| C程序缓冲区溢出漏洞精确检测方法 |
| |
| 引用本文: | 李吉,王雷.C程序缓冲区溢出漏洞精确检测方法[J].北京航空航天大学学报,2008,34(3):319-322. |
| |
| 作者姓名: | 李吉 王雷 |
| |
| 作者单位: | 北京航空航天大学 计算机学院, 北京 100083 |
| |
| 摘 要: | C程序中的缓冲区溢出漏洞是影响系统安全性的严重问题,利用工具有效地检测并消除出这一漏洞,可以大大提高系统的安全性.针对现有工具在检测缓冲区溢出漏洞上的不足,提出了一种利用模型检测技术对C语言代码中潜在的缓冲区溢出漏洞进行精确检测的新方法.该方法首先将对缓冲区漏洞的检测转化为对程序某个位置可达性的判定,再使用模型检测工具对可达性进行验证.使用这一方法建立了一个精确检测C程序中缓冲区溢出漏洞的原型系统,并使用该原型系统进行了试验.结果表明该方法可以较为精确地检测并定位出代码中的漏洞.
|
| 关 键 词: | 缓冲区溢出 安全漏洞 静态分析 模型检测 |
| 文章编号: | 1001-5965(2008)03-0319-04 |
| 收稿时间: | 2007-06-29 |
| 修稿时间: | 2007年6月29日 |
Method for precisely detecting buffer overflow vulnerabilities in C programs |
| |
| Li Ji,Wang Lei.Method for precisely detecting buffer overflow vulnerabilities in C programs[J].Journal of Beijing University of Aeronautics and Astronautics,2008,34(3):319-322. |
| |
| Authors: | Li Ji Wang Lei |
| |
| Institution: | School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China |
| |
| Abstract: | Buffer overflow(BO) vulnerability in C programs is one of the most crucial threats to the security of a system.Using tools to detect and eliminate this kind of vulnerability in programs will give the system sufficient ability to maintain security environment.For the scarcity of accuracy in detecting BO vulnerabilities,current bug-hunting tools can not precisely detect BO vulnerabilities.A new method was proposed,which uses model checking,to precisely detect potential BO in C programs.This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs and uses model checking tool to do the verification job.Using this method,a prototype system has been developed and been tested with some benchmarks.The early results show that this method can precisely detect BO vulnerabilities in C programs. |
| |
| Keywords: | buffer overflow security vulnerabilities static analysis model checking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《北京航空航天大学学报》浏览原始摘要信息 |
| 点击此处可从《北京航空航天大学学报》下载免费的PDF全文 |
