期刊文献+

面向大规模源代码的内存安全性动态分析技术

Dynamic Analysis Technology of Memory Security for Large-scale Source Code
下载PDF
导出
摘要 随着软件规模越来越大,如何保证程序的可靠性和安全性越来越受到人们的关注。由于C语言缺乏内存安全检测的机制,导致使用C语言编写的程序容易存在安全漏洞,所以针对C语言的可靠性研究也很越来越多。当前,软件可靠性和安全性常用的验证方法是静态分析和动态分析,动态分析由于能真实反映程序中存在的问题而得到广泛应用。目前针对程序内存安全性的分析工具对较小规模的程序能够正确检测,但是在大规模程序中无法有效地对程序进行插桩和检测。针对此问题,该文在基于指针技术的内存安全分析技术的基础上,采用源代码插桩实现了大规模C程序内存分析工具Movec,并对其进行了有效性和性能实验。通过实验表明,该方法可以有效且高效地对大规模程序进行安全性分析。 With the increasing scale of software,how to ensure the reliability and security of the program has attracted more and more attention.Due to the lack of memory security detection mechanism in C language,programs written in C language are prone to security vulnerabilities,so there are more and more researches on the reliability of C language.At present,the commonly used verification methods for software reliability and security are static analysis and dynamic analysis.Dynamic analysis,which can truly reflect the problems in the program,is widely used.Current analysis tools for program memory security can correctly detect small-scale programs,but they can’t effectively instrument and detect the program in a large scale.In response to this problem,on the basis of the memory security analysis technology based on pointer technology,we use source code instrumentation to implement the large-scale C program memory analysis tool Movec and test its effectiveness and performance.Experiment shows that the proposed method can effectively and efficiently analyze the safety of large-scale programs.
作者 王冲 孙毅 仵俊 WANG Chong;SUN Yi;WU Jun(School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China)
出处 《计算机技术与发展》 2021年第7期92-96,共5页 Computer Technology and Development
基金 国家自然科学基金(U1533130)。
关键词 动态分析 大规模C程序 内存安全性 源代码插桩 基于指针 dynamic analysis large-scale C program memory safety source code instrumentation pointer-based
  • 相关文献

参考文献5

二级参考文献42

  • 1吕维梅,刘坚.C/C++程序安全漏洞的分类与分析[J].计算机工程与应用,2005,41(5):123-125. 被引量:18
  • 2Havard Julsrud Harge. A Survey of Software Safety[M].Norwegian University of Science and Technology,2001-11.
  • 3NASA-GB-8719.13.NASA Software Safety Guidebook.2002-01.
  • 4Department of Defense. Software System Safety Handbook. A Technical & Managerial Team Approach,by Joint Software System Safety Committee, 1999-11.
  • 5J Dennis Lawrence. Software Safety Hazard Analysis. Lawrence Livermore National Laboratory, 1995-10.
  • 6Scott Meyers. Effective C++[M].Addison Wesley, 1998.
  • 7Scott Meyers. More Effective C++[M].Addison Wesley,1996.
  • 8J Viega,J Bloch,T Kohno. ITS4:A Static Vulnerability Scanner for C and C++ Code[C].In: 16th Annual Computer Security Applications Conference, 2000.
  • 9Luk C K,Cohn R,Muth R,et al.Pin:building customized program analysis tools with dynamic instrumentation[J].ACM Sigplan Notices,2005,40(6):190-200.
  • 10Back M,Charney M,Cohn R,et al.Analyzing parallel programs with Pin[J].Computer,2010,43(3):34-41.

共引文献33

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部