摘要
在开源软件的试运行阶段,由于软件模块间的复杂关系,使得缺陷定位异常困难,基于此,从风险轨迹角度出发,提出一种软件安全性缺陷定位方法。分析开源软件常见的几种缺陷报告,通过在程序中执行测试用例,得到函数调用序列;在含有缺陷的程序中运行测试用例,提取缺陷风险轨迹,明确缺陷函数;利用TPA方法构建风险度传播模型,确定目标模块的风险度向量,最后根据缺陷报告标签值确定开源软件内缺陷具体位置。仿真结果表明,所提方法可以准确找出软件中潜在的危险程序,且具有较高的精度。
In a test run of open-source software,complex relationship between software modules may lead to dif-ficult positioning of defects.From the perspective of risk trajectory,an approach to locate software security defect was proposed.Several common defect reports of open-source software were analyzed at first.And then,the function call-ing sequence was obtained by executing test cases in the program.Moreover,test cases ran in the programs with de-fects.After the defect risk trajectories were extracted,defect functions were determined.Furthermore,TPA method was used to construct a risk propagation model for determining the risk vector of target module.Finally,the location of defects in open-source software was determined by the tag value of defect report.Simulation results prove that the proposed method can accurately find out the potential malicious programs in software,with high accuracy.
作者
王强
周金宇
金超武
WANG Qiang;ZHOU Jin-yu;JIN Chao-wu(Information Construction and Management Center,Jinling Institute of Technology,Nanjing Jiangsu 211169,China;Institute of Electrical and Mechanical,Jinling Institute of Technology,Nanjing Jiangsu 211169,China;Institute of Electrical and Mechanical,Nanjing University of Aeronautics and Astronautics,Nanjing Jiangsu 210016,China)
出处
《计算机仿真》
北大核心
2023年第7期397-401,共5页
Computer Simulation
基金
2021年国家自然科学基金(面上项目)(52075232)。
关键词
风险轨迹
开源软件
缺陷定位
风险度向量
Risk trajectory
Open-source software
Defect location
Risk vector
