摘要
随着计算机技术的成熟和Internet技术在各行各业的应用,信息安全问题变得越来越重要.各种各样的软件漏洞可能会被病毒、木马利用而产生各种各样的信息安全问题.在所有的软件漏洞中,数据驱动型漏洞是最常见的、也是最容易被利用的漏洞之一.目前的检测工具往往不够深入,仍然存在许多的不足.该文提出了一种基于语义分析的数据驱动型漏洞的静态检测算法.该算法定义了漏洞的词法成分和语法成分,在词法分析和语法分析的基础上,实现了对漏洞的语义层次检测.与传统的采用编译原理方法实现的静态检测工具相比,本算法实现了对数据驱动型漏洞更准确的检测.最后,设计并实现了一个静态检测原型系统,并通过实验证明了系统的有效性.
With the maturitg of computer technology and the application of Internet in different fields,information security is becoming more and more important.Different kinds of software vulnerability may be used by computer viruses and Trojan horses to cause different kinds of problems.Data-driven vulnerability is one of the most common and most likely to be used vulnerabilities in all of the vulnerabilities.However,the static detection now is not thorough and still has some flaws.This paper proposes a static detection algorithm based on semantic analysis to detect data-driven vulnerability.The algorithm defines lexical elements and syntax elements,and implements the detection of the semantic level for the vulnerability based on the analysis of lexical elements and syntax elements.Compared to the traditional static detection which uses the principles of a compiler,the new static detection makes a more accurate detection for data-driven vulnerability.In the end,a static detection system is designed and implemented,and is proved valid by experiment.
出处
《应用科技》
CAS
2011年第6期30-35,共6页
Applied Science and Technology
基金
国家自然科学基金资助项目(60975071)
黑龙江省教育厅科学技术研究基金资助项目(12513055)
关键词
数据驱动型漏洞
静态检测
语义分析
原型系统
data-driven vulnerability
static detection
semantic analysis
prototype system
