首页 | 本学科首页   官方微博 | 高级检索  
     

源代码漏洞静态分析技术
引用本文:刘嘉勇,韩家璇,黄诚. 源代码漏洞静态分析技术[J]. 信息安全学报, 2022, 7(4): 100-113
作者姓名:刘嘉勇  韩家璇  黄诚
作者单位:四川大学 网络空间安全学院 成都 中国 610207
基金项目:本课题得到国家自然科学基金资助项目(No.61902265)、四川省科技厅重点研发资助项目(No.2020YFG0047,No.2020YFG0076)资助.
摘    要:漏洞这一名词伴随着计算机软件领域的发展已经走过了数十载。自世界上第一个软件漏洞被公开以来,软件安全研究者和工程师们就一直在探索漏洞的挖掘与分析方法。源代码漏洞静态分析是一种能够贯穿整个软件开发生命周期的、帮助软件开发人员及早发现漏洞的技术,在业界有着广泛的使用。然而,随着软件的体量越来越大,软件的功能越来越复杂,如何表示和建模软件源代码是当前面临的一个难题;此外,近年来的研究倾向于将源代码漏洞静态分析和机器学习相结合,试图通过引入机器学习模型提升漏洞挖掘的精度,但如何选择和构建合适的机器学习模型是该研究方向的一个核心问题。本文将目光聚焦于源代码漏洞静态分析技术(以下简称:静态分析技术),通过对该领域相关工作的回顾,将静态分析技术的研究分为两个方向:传统静态分析和基于学习的静态分析。传统静态分析主要是利用数据流分析、污点分析等一系列软件分析技术对软件的源代码进行建模分析;基于学习的静态分析则是将源代码以数值的形式表示并提交给学习模型,利用学习模型挖掘源代码的深层次表征特征和关联性。本文首先阐述了软件漏洞分析技术的基本概念,对比了静态分析技术和动态分析技术的优劣;然后对源代码的表示方法进行...

关 键 词:源代码漏洞  静态分析  数据流分析  污点分析  机器学习
收稿时间:2021-08-07
修稿时间:2021-11-01

Vulnerability Detection In Source Code Using Statice Analysis
LIU Jiayong,HAN Jiaxuan,HUANG Cheng. Vulnerability Detection In Source Code Using Statice Analysis[J]. Journal of Cyber Security, 2022, 7(4): 100-113
Authors:LIU Jiayong  HAN Jiaxuan  HUANG Cheng
Affiliation:School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China
Abstract:The term vulnerability has gone through several decades with the development of the computer software field. Since the first software vulnerability in the world was made public, software security researchers and engineers have been exploring the methods of vulnerability mining and analysis. The static analysis of source code vulnerability is a technology that can run through the whole software development life cycle and help software developers find software vulnerabilities early. It is widely used in the industry. However, with the increasing volume and complexity of software, how to represent and model the software source code is a difficult problem at present. In addition, in recent years, researchers tend to combine static analysis of source code vulnerabilities with machine learning, trying to improve the accuracy of vulnerability mining by introducing machine learning model. Nonetheless, how to select and build a suitable machine learning model is a core issue in this research direction. This paper focuses on the static analysis technology of source code vulnerability (hereinafter referred to as static analysis technology), and reviews the related work in this field. The research of static analysis technology is divided into two directions: traditional static analysis and learning-based static analysis. Traditional static analysis mainly uses a series of software analysis technologies such as data flow analysis and taint analysis to model and analyze the source code of the software; learning-based static analysis represents the source code in numerical form and submits it to the learning model, then using the learning model to mine the deep representation features and relevance of the source code. This paper first expounds the basic concepts of software vulnerability analysis technology, and compares the advantages and disadvantages of static analysis technology and dynamic analysis technology. Next, the representation method of the source code is explained. After that, this paper summarizes the general steps of traditional static analysis and learning-based static analysis, and systematically combs the typical research results of these two research directions, summarizes their technical characteristics and workflow, puts forward the existing problems in the current static analysis technology, and looks forward to the future research work in these directions.
Keywords:source code vulnerability  static analysis  dataflow analysis  taint analysis  machine learning
点击此处可从《信息安全学报》浏览原始摘要信息
点击此处可从《信息安全学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号