摘要
污点分析技术常用于跟踪二进制程序的信息流及检测安全漏洞,通过程序的动态执行来检测程序中由测试用例触发的漏洞。它的误报率很低,但是漏报率较高。针对污点分析的这一问题,动态符号化污点分析方法对污点分析进行了改进,通过将污点分析符号化来降低漏报率。根据基于指令的污点传播来获得相关污点数据的信息,同时制定符号化的风险分析规则,通过检测污点信息是否违反风险规则来发现存在的风险。实验结果表明,该方法不仅具有污点分析低误报率的优点,而且克服了污点分析高漏报率的缺点。在污点分析过程中产生的漏洞、风险及相关污点信息还可用于指导测试用例的生成,提高测试效率并降低测试用例的冗余。
The dynamic taint analysis(DTA for short)technique is usually applied to track information flow and detect security vulnerabilities.It detects the vulnerabilities of program triggered by some test cases dynamically.Though its false positive rate is very low,its false negative rate is very high.Concerning this issue,the dynamic symbolic taint analysis(DSTA for short)is an enhancement to dynamic symbolic analysis,which symbolizes the taint analysis to reduce false negative rate.The technique collects taint information according to taint propagating based on instructs,and makes symbolic risk rule to find some potential vulnerabilities by detecting whether the taint information breaks some risk rules.The experimental results show that this method not only ensures the advantage of DTA's low false positive rate,but also reduces the disadvantage of DTA's high false negative rate.The information of vulnerabilities,risks and taint data can be applied to generate test cases,which improves the test efficiency and reduces the redundancy of test case.
出处
《计算机科学》
CSCD
北大核心
2016年第2期155-158,187,共5页
Computer Science
关键词
污点分析
符号化
漏洞检测
测试用例
数据跟踪
Taint analysis
Symbolic
Vulnerability detecting
Test case
Data tracking
