| 基于流分析的可执行程序结构化表示工具 |
| |
| 引用本文: | 王伟,韦韬,罗海宁.基于流分析的可执行程序结构化表示工具[J].计算机工程与应用,2007,43(16):95-98. |
| |
| 作者姓名: | 王伟 韦韬 罗海宁 |
| |
| 作者单位: | 1.北京大学 计算机科学研究所,北京 100871 2.武警工程学院 电子技术系,西安 710086 |
| |
| 摘 要: | 直接面向可执行程序进行安全漏洞分析时,首先需要得到二进制代码的中间语言表示。探讨了流分析技术在汇编代码理解中的应用,并在Linux平台上实现了一个轻量级汇编代码结构化表示工具BESTAR。该系统利用控制流和数据流分析技术识别通用控制结构,分析程序执行流,重构表达式和函数,发现数据依赖关系,将汇编代码转换成一个结构化、易理解的中间语言程序,为进一步进行安全分析打下了基础。
|
| 关 键 词: | 安全漏洞 控制流分析 数据流分析 基本块 |
| 文章编号: | 1002-8331(2007)16-0095-04 |
| 修稿时间: | 2006-09 |
Executable program structural representation tool based on flow analysis |
| |
| WANG Wei,WEI Tao,LUO Hai-ning.Executable program structural representation tool based on flow analysis[J].Computer Engineering and Applications,2007,43(16):95-98. |
| |
| Authors: | WANG Wei WEI Tao LUO Hai-ning |
| |
| Affiliation: | 1.Institute of Computer Science & Technology,Peking University,Beijing 100871,China 2.Department of Electronic Technology,Engineering College of the Armed Police Force,Xi’an 710086,China |
| |
| Abstract: | The first step of directly analyzing security vulnerabilities of an executable program is to obtain a structural intermediate representation of its binary code.This paper explores application of flow analysis in assembler understanding,and introduces a lightweight prototype of assembler structural representation tool that we implemented on Linux,named BESTAR.The system uses control flow analysis and data flow analysis techniques to identify common control structures,analyzes executive flow of a program,reconstruct expressions and functions,finds data dependency,finally transforms the assembler into a structural and easy-understanding intermediate language program and makes a good preparation for further security analysis. |
| |
| Keywords: | security vulnerability control flow analysis data flow analysis basic block |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
