摘要
针对基于8031单片机系统软件的安全问题,对各权威漏洞数据库进行了分析研究,采用一种基于ECV规则的攻击分析方法从攻击事件中提取漏洞知识,根据漏洞种类及特征将漏洞从代码安全的角度分类,设计了三层结构的漏洞知识库,并根据漏洞知识库的设计提出了一种基于知识的漏洞检测算法,用于检测8031单片机系统漏洞.基于上述方法设计并实现了软件安全性逆向分析系统,对8031单片机系统进行漏洞检测.实验结果表明,基于该漏洞知识库的漏洞检测算法可以对目标程序正确进行漏洞检测,有利于降低软件代码漏洞量,并在一定程度上降低成本和资源消耗.
The 8031 microcontroller software are currently used widely and its security issue become increasingly prominent. In view of this, the authoritative vulnerability databases were studied, extracted knowledge from attacks through a rule of ECV, classified security vulnerabilities according to the type and characteristics based code security, designed three-tier structure vulnerability knowledge database, and proposed a knowledge-based vulnerability detection algorithm based on the vulnerability knowledge library to detect the vulnerability of 8031 microcontroller. Designed and implemented a software security reverse-analysis system for 8031 binary program, and the effectiveness and availability of the vulnerability knowledge database and the rule of ECV were verified. The experimental result shows that the algorithm can correctly detect the target program vulnerability, having great significant in reducing the number of software vulnerabilities and saving lots of cost in detecting software vulnerability.
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2017年第4期371-375,共5页
Transactions of Beijing Institute of Technology
基金
国家重点研发计划资助项目(2016YFB0800700)
关键词
漏洞知识库
8031单片机
漏洞检测
软件安全
vulnerability knowledge database
8031 microcontroller
vulnerability detection
software security
