摘要
缓冲区溢出漏洞自从出现以来,一直引起许多严重的安全性问题,而且随着软件系统越做越大,越来越复杂,缓冲区溢出漏洞的出现越来越普遍。本文从检测程序的漏洞方面着手,比较了以前常用的静态代码分析和实时错误注入的检测方法,提出了一种对可执行文件反汇编后的代码进行缓冲区溢出漏洞检测的技术,提高了检测软件系统漏洞的效率。
When buffer overflow vulnerabilities comes,hasing been cause many serious safety problems.With the software system becomes more and more complicated,buffer overflow vulnerabilities appears more and more widespread.This paper is performed from the perspective of searching for a single vulnerability in a released program, a different approach compared to the many previous studies that focus on both static source code analysis and run time fault injection. We propose that a signature analysis of a disassembled bi-nary executable can lead to the discovery of a buffer overflow vulnerability,improved the efficiency of the detection software system.
出处
《微计算机信息》
北大核心
2007年第3期97-98,32,共3页
Control & Automation
基金
国家预研基金资助项目(51400010205JB5201)