一种基于指针逻辑的代码安全属性分析方法被引量：3

A New Property Verification Method for Code Security Based on Pointer Logic

下载PDF

导出

摘要在分析和总结前人工作的基础上,提出了一种改进的代码安全属性验证方法.该方法在利用传统的源代码安全属性验证工具的基础上,加入了指针逻辑,针对现有代码属性分析技术只能对C语言子集进行分析验证的不足,利用指针逻辑对源代码的分析结果对源代码中的指针进行替换,从而避开了传统静态代码属性验证工具对指针处理功能太弱的瓶颈,可以实现对C语言中的部分指针及运算进行处理. This paper proposes an improved verification method for code security property on the basis of the study of predecessors＇ work. According to the situation that current code property verification can only deal with a subset of C programming language, this paper introduces the pointer logic, whose result can be used by the replacement algorithm to substitute all the pointers in the source code, to the conventional code security property verification tools. The proposed ap- proach avoids the weakness of pointer processing in the traditional static code property verification, and therefore can handle pointers in C programming language when property verification partially.

作者张阳程亮

机构地区中国科学院软件研究所中国科学技术大学电子工程与信息科学系

出处《计算机学报》 EI CSCD 北大核心 2009年第6期1119-1125,共7页 Chinese Journal of Computers

基金国家"八六三"高技术研究发展计划项目基金(2007AA01Z465 2006AA01Z433 2007AA01Z414)资助~~

关键词操作系统安全形式化验证代码分析模型检测指针逻辑 operating system security formal verification code analysis model checking pointer logic

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献16

1Clarke Edmund M, Grumberg Orna, Peled Doron A. Model Checking. Massachusetts: The MIT Press, 1999
2Nipkow T, Paulson L. Isabelle/HOL-A proof assistant for higher-order logic//Lecture Notes in Computer Science 2283. Springer, 2008
3Cruz Jorge. Constraint Reasoning for Differential Models. Amsterdam~ The IOS Press, 2005
4Weiβenbacher Georg. An abstraction/refinement scheme for model checking C programs [M. S. dissertation]. Technischen Universitat Graz, Graz, Austria, 2003
5Henzinger T A, Jhala R, Majumdar R, Necula G C, Sutre G, Weimer W. Temporal-safety proofs for systems code// Proceedings of the 14th International Conference on Computer-Aided Verification (CAV). Copenhagen, Denmark, 2002 : 526- 538
6Clarke M, Kroening D, Sharygina N, Yorav K. SATABS: SAT-based predicate abstraction for ANSI-C//Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005). Edinburgh, U. K. , 2005: 570-574
7Flanagan C, Leino K R M, Lillibridge M, Nelson G, Saxe J B, Stata R. Extended static checking for java//Proceedings of the ACM SIGPLAN2002 Conference on Programming Language Design and Implementation (PLDI' 2002). Berlin, Germany, 2002:234- 245
8Barnett M, Leino K R M, Schulte W, The Spec# programming system: An overview//Proceedings of the CASSIS'04. Marseille, France, 2005:49-69
9Filliatre J C, Marche C. Multi-prover verification of C pro- grams//Proceedings of the ICFEM. Seattle, USA, 2004: 15-29
10Blazy Sandrine, Dargaye Zaynah, Leroy Xavier. Formal veri fication of a C compiler front-end//Proeeedings of the Sympo slum on Formal Methods (FM' 06). Hamilton, Canada 2006: 460-475

二级参考文献37

1Morrisett G, Walker D, Crary K, Glew N. From system F to typed assembly language//Proceedings of the 25th ACM Symposium on Principles of Programming Languages. San Diego, 1998:85-97
2Mandelbaum Y, Walker D, Harper R. An effective theory of type refinements//Proceedings of the 8th International Conference on Functional Programming. Uppsala, Sweden, 2003: 213-225
3Necula G. Proof-carrying code//Proceedings of the 24th ACM Symposium On Principles of Programming Languages. New York, 1997:106-119
4Appel A W. Foundational proof-carrying code//Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science. Baston, Massachusetts, USA, 2001:247-258
5Yu D, Hamid N A, Shao Z. Building certified libraries for PCC: Dynamic storage allocation. Science of Computer Programming, 2004, 50(1-3):101 127
6Feng X, Shao Z, Vaynberg A, Xiang S, Ni Z. Modular Verification of Assembly Code with Stack-Based Control Abstractions//Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation. Ottawa, Canada, 2006:401-414
7Xi H. Applied type system: Extended abstract//Proceedings of TYPES 2003. LNCS 3085. Springer-Verlag, 2004: 394- 408
8Steensgaard B. Points to analysis in almost linear time//Proceedings of the 23th Annual ACM Symposium on Principles of Programming Languages. Florida, USA, 1996:32-41
9Berndl M, Lhotak O, Qian F, Hendren L, Umanee N. Points-to analysis using BDDs//Proceedlngs of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation. San Diego, 2003 :103-114
10Hind M. Pointer analysis: Haven't we solved this problem yet? //Proceedings of the ACM Workshop on Program Analysis for Software. Tools and Engineering. Snowbird, Utab, USA, 2001:54-61

共引文献23

1华保健,陈意云,李兆鹏,王志芳,葛琳,江苏苏州215123.安全语言PointerC的设计及形式证明[J].计算机学报,2008,31(4):556-564. 被引量：8
2李兆鹏,陈意云,葛琳,华保健.一种汇编程序的形式验证框架[J].计算机研究与发展,2008,45(5):825-833. 被引量：3
3葛琳,陈意云,华保健,李兆鹏,刘诚.汇编代码验证中的形式规范自动生成[J].小型微型计算机系统,2008,29(7):1219-1224. 被引量：3
4李兆鹏,陈意云,华保健,王伟,田波.一种汇编语言指针逻辑的设计与实现[J].小型微型计算机系统,2009,30(6):1025-1030.
5赵家刚,张晴晖,李俊萩,徐安排,鲁莹,赵毅力.指针的学习与应用[J].电脑编程技巧与维护,2009(16):114-116.
6梁红瑾,张昱,陈意云,李兆鹏,华保健.处理指针相等关系不确定的指针逻辑[J].软件学报,2010,21(2):334-343.
7陈意云,李兆鹏,王志芳,华保健.一种用于指针程序验证的指针逻辑[J].软件学报,2010,21(3):415-426. 被引量：6
8蒋凡,邢学智,章磊.基于反馈的可信网络软件验证与测试集成框架研究[J].中国科学技术大学学报,2010,40(2):197-202. 被引量：1
9王振明,陈意云,王志芳.一个用于指针程序验证的自动定理证明器的设计与实现[J].小型微型计算机系统,2010,31(5):801-806. 被引量：2
10宫团基,夏克俭.查找、插入及删除时间为O(1)的方法研究[J].计算机工程与设计,2010,31(9):2097-2100.

同被引文献34

1EDMUND M.CLARKE,ORNA GRUMBERG,DORON A.Pe- led.Model Checking[M].Massachusetts:The MIT Press,1999.
2NIPKOW T.,PAULSON L..Isabelle/HOL--A Proof Assis- tant for Higher-Order Logic[M].New York:Springer, c2002.
3CRUZ JORGE.Constraint Reasoning for Differential Models [M].The IOS Press,2005.
4WEIBENBACHER GEORG.An Abstraction/Refinement S- cheme for Model Checking C Programs [D].Technischen Universital Graz,Master's thesis,2003.
5RICHARD M.STALLMAN.GNU Compiler Collection Inter- nals for GCC3.3[C].January 2002:101-141.
6J.VIEGA,JT.BLOCH,Y.KOHNO,et al.A Static Vulnerability Sca-nner for C and C++ Code[J].In Proceedings of the 16th, Annual Computer Security Applications Conference(ACSAC 2000).IEEE,2000.
7DAVID EVANS, DAVID LAROCHELLE.Improving Secu- rity Using Extensible Lightweight Static Analysis [J].IEEE Software,Jan./Feb.2002.
8VON RIEGEN M, HUSEMANN, FINK S, et al. Rule-based coordination of distributed Web service transactions[J]. IEEE Transactions on Services Computing, 2010, 3(1): 60-72.
9WARAWOOT P, TOSHIAKI A, ATHASIT S, et al. Conformance verification between Web service choreography and implementation using learning and model checking[C]//2011 IEEE 9th International Conference on Web Services. Hawaii, USA: IEEE, 2011: 722-723.
10SYLVAIN H, ROGER V, OMAR C. Specifying and validating data-aware temporal Web service properties[J]. IEEE Transactions on Software Engineering, 2009, 35(5): 669-683.

引证文献3

1赵利民,赵玉祥.C指针安全性的分析检测[J].天水师范学院学报,2011,31(2):115-117. 被引量：2
2衷璐洁,霍玮,李龙,李丰,冯晓兵,张兆庆.一种场景敏感的高效错误检测方法[J].软件学报,2014,25(3):472-488. 被引量：2
3俞东进,吴为,殷昱煜,闫大强,刘志清.基于模型检测的服务规则路由正确性验证方法[J].电子科技大学学报,2014,43(1):107-112. 被引量：2

二级引证文献6

1王文龙.C/C++数据内存分配和指针使用中若干问题的分析[J].喀什师范学院学报,2013,34(6):36-38. 被引量：4
2苏云辉,方开红.C语言内存错误分析与研究[J].电脑编程技巧与维护,2014(14):22-22. 被引量：2
3王聘,刘伟,杜玉越.基于逻辑数据Petri网的业务过程建模与分析[J].计算机集成制造系统,2017,23(5):921-930. 被引量：6
4朱敬茹,衷璐洁,马冬冬,黄晓.一种基于GPU的危险路径并行提取方法[J].小型微型计算机系统,2017,38(10):2363-2368.
5王曙燕,罗丹,孙家泽.基于变量切片与关联规则的错误定位方法[J].计算机工程,2018,44(7):74-79. 被引量：2
6吕江华,刘志锋,徐亚涛,周从华.基于属性的访问控制策略的正确性验证[J].计算机工程与应用,2016,52(18):98-103.

1拓明福,周兴社,李嘉林,李辉.基于混成自动机的CPS行为建模与属性验证[J].空军工程大学学报（自然科学版）,2016,17(3):40-44. 被引量：2
2刘亮亮,汪平仄.基于Web的概念属性获取方法研究[J].计算机技术与发展,2016,26(8):12-16.
3周从华,吴海玲,鞠时光.广义不可推断属性符号化算术验证的研究[J].计算机研究与发展,2012,49(12):2591-2602. 被引量：1
4刘素萍,郝樊华,龚建,伍怀龙,亢武,胡广春,向永春,聂诗良,胡永波,储诚胜,章剑华.钚部件属性γ射线综合测量原型系统[J].物理学报,2007,56(8):4406-4411. 被引量：7

计算机学报

2009年第6期

浏览历史

内容加载中请稍等...

一种基于指针逻辑的代码安全属性分析方法被引量：3

参考文献16

二级参考文献37

共引文献23

同被引文献34

引证文献3

二级引证文献6

相关作者

相关机构

相关主题

浏览历史

一种基于指针逻辑的代码安全属性分析方法 被引量：3

参考文献16

二级参考文献37

共引文献23

同被引文献34

引证文献3

二级引证文献6

相关作者

相关机构

相关主题

浏览历史

一种基于指针逻辑的代码安全属性分析方法被引量：3