| 基于信息流分析的源代码漏洞挖掘技术研究 |
| |
| 引用本文: | 时志伟,李小军. 基于信息流分析的源代码漏洞挖掘技术研究[J]. 信息网络安全, 2011, 0(11): 75-77 |
| |
| 作者姓名: | 时志伟 李小军 |
| |
| 作者单位: | 中国信息安全测评中心;北京启明星辰信息安全技术有限公司 |
| |
| 摘 要: | 为弥补软件漏洞挖掘领域的不足,文章介绍了一种基于源代码信息流分析的静态漏洞挖掘方法,通过对源代码中函数的数据输入点进行信息流分析,观察其流向,在敏感函数调用点进行分析判断,最终确定是否存在漏洞。
|
| 关 键 词: | 源代码 漏洞挖掘 信息流 符号执行 |
Source Code Vulnerability Detection Using Information Flow Analysis |
| |
| SHI Zhi-wei,LI Xiao-jun. Source Code Vulnerability Detection Using Information Flow Analysis[J]. Netinfo Security, 2011, 0(11): 75-77 |
| |
| Authors: | SHI Zhi-wei LI Xiao-jun |
| |
| Affiliation: | 1.China Information Technology Security Evaluation Center,Beijing 100085,China;2.Venustech Information Security Investment Co Ltd,Beijing 100193,China) |
| |
| Abstract: | To compensate the deficiency of current software vulnerability exploiting,a new static vulnerability detection method using source code information flow analysis,is introduced in this paper.According to this method,the info-flow analysis starts at the data input of functions,and the direction of the information flow should be concerned,as well as places where a sensitive function is called.Based on the analysis,vulnerabilities in the source code can be detected. |
| |
| Keywords: | source code vulnerability discovering information flow symbolic execution |
| 本文献已被 CNKI 维普 等数据库收录! |
|
