用于漏洞检测的中间语言表示方法

Intermediate language representation for vulnerability detection

现有Web漏洞检测方法中使用的中间语言针对特定编程语言设计,在对多种编程语言源代码进行漏洞抽象表示时,无法将多语言下的同类型漏洞用统一的中间语言表示,增加了后续漏洞分析处理的难度。针对该问题提出了一种基于污点分析的中间语言表示方法,实现多编程语言下同类型漏洞信息的统一抽象表示。该中间语言设计过程中将漏洞发生过程抽象为三元组表示,将与三元组相关的代码元素抽象为中间语言的关键字,根据三元组间的语义关系设计了该中间语言的语法。在转义时,利用污点分析方法跟踪污染源的执行路径,对路径中的源代码进行转义得到中间语言表示。最后将该中间语言用于漏洞检测模型,实验结果表明该中间语言与对照中间语言相比对编程语言中漏洞信息的抽象表示更具普适性,对漏洞检测具有有效性。

The intermediate language adopted in existing Web vulnerability detection methods is designed for a specific programming language.However,when abstracting a vulnerability from the source code of multiple programming languages,a unified intermediate language cannot represent the same type of vulnerability in multiple languages,which increases the difficulty of subsequent vulnerability analysis.To deal with this problem,this paper proposed an intermediate language based on taint analysis to realize the unified abstract representation of the same type of vulnerability information in multiple programming languages.In the design process of the intermediate language,it firstly abstracted the process of vulnerability as a triple representation,and the code elements related to the triple were abstracted as the keywords of the intermediate language.Secondly,it designed the syntax of the intermediate language according to the semantic relationship between the triples.Thirdly,it utilized the taint analysis method to trace the execution path of the taint source when escaping,and the intermediate language representation could be obtained by escaping the source code in the path.Finally,it applied the intermediate language to the vulnerability detection model.The experimental results show that compared with the other intermediate languages’abstract representation of vulnerability information in programming languages,the proposed intermediate language is more universal and more effective for vulnerability detection.