| 基于应用视角的缓冲区溢出检测技术与工具 |
| |
| 引用本文: | 司徒凌云,王林章,李宣东,刘杨. 基于应用视角的缓冲区溢出检测技术与工具[J]. 软件学报, 2019, 30(6): 1721-1741 |
| |
| 作者姓名: | 司徒凌云 王林章 李宣东 刘杨 |
| |
| 作者单位: | 南京大学 计算机科学与技术系, 江苏 南京 210023;计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023,南京大学 计算机科学与技术系, 江苏 南京 210023;计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023,南京大学 计算机科学与技术系, 江苏 南京 210023;计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023,School of Computer Science and Engineering, Nanyang Technological University, Singapore 210023, Singapore |
| |
| 基金项目: | 国家重点研发计划(2016YFB1000802);国家自然科学基金(61632015,61472179,61572249,61561146394);南京大学博士研究生创新创意项目(2016014) |
| |
| 摘 要: | 缓冲区溢出漏洞是危害最为广泛和严重的安全漏洞之一,彻底消除缓冲区溢出漏洞相当困难.学术界、工业界提出了众多缓冲区溢出漏洞检测技术与工具.面对众多的工具,使用者如何结合自身需求有效地选择工具,进而应用到漏洞的检测与修复、预防与保护、度量与评估等方面,是具体而实际的问题.解决这一问题,需要在各异的用户需求与多样的缓冲区溢出检测技术与工具之间建立一张条理清晰、便于用户理解和使用的映射图谱.站在使用者的立场,在概述缓冲区溢出漏洞类型与特征的基础上,从软件生命周期阶段的检测与修复、缓冲区溢出攻击阶段的预防与保护、基于认识与理解途径的度量与评估这3个应用视角,对缓冲区溢出漏洞检测技术与工具进行梳理,一定程度上在用户需求、检测技术与工具之间建立了一张映射图谱.
|
| 关 键 词: | 软件安全 缓冲区溢出 漏洞检测 攻击防护 度量评估 |
| 收稿时间: | 2017-07-01 |
| 修稿时间: | 2017-08-29 |
Buffer Overflow Detection Techniques and Tools Based on Application Perspective |
| |
| SITU Ling-Yun,WANG Lin-Zhang,LI Xuan-Dong and LIU Yang. Buffer Overflow Detection Techniques and Tools Based on Application Perspective[J]. Journal of Software, 2019, 30(6): 1721-1741 |
| |
| Authors: | SITU Ling-Yun WANG Lin-Zhang LI Xuan-Dong LIU Yang |
| |
| Affiliation: | Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China;State Key Laboratory for Novel Software Technology Nanjing University), Nanjing 210023, China,Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China;State Key Laboratory for Novel Software Technology Nanjing University), Nanjing 210023, China,Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China;State Key Laboratory for Novel Software Technology Nanjing University), Nanjing 210023, China and School of Computer Science and Engineering, Nanyang Technological University, Singapore 210023, Singapore |
| |
| Abstract: | Buffer overflow vulnerability is one of the most widely exploited and dangerous security vulnerabilities, it is extremely difficult to eliminate buffer overflow vulnerability completely. A lot of buffer overflow detection techniques and tools have been proposed in the academy and industrial. In the face of numerous tools, itis a specific and practical issue that how could users choose these tools effectively and applied them to the application aspects such as detection and repair, prevention and protection, measurement and assessment. It is necessary to establish a clear map among different user requirements and multiple buffer overflow detection techniques and tools for sake of solving the problem. On the basis of an overview of the types and characteristics of buffer overflow vulnerabilities, buffer overflow detection techniques ant tools are analyzed and elaborated from three application perspectives, i.e. software life cycle based detection and repair, buffer overflow attack stages based prevention and protection, knowledge and understanding based measurement and assessment, which created a map of user requirement and techniques and tools to a certain degree. |
| |
| Keywords: | software security buffer overflow vulnerability detection attack prevention and protection measurement and assessment |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
