摘要
随着软件漏洞的危害性不断增强,软件漏洞分析已经成为了国内外安全研究的热点。已有的工作大致可以分为静态分析和动态分析两类。本文在开源的软件漏洞静态分析工具BugScam的基础上,提出了一种建立漏洞模型,映射漏洞模型为分析程序,并进行漏洞分析的思路。对于大量的软件漏洞,我们提出,将其分为函数漏洞和逻辑漏洞两类,并分别探讨了两种模型与程序之间的对应关系。最后,对我们编写的一个改进的自动化漏洞分析工具ClearBug进行了介绍,并用实验验证了模型与程序的正确性和有效性。
With the increasing harmfulness of software vulnerability, identifying potential vulnerabilities in software has become the focus of security research. The current analysis method can be roughly divided into two categories: static analysis and dynamic analysis. This paper presents an idea based on open source static analysis tool BugScam. First, set up vulnerability model. Then, map the model to program and begin vulnerability analysis. We classified vulnerability model to function model and logic model and research the corresponding relationship between model and program. Finally, we give an introduction of our improved automatic vulnerability analysis tool ClearBug. The experiment results show that our tool can effectively find out some software vulnerability.
出处
《信息网络安全》
2009年第5期28-31,共4页
Netinfo Security
