期刊文献+

一种有效的静态缺陷函数检测框架

An Effective Framework of Static Vulnerable Function Detection
下载PDF
导出
摘要 基于在软件开发过程中有很多静态缺陷函数检测方法与工具都具有局限性,且对软件开发后期的黑盒测试关联不大,文中提出了一种在软件开发早期运用的静态缺陷函数检测框架,该框架不仅可以解决静态分析工具误报的问题,还可以为后期的安全性黑盒测试提供数据流约束,为自动生成数据流提供有效支持。 Although there are many methods and tools of static vulnerable function detection for use in the process of software development,they have their limitations.Besides,they provide no support for the black-box testing in the later stage of software development.In this paper,based on the previous work,a framework of static vulnerable function detection used in the early stage of software development is proposed,which not only can avoid false alarms by static analysis tools to some degree,but also can provide a set of data-flow constraints used to automatically generate the data-flow in the black-box testing for security in the later stage.
出处 《指挥信息系统与技术》 2010年第6期15-19,78,共6页 Command Information System and Technology
基金 国家高技术研究发展计划(863计划)课题(2009AA01Z402)
关键词 静态分析 软件缺陷检测 软件缺陷验证 软件测试 static analysis software vulnerability detection software vulnerability inspection software testing
  • 相关文献

参考文献1

二级参考文献10

  • 1苏璞睿,杨轶.基于可执行文件静态分析的入侵检测模型[J].计算机学报,2006,29(9):1572-1578. 被引量:14
  • 2Zaremski A M,Wing J M.Signature maching:A tool for using soft- ware libraries[J].ACM TOSEM, 1995,4(2) : 146-170.
  • 3Zaremski A M.Signature and specification matching[D].Computer Science Department,Carnegie Mellon University,1996.
  • 4Ceesay E N,Zhou Jing-min,Gertz M,et al.Using type qualifiers to analyze untrusted integers and detecting security flaws in C programs[C]//LNCS 4064 : DIMVA 2006,2006: 1-16.
  • 5Ganapathy V, Seshia S A,Jha S,et al.Automatic discovery of API- level exploits[C]//Proceedings of the 27th International Conference on Software Engineering(ICSE'05).New York,NY,USA:ACM Press, May 2005 : 312-321.
  • 6Emmerik M V.Signatures for library functions in executable ties, Technical Report 2/94[R].Faculty of Information Technology, Queensland University of Technology,Australia, 1994-04.
  • 7Geffner J,Sun Ning,Albrecht B,et al.Binary function database system:Agent:Microsoft Corporation-Redmond,WA,US.USPTO Applicaton #: 20080250018[P].2007-04-09.
  • 8Brumley D, Newsome J,Song D, et al.Towards automatic generation of vulnerability-based signatures[C]//Proc of the 2006 IEEE Syrup on Security and Privacy,2006:2-16.
  • 9Intel Corporation.IA-32 Intel architecture software developer's manual : Instruction set reference[Z].2006-06.
  • 10Gao D,Reiter M K,Song D X.Gray-box extraction of execution graphs for anomaly detection[C]//Atluri V,Pftzmann B,McDaniel P D. ACM Conference on Computer and Communications Security.[S.l.]: ACM Press, 2004 : 318-329.

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部