摘要
C代码中的释放后重用缺陷严重影响着嵌入式系统的鲁棒性与可靠性。针对此类漏洞的现有检测方案多针对于计算机系统及应用程序,无法为复杂多样的嵌入式程序提供支持。静态代码分析可以在没有代码运行环境的前提下进行代码缺陷检测。因此,基于LLVM编译框架设计了静态污点追踪方案,实现了针对释放后重用缺陷代码特征的自动化检测。实验结果证明了该方法能够快速、准确地检测C代码释放后重用缺陷,并且能够在大规模的嵌入式C代码项目中应用。
Use-after-Free(UaF)bugs in C programs seriously affect the robustness and reliability of embedded systems.Current detection methods are mostly focused on computer operating systems or applications,which does not support complex and variable embedded systems.A static code analysis can achieve the detection without the requirement of execution environment.Therefore,a static taint analysis tool based on the LLVM compiler infrastructure has been implemented to detect UaF bugs in theembedded C code automatically.Experimental results prove that this static analysis method can detect UaF bugs in C programs rapidly with low false positive and false negative.It is also proved that the tool can be applied in large-scale embedded C projects.
作者
王亚昕
李孝庆
伍高飞
唐士建
朱亚杰
董婷
WANG Yaxin;LI Xiaoqing;WU Gaofei;TANG Shijian;ZHU Yajie;DONG Ting(Beijing Institute of Space Mechanics&Electricity,Beijing 100094,China;School of Cyber Engineering,Xidian University,Xi’an 710071,China)
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2021年第1期124-132,148,共10页
Journal of Xidian University
基金
国家自然科学基金(61602361,U1836210,61572460),国家重点研发计划(2018YFB080470)。
