| 基于控制流切片的代码安全缺陷检测方法 |
| |
| 引用本文: | 周宽久,杨广,赖晓晨,崔凯,姚艳双.基于控制流切片的代码安全缺陷检测方法[J].计算机工程与设计,2012,33(6):2265-2271,2304. |
| |
| 作者姓名: | 周宽久 杨广 赖晓晨 崔凯 姚艳双 |
| |
| 作者单位: | 大连理工大学 软件学院,辽宁大连,116620 |
| |
| 基金项目: | 国家自然科学基金项目,中央高校基本科研业务费专项基金项目 |
| |
| 摘 要: | 为轻松获得程序的可能执行路径,进而实现程序变量的状态跟踪,提出了一种C/C++源代码控制流提取算法,通过该模型获取控制流切片,产生局部控制流图,将数据流异常检测与安全子集检测相结合,弥补了单独使用安全子集方法无法跟踪数据流的不足,增强代码安全隐患的挖掘能力.利用控制流图化简,排除部分不可达控制流信息,提高跟踪效率.通过对3个Linux内核源文件的检测,验证了该方法不仅可以检测出违反安全子集的代码安全隐患,同时对代码数据流异常检测提供支持,准确率达94.9%.
|
| 关 键 词: | 代码异常 控制流分析 数据流分析 安全子集 控制流化简 |
Method to detect vulnerary based on control flow slices |
| |
| ZHOU Kuan-jiu
,
YANG Guang
,
LAI Xiao-chen
,
CUI Kai
,
YAO Yan-shuang.Method to detect vulnerary based on control flow slices[J].Computer Engineering and Design,2012,33(6):2265-2271,2304. |
| |
| Authors: | ZHOU Kuan-jiu YANG Guang LAI Xiao-chen CUI Kai YAO Yan-shuang |
| |
| Affiliation: | (Software School,Dalian University of Technology,Dalian 116620,China) |
| |
| Abstract: | To acquire the execution paths from the C/C++ source codes to track program variables and to mine capabilities of code security risks,a control flow Abstraction algorithm of C/C++ source code is proposed to feasibly obtain control flow slices and generate local control flow graph.The data flow anomaly detection and the security subset detection is combined with this model,and the data flow analysis is extended to process and modules to lay the foundation for inter-procedural exception analysis.A simplification method for control flow is used to exclude un–reached control flow information and reduce the number of data flow tracking paths so as to improve the tracking efficiency.Finally,some experimental results show that the model can not only detect violations of safe subset,but also implement data flow anomaly detection.Its accuracy rate is more than 90%. |
| |
| Keywords: | code exception control flow analysis data flow analysis security subset control flow simplification |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
