| C/C++静态代码安全检查工具研究 |
| |
| 引用本文: | 向东,刘海燕.C/C++静态代码安全检查工具研究[J].计算机工程与设计,2005,26(8):2110-2112. |
| |
| 作者姓名: | 向东 刘海燕 |
| |
| 作者单位: | 装甲兵工程学院,信息工程系,北京,100072 |
| |
| 摘 要: | 静态代码安全检查工具是一种能够帮助程序员自动检测出源程序中是否存在安全缺陷的软件。它通过逐行分析程序的源代码,发现软件中潜在的安全漏洞。本文针对C/C++语言程序设计中容易存在的多种安全问题,分别分析了问题的根源,给出了具体可行的分析及检测方法。最后通过对静态代码安全检查工具优缺点的比较,给出了一些提高安全检查效果的建议。
|
| 关 键 词: | 静态分析 安全检查工具 C/C++语言 |
| 文章编号: | 1000-7024(2005)08-2110-03 |
| 收稿时间: | 2004-07-16 |
| 修稿时间: | 2004-07-16 |
Research on tool of static security examining for C/C + + source code |
| |
| XIANG Dong,LIU Hai-yan.Research on tool of static security examining for C/C + + source code[J].Computer Engineering and Design,2005,26(8):2110-2112. |
| |
| Authors: | XIANG Dong LIU Hai-yan |
| |
| Abstract: | The tool of static security examining is a kind of software which can help to automatically find secure vulnerabilities in source codes.It can find out secure vulnerabilities in software by analyzing source programs line by line.For the secure vulnerabilities of C/ C++ program language,the reasons of different types of vulnerabilities was analyzed,and then some specific methods of analysis and detection were offered.In conclusion,after comparing the tool's advantage and disadvantage,some advice on improving efficiency of the secure examining program was given. |
| |
| Keywords: | static analysis tool of secure examining C/C++ program language |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
