摘要
污点分析技术是漏洞检测的重要技术手段,由于缺少运行时额外信息,使用静态污点分析技术进行漏洞检测会产生大量的误报。基于污点分析技术,针对Web漏洞提出一种更细粒度的污点分析方法,在代码分析过程中生成更加精确的对象状态记录;对代码的执行路径进行判断并精确地记录污点以及sink的传递过程,有效减少了过污染和欠污染的情况。使用符号执行工具对漏洞位置的可达性进行了验证,可以排除一些虚假的漏洞警告,有效地降低了误报和漏报率。
Taint analysis technology is an important technical means for vulnerability detection.Due to the lack of additional information at runtime,using static taint analysis technology to detect code will produce many false positives.Based on the taint analysis technology,this paper proposes a more fine-grained taint analysis method for Web vulnerabilities.A more accurate object status record was generated during code analysis.The execution path of the code was judged and the stain and sink transfer processes were accurately recorded,which effectively reduced over-pollution and under-pollution.The symbol execution tool was used to verify the reachability of the vulnerability location,and some false vulnerability warnings could be eliminated,which effectively reduced the false positive and false negative rates.
作者
刘行波
李源林
余明俊
郑炎
喻金龙
郭运丰
孔华锋
羌卫中
Liu Xingbo;Li Yuanlin;Yu mingjun;Zheng Yan;Yu Jinlong;Guo Yunfeng;Kong Huafeng;Qiang Weizhong(Hubei Huazhong Electric Power Technology Development Co.,Ltd.,Wuhan 430077,Hubei,China;Wuhan Business University,Wuhan 430056,Hubei,China;School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,Hubei,China)
出处
《计算机应用与软件》
北大核心
2022年第11期297-303,共7页
Computer Applications and Software
基金
国家自然科学基金项目(61772221)。
关键词
静态污点分析
细粒度
执行路径
符号执行
Static taint analysis
Fine-grain
Execution path
Symbolic execution
