摘要
C/C++语言在追求高效、灵活的同时也带来了诸如内存泄漏、指针非法使用等安全漏洞,极大地威胁着系统的安全。通过对计算机漏洞的分类研究,有助于增强人们对漏洞本质的理解以及针对性地检测、消除漏洞。本文在分析大量安全漏洞的基础上,对C/C++中的安全漏洞进行分类,为安全规则检查器的构造提供依据,为软件的安全开发提供指导。
C/C ++ language aims to provide high efficiency and flexibility, however, it also brings some safe holes such as memory leak, invalid pointer reference and so on at the same time, which becomes a great threaten to the security of the system. The taxonomy of computer vulnerahilities can result in an increased understanding of the nature of software vulnerabilities, which contributes to detecting and eliminating them respectively. Based on the analysis of large numbers of security vulnerabilities, this paper gives a method about how to classify the security vulnerability in the C/C ++ language, which provides the basis for the con- struction of safe rules checker and the guidance for the development of software security.
出处
《计算机与现代化》
2013年第5期95-98,102,共5页
Computer and Modernization
关键词
安全漏洞
分类研究
数组越界
内存泄露
safe hole
classification research
array overflow
memory leak
