摘要
为了更高效地进行代码安全检测,文章基于动态符号执行技术,针对其存在的执行路径空间爆炸、高效约束求解开销以及程序设计语言兼容性这3个不足进行优化,并在此基础上提出了一种基于优化搜索策略动态符号执行的代码安全检测模型。该模型结合了当前主流的代码安全检测技术,提出了一种新型的安全缺陷分类方法,并优化了路径搜索策略,从而可以更加准确、高效地检测出代码中存在的安全问题。
In order to carry out code security detection more efficiently,based on dynamic symbol execution technology,this paper optimizes its three limitations of execution path space explosion,efficient constraint solution overhead,and programming language compatibility,and proposes a code security detection model based on dynamic symbol execution of optimized search strategy.This model combines the current mainstream code security detection technology,using a new classification method of security defects,and the path search strategy is optimized to detect the security problems in the code more accurately and efficiently.
作者
陈莉娟
喻金龙
CHEN Lijuan;YU Jinlong(Hubei Huazhong Electric Power Technology Development Co.,Ltd.,Wuhan 430077,China)
出处
《电力信息与通信技术》
2019年第1期127-132,共6页
Electric Power Information and Communication Technology
关键词
动态符号执行
代码安全缺陷分类
路径搜索
路径约束求解
代码安全检测
dynamic symbol execution
code security defect classification
path search
path constraint solving
code security detection
