| 软件安全性的静态分析 |
| |
| 引用本文: | 余建军,韩双霞,黄云龙.软件安全性的静态分析[J].计算机工程与设计,2006,27(8):1411-1414. |
| |
| 作者姓名: | 余建军 韩双霞 黄云龙 |
| |
| 作者单位: | 衢州学院,信电系,浙江,衢州,324006 |
| |
| 摘 要: | 提出了基于整数区间和控制依赖图,通过静态分析来检测C语言源代码中安全漏洞的新方法.该方法在引入整数区间概念及其运算规则的基础上,把C语言中的数组、指针和整型表达式都抽象成整数区间,从而把相关安全性判断转换成整数区间之间的关系判断.最后讨论了该方法的具体算法.
|
| 关 键 词: | 软件安全 静态分析 控制流图 整数区间 缓冲区溢出 整数溢出 |
| 文章编号: | 1000-7024(2006)08-1411-04 |
| 收稿时间: | 2005-01-18 |
| 修稿时间: | 2005-01-18 |
Static analysis of software security |
| |
| YU Jian-jun,HAN Shuang-xia,HUANG Yun-long.Static analysis of software security[J].Computer Engineering and Design,2006,27(8):1411-1414. |
| |
| Authors: | YU Jian-jun HAN Shuang-xia HUANG Yun-long |
| |
| Affiliation: | Department of Information Science and Electronic Engineering, Quzhou College, Quzhou 24006, China |
| |
| Abstract: | A static analysis method to detect security vulnerability in C source code is presented, which is based on Control dependence graph and integer range. Based on introducing integer range, array, pointer and integer expression in C language are abstracted into integer range, so the security judgment becomes the judgment of the relationship between integer ranges. Finally, the algorithm is discussed. |
| |
| Keywords: | software security static analysis control dependence graph integer range buffer overflow integer overflow |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
