| 恶意后门代码审计分析技术 |
| |
| 引用本文: | 袁兵,梁耿,黎祖锋,桂永宏,王睿.恶意后门代码审计分析技术[J].计算机安全,2013(10):47-49. |
| |
| 作者姓名: | 袁兵 梁耿 黎祖锋 桂永宏 王睿 |
| |
| 作者单位: | 中国移动通信集团广西有限公司,广西南宁530022 |
| |
| 摘 要: | 现有代码安全审计主要是关注语言自身的缺陷,即语言所包含的API函数的风险,无法理解软件源代码中逻辑和核心资产与外界的关系,更无法判断源代码中所存在的恶意后门代码,因此,外包开发团队或者恶意开发人员设置的后门代码将无法查找和定位。为了解决上述现有方案的缺点和盲点,在现有的代码安全审计的基础之上,结合最小攻击面和保护资产列表,分析所有受保护的信息资产与攻击面的关系,查找保护资产在系统内对所有代码元素的影响,并审查其相关路径,找出不期望的代码执行路径,从而达到定位恶意代码功能。识别恶意程序,降低源代码安全风险。
|
| 关 键 词: | 信息安全 代码审计 恶意后门 |
Malicious Backdoor Code Audit Analysis |
| |
| YUAN Bing,LIANG Geng,LI Zu-feng,GUI Yong--hong,WANG Rui.Malicious Backdoor Code Audit Analysis[J].Network & Computer Security,2013(10):47-49. |
| |
| Authors: | YUAN Bing LIANG Geng LI Zu-feng GUI Yong--hong WANG Rui |
| |
| Affiliation: | (China Mobile Group Ouangxi Company Limited, Nanning, Guangxi 530022. China) |
| |
| Abstract: | The purpose of this thesis is to solve the shortage of existing solutions security audit, the effect of find out, not program source combined with the minimum attack surface and protect assets list, attack, find the protection of assets of all code elements in the the desired code execution path, so as to achieve the positioning code, reduce security rises. and blind spots, on the analysis all the protected system, and the review o function of malicious code basis of existing code information assets and f the related path to Identify the malicious |
| |
| Keywords: | malicious backdoor information security code audit |
| 本文献已被 CNKI 维普 等数据库收录! |
|
