摘要
基于在软件开发过程中有很多静态缺陷函数检测方法与工具都具有局限性,且对软件开发后期的黑盒测试关联不大,文中提出了一种在软件开发早期运用的静态缺陷函数检测框架,该框架不仅可以解决静态分析工具误报的问题,还可以为后期的安全性黑盒测试提供数据流约束,为自动生成数据流提供有效支持。
Although there are many methods and tools of static vulnerable function detection for use in the process of software development,they have their limitations.Besides,they provide no support for the black-box testing in the later stage of software development.In this paper,based on the previous work,a framework of static vulnerable function detection used in the early stage of software development is proposed,which not only can avoid false alarms by static analysis tools to some degree,but also can provide a set of data-flow constraints used to automatically generate the data-flow in the black-box testing for security in the later stage.
出处
《指挥信息系统与技术》
2010年第6期15-19,78,共6页
Command Information System and Technology
基金
国家高技术研究发展计划(863计划)课题(2009AA01Z402)
关键词
静态分析
软件缺陷检测
软件缺陷验证
软件测试
static analysis
software vulnerability detection
software vulnerability inspection
software testing