| ClearBug一种改进的自动化漏洞分析工具 |
| |
| 引用本文: | 刘波,文伟平,孙惠平,卿斯汉. ClearBug一种改进的自动化漏洞分析工具[J]. 信息网络安全, 2009, 0(5): 28-31. DOI: 10.3969/j.issn.1671-1122.2009.05.013 |
| |
| 作者姓名: | 刘波 文伟平 孙惠平 卿斯汉 |
| |
| 作者单位: | 北京大学软件与微电子学院信息安全系,北京,102600 |
| |
| 摘 要: | 随着软件漏洞的危害性不断增强,软件漏洞分析已经成为了国内外安全研究的热点。已有的工作大致可以分为静态分析和动态分析两类。本文在开源的软件漏洞静态分析工具Bugscam的基础上,提出了一种建立漏洞模型,映射漏洞模型为分析程序,并进行漏洞分析的思路。对于大量的软件漏洞,我们提出,将其分为函数漏洞和逻辑漏洞两类,并分别探讨了两种模型与程序之间的对应关系。最后,对我们编写的一个改进的自动化漏洞分析工具clearBug进行了介绍,并用实验验证了模型与程序的正确性和有效性。
|
| 关 键 词: | 漏洞模型 自动化分析 ClearBug |
ClearBug An improved automatic tool for bug analysis |
| |
| LIU Bo,WEN Wei-ping,SUN Hui-ping,QING Si-han. ClearBug An improved automatic tool for bug analysis[J]. Netinfo Security, 2009, 0(5): 28-31. DOI: 10.3969/j.issn.1671-1122.2009.05.013 |
| |
| Authors: | LIU Bo WEN Wei-ping SUN Hui-ping QING Si-han |
| |
| Affiliation: | (Department of lnformation Security, SSM, Peking University, Beijing 102600, China) |
| |
| Abstract: | With the increasing harmfulness of software vulnerability, identifying potential vulnerabilities in software has become the focus of security research. The current analysis method can be roughly divided into two categories: static analysis and dynamic analysis. This paper presents an idea based on open source static analysis tool BugScam. First, set up vulnerability model. Then, map the model to program and begin vulnerability analysis. We classified vulnerability model to function model and logic model and research the corresponding relationship between model and program. Finally, we give an introduction of our improved automatic vulnerability analysis tool ClearBug. The experiment results show that our tool can effectively find out some software vulnerability. |
| |
| Keywords: | ClearBug |
| 本文献已被 维普 万方数据 等数据库收录! |
|
