摘要
针对C/C++程序中易出现的内存泄漏、缓冲区溢出、指针非法引用等安全漏洞,重点研究了基于函数依赖关系的自下而上全局分析与基于安全漏洞模式的控制流与数据流分析,提出了一种针对源代码的静态安全漏洞分析框架并构建了相应的静态安全漏洞分析工具原型。实验结果表明,该原型能够检测出C/C++程序中常见的安全漏洞。与同类型安全分析工具比较,具有支持全项目检查、可避免函数重复分析、安全规则可定制等优点。
To detect such satety holes in C/C+ + programs as memory leak, buffer overflow and invalid pointer reference, a bottom-up global analysis method based on function dependency is studied. And control- flow/data-flow analysis based on safety hole patterns is also studied. A static safety hole analysis framework is proposed and a corresponding tool is developed. By testing, it is shown that the tool can help to detect common safety holes in C/C+ + program. In comparison with similar analysis tools, the tool developed supports whole-project analysis, analyzes each function only once and supports customization of safety rules.
出处
《系统工程与电子技术》
EI
CSCD
北大核心
2008年第6期1155-1158,共4页
Systems Engineering and Electronics
基金
"十一五"预先研究项目资助课题(51315060103)