一种基于代码静态分析的缓冲区溢出检测算法

缓冲区溢出目前已成为最常见的软件安全漏洞之一,从源代码形式来看,常见的缓冲区溢出漏洞主要有两种类型:数据拷贝和格式化字符串造成的缓冲区溢出.分析了常见缓冲区溢出漏洞发生的原因,给出了格式化字符串存储长度的计算方法,介绍了一种基于源代码静态分析的缓冲区溢出检测算法,该算法首先对源代码进行建模,构造其抽象语法树、符号表、控制流图、函数调用图,在此基础上运用区间运算技术来分析和计算程序变量及表达式的取值范围,并在函数间分析中引入函数摘要来代替实际的函数调用.最后使用该方法对开源软件项目进行检测,结果表明该方法能够有效地、精确地检测缓冲区溢出.

A Method of Buffer Overflow Detection Based on Static Code Analysis

With the Internet advances further,people pay more and more attention to information security.Particularly,buffer overflow has become one of the best-known software security vulnerabilities.In terms of source code,software security vulnerabilities can be caused in two ways,data-copy-related and format-control-string-related function calls.This paper summarizes the common functions which are prone to risk buffer overflows,and introduces an algorithm of how to compute the length of formatted string variables when calling the formatted input output functions.It also proposes a method of buffer overflow detection based on static code analysis.The detection method models the source code firstly by creating its Abstract syntax tree,symbol table,control flow graph and function call graph.Based on these models,the value range of variables and expressions in each program point is computed by interval calculation,and when encountering a function call,the function’s summary is applied as a stand-in for the function.This method is scalable by allowing user to add functions under test in configure files.Experiments on open source project show that it would detect buffer overflow efficiently,and its output has both a lower false positive rate and a lower false negative rate than another testing tool,Klocwork K8.