期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于条件范围约束的越界访问检测方法 被引量:2

Detecting Out-of-Bounds Accesses with Conditional Range Constraint
下载PDF
导出
摘要 程序执行时的越界访问将导致异常的行为,已有的越界检测方法存在效率低或精度不高的缺点.分两步检测程序中的越界访问语句在约束产生阶段,提出一个流敏感、过程间的约束状态产生算法,为每条语句建立一个范围约束集合和值约束集合;在约束求解阶段,利用线性规划计算程序访问的内存大小和偏移量,报告可能的越界访问漏洞.实验表明,检测效率明显高于路径敏感的范围分析方法,而平均检测精度高于80%. Out-of-bounds accesses can lead to nondeterministic behaviors. Proposed in this paper is a novel detection method based on conditional range constraint. It divides the detection process into two phrases: the constraint generation phase and the constraint resolution phase. In the phase of constraint generation, a flow-sensitive, inter-procedure algorithm is proposed to propagate range constraints and value constraints respectively. In the constraint resolution phase, a linear programming solver is used to determine the bounds of abstract memory locations and the offset. The experiment results show that the method proposed is effective, and its precision is higher than 80 %.
作者 夏一民 罗军 张民选
机构地区 国防科学技术大学计算机学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2006年第10期1760-1766,共7页 Journal of Computer Research and Development
基金 国家"八六三"高技术研究发展计划基金项目(2002AA1Z2101)~~
关键词 越界访问 静态分析 条件范围约束 线性规划 流敏感分析 可靠性 安全 out-of-bounds access static analysis conditional range constraint linear programming flow sensitive analysis reliability security
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献16

  • 1CERT/CC.Advisories[OL].http://www.cert.org/advisories,2006
  • 2Yichen Xie,Andy Chou,Dawson Engler.ARCHER:Using symbolic,path-sensitive analysis to detect memory access errors[C].ESEC/FSE'03,Helsinki,Finland,2003
  • 3Dinakar Dhurjati,Vikram Adve.Backwards-compatible array bounds checking for C with very low overhead[C].International Conference on Software Engineering (ICSE),Shanghai,2006
  • 4Nurit Dor,Michael Rodeh,Mooly Sagiv.CSSV:Towards a realistic tool for statically detecting all buffer overruns in C[C].ACM PLDI,San Diego,USA,2003
  • 5David Evans,David Larochelle.Improving security using extensible lightweight static analysis[J].IEEE Software,2002,19(1):42-51
  • 6D Wagner,J Foster,E Brewer,et al.A first step towards automated detection of buffer overrun vulnerabilities[C].Symp on Network and Distributed Systems Security,San Diego,California,USA,2000
  • 7Vinod Ganapathy,et al.Buffer overrun detection using linear programming and static analysis[C].ACM CCS,Washington,DC,USA,2003
  • 8V Benjamin Livshits,Monica S Lam.Tracking pointers with path and context sensitivity for bug detection in C programs[C].ESEC/FSE'03,Helsinki,Finland,2003
  • 9William Blume,Rudolf Eigenmann.Symbolic range propagation[C].The 9th Int'l Parallel Processing Symposium,Santa Barbara,CA,USA,1995
  • 10Thomas Fahringer.Efficient symbolic analysis for parallelizing compilers and performance estimators[J].The Journal of Supercomputing,1998,12(3):1-29

同被引文献56

  • 1汪黎,杨学军,王戟,罗宇.操作系统内核程序函数执行上下文的自动检验[J].软件学报,2007,18(4):1056-1067. 被引量:5
  • 2Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing//Proceedings of the Network and Distributed System Security Symposium. San Diego, CA, 2008.
  • 3Cadar C, Ganesh V, Pawlowski P M, Dill D L, Engler D R. EXE: Automatically generating inputs of death//Proceedings of the 13th ACM Conference on Computer and Communications Security. Alexandria, VA, USA, 2006:322-335.
  • 4Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly//Proceedings of the 10th ACM Conference on Computer and Communications Security. Washing:ton DC, USA, 2003:290-299.
  • 5Boonstoppel P, Cadar C, Engler D. RWset: Attacking path explosion in constraint-based test generation//Proceedings of the 14th International Conference. TACAS, Budapest, Hungary, 2008:351-366.
  • 6Xie T, Tillmann N, de Halleux J, Schulte W. Fitness-guided path exploration in dynamic symbolic execution. Microsoft: MSR-TR-2008-123, 2008.
  • 7Balakrishnan G, Reps T. Analyzing memory accesses in x86 exeeutables//Proceedings of the 13th International Conferenee on Compiler Construction. Barcelona, Spain, 2004:5-23.
  • 8Balakrishnan G, Gruian R, Reps T, Teitelbaum T. Codesurfer/x86--A platform for analyzing x86 executables//Proceedings of the 14th International Conference on Compiler Construction. Edinburgh, Scotland, 2005:250-254.
  • 9Cova M, Felmetsger V, Banks G, Vigna G. Static detection of vulnerabilities in x86 executables//Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL,USA, 2006:269-278.
  • 10Anand S, Orso A, Harrold M J. Type-dependence analysis and program transformation for symbolic execution//Proceedings of the International Conference on Tools and Algorithms for Construction and Analysis of Systems. Braga, Portugal, 2007:117-133.

引证文献2

二级引证文献19

计算机研究与发展
2006年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部