摘要
随着软件规模的不断增大,如何保证软件的可靠性和安全性成为学术界和工业界越来越关注的问题.然而由于C语言自身缺乏边界检测的机制,使得它不能确保软件的可靠性与安全性.当前的检测方法都或多或少存在问题,如不兼容、不完整等.设计了一种完整的C程序内存安全的运行时检测方法,能确保C程序的时间内存安全和空间内存安全.本文是采用基于指针方法,并且借助开源编译器clang实现了确保C程序内存安全的运行时验证工具TASSafe.通过实验证明我们的工具是有效并且是高效的.
With the increasing of the scale of software, how to guarantee the reliability and safety of the software has become a growing concern in academia and industry. However, due to the lack of bounds checking of C language,it cant ensure the reliability and security of the software. And a variety of methods exist generally suffer from one or more drawbacks including the inability to detect all errors, the use of incompatible metadata, and so on. In this paper, a method of detecting C program memory security is designed, which can ensure the temporal and spatial of the C program. This paper uses the based-pointer method, and with the aid of the open source compiler clang, the runtime verification tool TASSafe is implemented to ensure C program memory security. Experiments show that our tool is effective and efficient.
出处
《小型微型计算机系统》
CSCD
北大核心
2017年第10期2358-2362,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61100034)资助
国家自然科学基金委员会-中国民航局民航联合研究基金项目(U1533130)资助
教育部留学回国人员科研启动基金项目(2013)资助
关键词
运行时验证
缓冲区溢出
时间内存安全
空间内存安全
基于指针
runtime verification
buffer overflow
temporal memory safety
spatial memory safety
based-pointer
