| 静态检测缓冲区溢出漏洞 |
| |
| 引用本文: | 李建平 刘坚. 静态检测缓冲区溢出漏洞[J]. 微机发展, 2004, 14(6): 99-101 |
| |
| 作者姓名: | 李建平 刘坚 |
| |
| 作者单位: | 西安电子科技大学软件工程研究所,西安电子科技大学软件工程研究所 陕西西安710071,陕西西安710071 |
| |
| 基金项目: | 武器装备预研基金资助项目(51406070101DZ0151) |
| |
| 摘 要: | 缓冲区溢出漏洞是目前惟一最重要最常见的安全威胁。文中分析了防止缓冲区溢出攻击的运行时方法的不足:介绍了一种静态检测缓冲区溢出漏洞的方法及工具。给源代码添加注解,用注解辅助静态分析,用这种方法能够在软件交付使用前,检测出程序中潜在的安全漏洞。
|
| 关 键 词: | 缓冲区溢出 安全漏洞 静态分析 静态检测 注解 Splint |
| 文章编号: | 1005-3751(2004)06-0099-03 |
Statically Detecting Buffer Overflow Vulnerabilities |
| |
| LI Jian-ping,LIU Jian. Statically Detecting Buffer Overflow Vulnerabilities[J]. Microcomputer Development, 2004, 14(6): 99-101 |
| |
| Authors: | LI Jian-ping LIU Jian |
| |
| Abstract: | Buffer overflow vulnerabilities may be today's singlemost important and most common security threat.In this paper,first analyzes the shortcomings of run-time defenses of buffer overflow attacks, and then presents an approach and a tool to statically detect buffer overflow vulnerabilities.By adding annotations to source code and using annotation-assisted static analysis,the approach can detect potential safety vulnerabilities in the programs before the software is deployed. |
| |
| Keywords: | buffer overflow safety vulnerabilities static analysis statically detecting annotation Splint |
| 本文献已被 CNKI 维普 等数据库收录! |
