技术 • 上一篇 下一篇
王春雷,刘强,赵刚,戴一奇
出版日期:
发布日期:
基金资助:
WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi
Online:
Published:
摘要: 针对二进制程序脆弱性分析的实际需求,提出了一种基于模型检测的二进制程序脆弱性分析框架。首先定义了二进制程序的抽象模型,描述了基于有限状态自动机的软件脆弱性形式化表示和基于事件系统的软件安全属性表示方法。在此基础上,提出了基于模型检测的脆弱性分析过程和算法。根据该分析框架,设计并实现了二进制程序脆弱性分析工具原型。通过脆弱性分析实验,详细说明了该框架的工作原理,验证了该分析方法的有效性。
关键词: 模型检测,二进制程序,脆弱性分析,形式化方法
Abstract: In order to analyze vulnerabilities in executable programs, a vulnerability analysis framework for binaries based upon model checking was proposed. Firstly, the abstract model of binary was defined, and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described. Then, the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked. After that, the prototype of vulnerability analysis tool was designed and implemented based upon the framework. I}he illustrative sample program was analyzed to show in detail the principles of the framework, and the experimental results show the effectiveness of the analysis method.
Key words: Model checking,Vulnerahility analysis,Formal method
王春雷,刘强,赵刚,戴一奇. 一种基于模型检测的二进制程序脆弱性分析框架[J]. 计算机科学, 2010, 37(4): 120-. https://doi.org/
WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi. Vulnerability Analysis Framework for Binaries Based on Model Checking[J]. Computer Science, 2010, 37(4): 120-. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I4/120
Cited
首页