摘要
为轻松获得程序的可能执行路径,进而实现程序变量的状态跟踪,提出了一种C/C++源代码控制流提取算法,通过该模型获取控制流切片,产生局部控制流图,将数据流异常检测与安全子集检测相结合,弥补了单独使用安全子集方法无法跟踪数据流的不足,增强代码安全隐患的挖掘能力。利用控制流图化简,排除部分不可达控制流信息,提高跟踪效率。通过对3个Linux内核源文件的检测,验证了该方法不仅可以检测出违反安全子集的代码安全隐患,同时对代码数据流异常检测提供支持,准确率达94.9%。
To acquire the execution paths from the C/C++ source codes to track program variables and to mine capabilities of code security risks,a control flow Abstraction algorithm of C/C++ source code is proposed to feasibly obtain control flow slices and generate local control flow graph.The data flow anomaly detection and the security subset detection is combined with this model,and the data flow analysis is extended to process and modules to lay the foundation for inter-procedural exception analysis.A simplification method for control flow is used to exclude un–reached control flow information and reduce the number of data flow tracking paths so as to improve the tracking efficiency.Finally,some experimental results show that the model can not only detect violations of safe subset,but also implement data flow anomaly detection.Its accuracy rate is more than 90%.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第6期2265-2271,2304,共8页
Computer Engineering and Design
基金
国家自然科学基金项目(91018003)
中央高校基本科研业务费专项基金项目(1600-852007
1600-893321)
关键词
代码异常
控制流分析
数据流分析
安全子集
控制流化简
code exception
control flow analysis
data flow analysis
security subset
control flow simplification