期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于静态检测的缓冲区溢出漏洞研究 被引量:2

A Study Based on Static Detection for Buffer Overflow Flaw
下载PDF
导出
摘要 缓冲区溢出漏洞是一种危害严重且常见的软件安全漏洞。静态分析方法不需要执行源代码,便可以提取软件的静态信息,从而检测出软件中安全漏洞。针对静态检测工具Splint在检测缓冲区溢出攻击漏洞方面存在的不足,从检测的功能和可检测的"危险函数"类型两个方面进行了改进。最后使用改进后的Splint工具对几个常用的与网络应用相关的软件包进行检测,检测结果表明改进后的Splint检测工具能够大大地提高检测缓冲区溢出漏洞的效率。 Buffer overflow flaw is a kind of harm and common software security flaws. Static analysis method which doesn' t need to run the source code can extract software static information and detect potential security flaws in software. Because the static detector Splint has limitations in detecting buffer overflow attacking flaws, this paper improves the tool in functionalities of detection and "dangerous functions" detected. At last, the improved Splint was used to detect several common software packages which are correlative to web application. The results showed the improved Splint could enhance the efficiency of detection to buffer overflow flaws.
作者 包常喜 白喜文 赵希武
机构地区 内蒙古师范大学计算机与信息工程学院
出处 《电脑编程技巧与维护》 2013年第10期110-112,共3页 Computer Programming Skills & Maintenance
关键词 静态检测 缓冲区溢出 危险函数 Splint工具 static detection buffer overflow dangerous function Splint tool
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Howard M, LeBlanc D. Writing Secure Code, Second Edition, 2002.
  • 2张林,曾庆凯.软件安全漏洞的静态检测技术[J].计算机工程,2008,34(12):157-159. 被引量:41
  • 3彭炜.计算机安全漏洞动态检测研究[J].光盘技术,2009(4):16-17. 被引量:7
  • 4Ernst M D. Static and dynamic analysis: Synergy and duality. WODA 2003: ICSE Workshop on Dynamic Analysis, 2003, 24-27.
  • 5Aho A V, Sethi R, DUllman J D. Compilers: Principles, Tech- niques, and Tools. 2nd Edition. Boston, MA: Addison-Wes- ley, 2006.
  • 6Ferrante F, Ottenstein K J, Warren J D. The Program Depen- dence Graph and its use in optimization . ACM transactions on Programming Languages and Systems, 1987, 9 (3): 319- 349.
  • 7Aho A V, Uliman J D. The Theory of Parsing, Translation, and Compiling. Prentice-Hall, 1972.
  • 8Cytron R, Ferrante J, et al. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, 1991, 13 (4): 451-90.

二级参考文献8

  • 1夏一民,罗军,张民选.基于静态分析的安全漏洞检测技术研究[J].计算机科学,2006,33(10):279-282. 被引量:29
  • 2蒋诚.信息安全漏洞等级定义标准及应用[J].信息安全与通信保密,2007,29(6):148-149. 被引量:15
  • 3Weber S, Karger P A, Paradkar A. A Software Flaw Taxonomy: Aiming Tools at Security[C]//Proc. of ACM Software Engineering for Secure Systems Building Trustworthy Applications. Louis, Missouri, USA: [s. n.], 2005.
  • 4Landwehr C E. Formal Models for Computer Security[J]. ACM Computing Surveys, 1981, 13(3): 247-278.
  • 5Foster J S, Fghndrich M, Aiken A. A Theory of Type Qualifiers[J]. ACM SIGPLAN Notices, 1999, 34(5): 192-203.
  • 6Kurshan R P. Program Verification[J]. Notices of the American Mathematical Society, 2000, 47(5): 534-545.
  • 7Wagner D. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities[C]//Proc. of the 7th Network and Distributed System Security Symposium. San Diego, USA,: [S. l.], 2000.
  • 8单谷云,黄成军,江秀臣.电缆排管机器人的图像监控传输系统设计[J].微计算机信息,2008,24(29):228-229. 被引量:11

共引文献45

同被引文献9

引证文献2

二级引证文献2

电脑编程技巧与维护
2013年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部