摘要
根据缓冲区溢出原因提出一种基于源码分析的缓冲区溢出漏洞检测方法,该方法对源码预处理后进行静态分析并依次构造相应的抽象语法树、控制流图、函数调用图和变量表,最后建立有限状态自动机检测模型.以容易出现溢出的C/C++源码为例,构造相应的检测模型,结果表明:该检测模型相比已有检测方案,可以更加有效地检测出缓冲区溢出漏洞;同时,该方法对程序代码中的危险函数调用和溢出过滤机制也能进行有效识别从而降低误报率,该检测方法也适用于其他语言的源码检测.
According to the causes of buffer overflows,a novel detection method was proposed based on source code analysis. The sources were pre-processed and analyzed statically to construct relevant abstract syntax tree,control flow graph,function call graph and variable table in sequence. A finite automata based on the developed detection model was created to detect overflows. The C / C + + program with common buffer overflows was used to demonstrate the proposed method. The extensive experimental results show that compared to existing methods,the proposed detection model can detect all buffer overflow vulnerabilities efficiently. The dangerous function calls and the overflow filtering mechanism in the code can be recognized to reduce false positive rate. The proposed method can also be easily extended to detect the buffer overflows in the codes of other language source.
出处
《江苏大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第4期450-455,共6页
Journal of Jiangsu University:Natural Science Edition
基金
国家自然科学基金资助项目(61472189)
