摘要
多线程交互学习软件系统源代码需要等价转化,明确依赖关系,以实现精准高效的安全漏洞检测,提升系统运行的可靠性与安全性。运用词法与语法分析器分析待测系统源代码,经AST转化器遍历后等价转化源代码为IR,流分析IR后得到IR内语句间的依赖关系信息,依据所得依赖信息生成依赖图,输入到安全漏洞静态检测算法,经静态检测获取到安全漏洞检测报告,检测系统安全漏洞。实验结果表明,漏洞检测结果精度高、耗时少,具有较高的检测效率,综合性能表现优越,可为多线程交互学习软件系统的安全可靠运行提供保障。
The source code of multi-threaded interactive learning software system needs equivalent transformation and clear dependencies, so as to achieve accurate and efficient security vulnerability detection and improve the reliability and security of system operation. Lexical and parser were applied to analyze the source code of the system to be tested. After traversing the AST converter, the equivalent conversion source code becomes IR. After the flow analysis of IR, the dependency information between statements in IR was obtained. Based on the obtained dependency information, a dependency graph was generated. The dependency graph was input into the security vulnerability static detection algorithm. After static detection, the security vulnerability detection report was obtained to detect the security vulnerabilities of the system. The experimental results show that this method has high accuracy, detection efficiency and short time-consuming.
作者
徐晓君
常会丽
XU Xiao-jun;CHANG Hui-li(School of Computer Science and Engineering Ningxia Universityof Technology,Shizuishan Ningxia 753000,China;School of Physics and Electronic and Electrical Engineering,Ningxia University,Yinchuan Ningxia 750021,China)
出处
《计算机仿真》
北大核心
2022年第4期335-340,共6页
Computer Simulation
基金
青年科学基金项目(61902117)。
关键词
多线程
交互学习
软件系统
安全漏洞
自动化检测
静态检测
Multithreading
Interactive learning
Software system
Security vulnerability
Automatic detection
Static test
