| 基于内存更新记录的漏洞攻击错误定位方法 |
| |
| 引用本文: | 葛毅,茅兵,谢立.基于内存更新记录的漏洞攻击错误定位方法[J].计算机科学,2009,36(1):252-255. |
| |
| 作者姓名: | 葛毅 茅兵 谢立 |
| |
| 作者单位: | 南京大学计算机科学与技术系软件新技术国家重点实验室,南京,210093 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划),国家自然科学基金,江苏省自然科学基金 |
| |
| 摘 要: | 软件漏洞攻击威胁日益严重.其中基于内存腐败漏洞的攻击最为普遍,如缓冲区溢出和格式化串漏洞.提出一种针对内存腐败漏洞攻击的自动错误定位方法.基于内存更新操作记录,可以回溯找到程序源代码中腐败关键数据的语句,从而提供有益的信息修复漏洞并生成最终补丁.
|
| 关 键 词: | 内存腐败攻击 软件安全 错误定位 |
| 收稿时间: | 2008/2/28 0:00:00 |
Automatic Fault Localization to Memory Corruption Vulnerabilities Based on Memory Update Log |
| |
| GE Yi,MAO Bing,XIE Li.Automatic Fault Localization to Memory Corruption Vulnerabilities Based on Memory Update Log[J].Computer Science,2009,36(1):252-255. |
| |
| Authors: | GE Yi MAO Bing XIE Li |
| |
| Affiliation: | Department of Computer Science and Technology;State Key Laboratory for Novel Software Technology;Nanjing University;Nanjing 210093;China |
| |
| Abstract: | Attacks exploiting vulnerabilities in software are becoming a great threat to the society.The most common attack method is to exploit memory corruption vulnerabilities such as buffer overflow and format string bugs.This paper presented a fault localization approach to automatically identify both known and unknown memory corruption vulnerabilities.Based on memory update log,we can trace back to the statement in source code that is tricked to corrupt critical data.The proposed techniques can provide useful in... |
| |
| Keywords: | Memory corruption attack Software security Fault Localization |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
