| 执行路径建模进程化代码分析 |
| |
| 引用本文: | 林锦滨,蒋 凡. 执行路径建模进程化代码分析[J]. 计算机工程, 2010, 36(9): 68-69,72 |
| |
| 作者姓名: | 林锦滨 蒋 凡 |
| |
| 作者单位: | (中国科学技术大学计算机科学与技术学院,合肥 230027) |
| |
| 基金项目: | 国家“863”计划基金资助项目(2009AA01Z145) |
| |
| 摘 要: | 针对符号执行分析方法路径资源消耗过大的问题,提出执行路径建模进程化的过程内分析优化方法。结合基于惰性初始化的对象建模方法,以Phoenix编译器中间表示层的代码作为直接分析对象,实现一个检测C代码漏洞的工具原型。使用该工具验证了Openssl和Apache软件的已知漏洞代码,并在wget的1.11.4版本中发现一个"拒绝服务"漏洞。
|
| 关 键 词: | 符号执行 静态分析 C代码 漏洞检测 |
| 修稿时间: | |
Code Analysis of Modeling Execution Path as Process |
| |
| LIN Jin-bin,JIANG Fan. Code Analysis of Modeling Execution Path as Process[J]. Computer Engineering, 2010, 36(9): 68-69,72 |
| |
| Authors: | LIN Jin-bin JIANG Fan |
| |
| Affiliation: | (School of Computer Science and Technology,University of Science and Technology of China,Hefei 230027) |
| |
| Abstract: | Aiming at the problem that the resource consumption of symbolic execution is too large,this paper proposes an intra-procedural analysis method which is named modeling execution path as process,and combines using the method of modeling objects which is named lazy initialization.A tool prototype which can detect the vulnerability of C code is implemented,and analyzes the Intermediate Rresent(IR) of Phoenix as the direct object.Some known vulnerabilities of Openssl and Apache are verified,and a DOS vulnerability of the version 1.11.4 of wget is detected. |
| |
| Keywords: | symbolic execution static analysis C code vulnerability detection |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
