常见源代码安全漏洞分析与研究

源代码安全作为软件安全最为重要的安全点之一,是软件安全最底层的关键点。文章提出了源代码安全的一些常见的检测指标,结合SQL注入、跨站脚本、路径篡改和空指针4个比较常见的源代码安全漏洞对源代码安全进行了详细的分析研究。文章提出了源代码安全必须规避的一些基本方法,提高了源代码的安全和质量。     

面向项目版本差异性的漏洞识别技术研究

开源代码托管平台为软件开发行业带来了活力和机遇,但存在诸多安全隐患。开源代码的不规范性、项目依赖库的复杂性、漏洞披露平台收集漏洞的被动性等问题都影响着开源项目及引入开源组件的闭源项目的安全,大部分漏洞修复行为无法及时被察觉和识别,进而将各类项目的安全风险直接暴露给攻击者。为了全面且及时地发现开源项目中的漏洞修复行为,设计并实现了基于项目版本差异性的漏洞识别系统—VpatchFinder。系统自动获取开源项目中的更新代码及内容数据,对更新前后代码和文本描述信息进行提取分析。提出了基于安全行为与代码特征的差异性特征,提取了包括项目注释信息特征组、页面统计特征组、代码统计特征组以及漏洞类型特征组的共40个特征构建特征集,采用随机森林算法来训练可识别漏洞的分类器。通过真实漏洞数据进行测试,VpatchFinder的精确率为84.35%,准确率为85.46%,召回率为85.09%,优于其他常见的机器学习算法模型。进一步通过整理的历年部分开源软件CVE漏洞数据进行实验,其结果表明68.07%的软件漏洞能够提前被VpatchFinder发现。该研究结果可以为软件安全架构设计、开发及成分分析等领域提供...     

The EMISQ method and its tool support-expert-based evaluation of internal software quality

There is empirical evidence that internal software quality, e.g., the quality of source code, has great impact on the overall quality of software. Besides well-known manual inspection and review techniques for source code, more recent approaches utilize tool-based static code analysis for the evaluation of internal software quality. Despite the high potential of code analyzers the application of tools alone cannot replace well-founded expert opinion. Knowledge, experience and fair judgment are indispensable for a valid, reliable quality assessment, which is accepted by software developers and managers. The EMISQ method (Evaluation Method for Internal Software Quality), guides the assessment process for all stakeholders of an evaluation project. The method is supported by the Software Product Quality Reporter (SPQR), a tool which assists evaluators with their analysis and rating tasks and provides support for generating code quality reports. The application of SPQR has already proved its usefulness in various code assessment projects around the world. This paper introduces the EMISQ method and describes the tool support needed for an efficient and effective evaluation of internal software quality.     

Behavior-based network security goes mainstream

Traditional network-based security examines traffic for code patterns or signatures that have been part of past intrusions or virus attacks. If known malicious code is found, security systems stop the suspect transmission. Although this approach can be effective, it also has limitations. For example, signature-based security frequently has trouble recognizing new types of attacks or older kinds in which known code strings have been altered somewhat, an approach many hackers use. Behavior-based security, on the other hand, learns the normal behavior of traffic and systems and then continually examines them for potentially harmful anomalies and for behavior that frequently accompanies incidents. This approach recognizes attacks based on what they do, rather than whether their code matches strings used in a specific past incident. Several vendors are thus beginning to make behavior-based security widely available to organizations via services, appliances, and software products. And some ISPs are protecting their entire networks via behavior-based services. However, widespread adoption of behavior-based security faces numerous obstacles, including complexity and a higher number of false positives than signature-based systems.     

Integrating security activities into the software development life cycle and the software quality assurance process

Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated with computers. In most cases, the effort to improve security should concentrate on the application software. The system development life cycle (SDLC) technique provides the structure to assure that security safeguards are planned, designed, developed and tested in a manner that is consistent with the sensitivity of the data and/or the application. The software quality assurance process provides the reviews and audits to assure that the activities accomplished during the SDLC produce operationally effective safeguards.This paper addresses two issues of concern to those responsible for ensuring that the safeguards incorporated into application software are adequate and appropriate. The first issue addresses the integration of specific security activities into the SDLC. The discussion of this issue addresses the following security activities in the SDLC; determination of the sensitivity of the application and data; determination of security objectives; assessment of the security risks; conduct of the security feasibility study; definition of security requirements; development of the security test plan; design of the security specifications; development of the security test procedures; writing of the security-relevant code; writing of the security-relevant documentation; conduct of the security test and evaluation; writing on the security test analysis report; and, preparation of the security certification report.The second security issue addresses the security reviews and audits that should be integrated into the software quality assurance process to ensure that the security activities in the SDLC are accomplished. The security reviews and audits discussed include: the security requirements review; the security design review; the security specifications review; the security test readiness review; and the security test and evaluation review. Also addressed is how quality software is defined and achieved and why and how the concept of quality should be applied to application software security safeguards.     

信息安全中的可信软件编程计算研究

针对IT产业迅速发展、互联网广泛应用和渗透,各种各样的威胁模式不断涌现的现状,结合传统软件质量的对比分析,提出了信息安全中的重要因素——可信软件编程计算。重点研究代码可信性分析、计算和度量方面,涵盖软件的复杂性、可用性和可靠性等质量特性及可信属性,对于软件质量保证和信息安全具有非常重要的现实意义和实用价值。     

开源软件供应链安全问题研究

当前,开源已经成为软件开发的重要模式之一。由于开源开发模式具有代码来源多样、依赖关系复杂等特点,使得开源软件面临代码漏洞风险、供应链攻击风险、知识产权风险、可持续维护风险等供应链安全问题,且问题呈现出快速增长态势。本文基于对开源软件供应链中的安全风险分析,提出从开源软件安全漏洞检测、软件成分分析、许可证冲突检测、开源生态可持续治理四个方面进行安全治理的方法,指出构建安全软件供应链面临依赖关系复杂、结构脆弱等挑战,对软件成分分析、供应链构建等未来研究方向进行了展望。     

The fundamentals of information security

Some quality models, such as IS0 9126, fail to include computer security. The author explains why security is an essential but difficult facet of quality. As a software professional, you can take several actions to improve the security of your code: (1) learn the techniques of security; (2) when incorporating security features into a system, think like the attacker, i.e. consider each point as a potential weakest link; and, finally, (3) consult an expert     

二进制代码安全分析综述

近几十年来,计算机硬件性能和软件规模技术已不同以往,其承载了人类社会生活生产的方方面面.计算机技术的飞速发展,也带来了人们对程序安全问题的关注.由于市面上存在着较多的遗留软件,这些软件无人维护且缺乏源代码支持,其安全性令人担忧,而二进制分析技术被用来解决该类软件问题.二进制分析技术根据其检测方式不同可分为:基于静态的二进制代码分析技术、基于动态的二进制代码分析技术和动静态混合的二进制代码分析技术.本文调研了近年来的二进制代码安全分析领域上相关研究,分别详细阐述了这3类技术中的主要方法,并对其关键技术进行详细介绍.     

基于分存策略的软件保护博弈模型

软件保护技术普遍是通过完善代码和应用加密方案来达到保护软件的目的。针对软件代码的静态授权抗攻击能力以及软件加密的加密强度是否足够抵抗攻击的问题,提出一种基于分存策略的软件保护博弈模型。该模型采用分存策略对密钥进行分段,得到多个检验与抵抗软件破解者攻击的验证函数,把它们隐藏在程序中,使得软件运行时有多个不同的验证函数对程序进行保护。从博弈论的角度分析论证该模型,并将其应用于软件注册码验证的实例中,提高了软件代码的安全性。实验结果和分析表明了该模型的正确性和有效性。     

基于安全风险的RTL级硬件木马验证研究

信息时代使得信息安全变得日益重要。攻击方为了获取想要的信息,除了使用软件方面的手段,如病毒、蠕虫、软件木马等,也使用硬件手段来威胁设备、系统和数据的安全,如在芯片中植入硬件木马等。如果将硬件木马植入信息处理的核心--处理器,那将风险更高、危害更大。然而,硬件木马位于信息系统底层核心的层面,难以被检测和发现出来。硬件木马是国内外学术界研究的热点课题,尤其是在设计阶段结合源代码的硬件木马检测问题,是新问题,也是有实际需要的问题。在上述背景下,围绕源代码中硬件木马的检测和验证展开了研究。基于硬件木马危害结果属性,在学术上提出基于安全风险的模型和验证规则,给出相应的描述形式,从理论上说明安全验证规则在减少验证盲目性、缩小可疑代码范围、提高评估效率的作用,实验表明,基于安全风险规则的验证,可以避免验证的盲目性和测试空间向量膨胀的问题,有效验证疑似硬件木马的存在和危害,对源代码安全评估是有一定效果的。     

An empirical study of the impact of modern code review practices on software quality

Software code review, i.e., the practice of having other team members critique changes to a software system, is a well-established best practice in both open source and proprietary software domains. Prior work has shown that formal code inspections tend to improve the quality of delivered software. However, the formal code inspection process mandates strict review criteria (e.g., in-person meetings and reviewer checklists) to ensure a base level of review quality, while the modern, lightweight code reviewing process does not. Although recent work explores the modern code review process, little is known about the relationship between modern code review practices and long-term software quality. Hence, in this paper, we study the relationship between post-release defects (a popular proxy for long-term software quality) and: (1) code review coverage, i.e., the proportion of changes that have been code reviewed, (2) code review participation, i.e., the degree of reviewer involvement in the code review process, and (3) code reviewer expertise, i.e., the level of domain-specific expertise of the code reviewers. Through a case study of the Qt, VTK, and ITK projects, we find that code review coverage, participation, and expertise share a significant link with software quality. Hence, our results empirically confirm the intuition that poorly-reviewed code has a negative impact on software quality in large systems using modern reviewing tools.     

QoS-aware web service selection with negative selection algorithm

Web service selection, as an important part of web service composition, has direct influence on the quality of composite service. Many works have been carried out to find the efficient algorithms for quality of service (QoS)-aware service selection problem in recent years. In this paper, a negative selection immune algorithm (NSA) is proposed, and as far as we know, this is the first time that NSA is introduced into web service selection problem. Domain terms and operations of NSA are firstly redefined in this paper aiming at QoS-aware service selection problem. NSA is then constructed to demonstrate how to use negative selection principle to solve this question. Thirdly, an inconsistent analysis between local exploitation and global planning is presented, through which a local alteration of a composite service scheme can transfer to the global exploration correctly. It is a general adjusting method and independent to algorithms. Finally, extensive experimental results illustrate that NSA, especially for NSA with consistency weights adjusting strategy (NSA+), significantly outperforms particle swarm optimization and clonal selection algorithm for QoS-aware service selection problem. The superiority of NSA+ over others is more and more evident with the increase of component tasks and related candidate services.     

基于XML的软件安全静态检测方法研究

安全关键软件设计使用的C/C++语言含有大量未定义行为,使用不当可能产生重大安全隐患。软件静态检测是从软件代码和结构中找出安全缺陷的重要手段。从安全规则的角度,提出了基于XML（eXtensible Markup Language）中间模型的静态检测方法。该方法将C/C++源代码解释为XML中间模型,将安全规则转化为缺陷模式,利用Xquery查询表达式对软件安全缺陷进行定位。基于该方法的原型系统检验结果表明：该方法能够有效地检测出违反安全规则的软件缺陷,并具有安全规则可定制的特点。     

OO metrics in practice

While it has long been recognized that software process improvement requires measuring both the process and its performance, experience has also shown that few universal metrics exist. The most effective measurement tools are specialized to some aspect of the task or domain being measured. The metrics as measures of code have often been related to external factors, such as software quality in the sense of defects. Software metrics studies often use single snapshots of a software project. Examining a project over a longer time frame allows consideration of other software quality facets, such as reuse and maintainability.     

Static analysis for security

All software projects are guaranteed to have one artifact in common $source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. We look at how to automate source-code security analysis with static analysis tools.     

代码相似性检测方法与工具综述

在代码开源的潮流下,代码克隆在提高代码质量和降低开发成本的同时,一定程度地影响了软件系统的稳定性、健壮性与可维护性。代码相似性检测在计算机与信息安全发展方面具有重要的意义。为应对代码克隆带来的各种危害,目前学术界和工业界提出了很多代码相似性检测的方法,这些方法按照源代码信息处理程度可分为基于文本、词法、语法、语义和度量值5类;并开发了相应的检测工具,这些工具实现了很好的检测效果,但在大数据时代背景下也面临着数据规模不断扩大带来的一系列挑战。文中综述了代码相似性检测的方法,对5类检测方法做了详细比较;结合传统方法与机器学习技术,归类了不同检测方法对应的检测工具;按照不同评价标准评估了检测工具的检测效果,总结了每种检测方法的首选检测工具,并对未来代码相似性检测的研究方向做出了展望。     

代码的安全性保护技术研究

代码的安全问题由于直接关系到软件能否在多个领域可靠应用,并且影响到系统的安全,所以显得尤为重要.随着网络攻击与防护技术的深入发展,对软件安全提出了更高的要求,代码的缺陷使应用软件、Web系统及数据库系统面临巨大安全挑战.通过分析代码在溢出、跨站脚本、SQL攻击、加密代码、代码失效及软件模拟方式等方面存在的安全性问题,提出使用托管代码迁移、内存探测、正则表达式检测、签名等多种技术方法以实现代码的安全性需求,确保软件的可靠性,最后给出了一些能够提高安全性的编码原则.     

一种基于流图变换的代码迷惑算法

为了提高软件的安全性,常使攻击者难以理解专利软件系统内部的工作机制,代码迷惑技术因其代价低廉而越来越受到人们的重视。代码迷惑技术的提出对于软件保护具有非常重要的意义,代码迷惑技术的使用可以对程序代码及核心算法进行保护。简要概述了代码迷惑技术基本内容,阐述了基本块和流图的相关知识,给出了可归约流图变换为不可归约流图的迷惑变换具体的算法及实验结果,并对算法的有效性进行了分析。     

基于软件工程思想的软件安全性保障框架研究

通过分析软件安全领域存在的问题,以软件工程思想为基础,运用系统安全工程的原则,提出一个软件安全性保障框架。在软件开发生命周期过程中,将软件安全保障集成到需求分析,设计编码,测试,维护四个环节中,详细阐述了每个环节要进行的安全性处理的任务,采用一系列安全预测和分析技术,确保软件开发的安全性和可靠性。