计算机科学 ›› 2017, Vol. 44 ›› Issue (4): 109-113.doi: 10.11896/j.issn.1002-137X.2017.04.024
缪旭东,王永春,曹星辰,方峰
MIAO Xu-dong, WANG Yong-chun, CAO Xing-chen and FANG Feng
摘要: 针对现存的大部分软件漏洞静态检测工具无法灵活检测用户关心的漏洞的情况,提出了一种基于模式匹配的漏洞检测方法。首先,对待测程序源码进行解析,将其转化为中间表示并存放在自定义的数据结构中;然后,用安全规则语言描述漏洞并解析安全规则,将其转换成对应的自动机模型存放在内存中;最后,将源代码的中间表示与安全规则进行模式匹配,并跟踪自动机的状态转化,根据自动机状态向用户提交漏洞报告。实验结果表明,该方法的漏报率低、扩展性好。
[1] JUENEMAN R R.Securing wireless medicine confidentiality,integrity,nonrepudiation,& malware prevention[C]∥2011 8th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT).IEEE,2011:1-5. [2] ALBREIKI H H,MAHMOUD Q H.Evaluation of static analysis tools for software security[C]∥2014 10th International Conference on Innovations in Information Technology (INNOVATIONS).IEEE,2014:93-98. [3] EGELE M,SCHOLTE T,KIRDA E,et al.A survey on automated dynamic malware-analysis techniques and tools [J].ACM Computing Surveys (CSUR),2012,44(2):6. [4] STANCU C,WIMMER C,BRUNTHALER S,et al.Comparing points-to static analysis with runtime recorded profiling data[C]∥Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java platform:Virtual machines,Languages,and Tools.ACM,2014:157-168. [5] CHELF B,ENGLER D,HALLEM S.How to Write System- specific,Static Checkers in Metal[C]∥Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering.Charleston,SC,USA.ACM,2003:51-60. [6] HALLEM S,CHELF B,XIE Y,et al.A system and language for building system-specific,static analyses[C]∥Proceedings of the ACM SIGPLAN Conference on Programming language Design and Implementation.ACM,2002:69-82. [7] ARAUJO J E,SOUZA S,VALENTE M T.Study on the relevance of the warnings reported by Java bug-finding tools [J].IET Software,2011,5(4):366-374. [8] KIM Y,KIM M,KIM Y J,et al.Industrial application of conco-lic testing approach:A case study on libexif by using CREST-BV and KLEE[C]∥2012 34th International Conference on Software Engineering (ICSE).IEEE,2012:1143-1152. |
No related articles found! |
|