期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

数据关联性分析辅助漏洞挖掘 被引量:1

Data correlation analysis assists vulnerability detection
下载PDF
导出
摘要 为了提高对缓冲区溢出漏洞的挖掘效率,提出了使用数据关联性分析辅助漏洞挖掘的方法。该方法首先对目标文件进行反编译,在反编译的基础上构建函数的抽象语法树(AST),设计算法提取关键变量的反向关联信息,之后将提取的信息应用到漏洞挖掘中。该方法在无源码漏洞挖掘方面有明显优势,能有效发掘软件中存在的缓冲区溢出漏洞可疑点,提高漏洞挖掘的效率和自动化程度。 Abstract: In order to improve the efficiency of such vulnerabilities discovery, this paper presented a method which used data correlation analysis auxiliary vulnerabilities discovery. Firstly, the method deeompiled target files and constructed the abstract syntax tree (AST), designed algorithm to extract the inversely correlation information of key variables. Then, it applied the extracted information to detect of buffer overflow. This method has obvious advantages in non-source code vulnerability disco- very, can discover buffer overflow in the software effectively, and improve the efficiency and automation of vulnerability dis- covery.
作者 尹青 李永伟 舒辉
机构地区 解放军信息工程大学数学工程与先进计算国家重点实验室
出处 《计算机应用研究》 CSCD 北大核心 2014年第2期583-585,589,共4页 Application Research of Computers
关键词 反编译 漏洞挖掘 缓冲区溢出 数据关联性 抽象语法树 decompile vulnerability discovery buffer overflow data correlation abstract syntax tree (AST)
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献13

  • 1Russinovich M E, Solomon D. Microsoft Windows Internals, fourth edition: Microsoft Windows ServerTM 2003, Windows XP, and Windows 2000 [M]. Washington: Microsoft Press, 2004:540-550. 被引量:1
  • 2Cousot P, Cousot R. Abstract interpretation: A unified lattice model /or static analysis of programs by construction or approximation of fixpoints [C] //Proc of the 4th ACM SIGACT-SIGPLAN Symp on Principles of Programming Languages (POPL). New York: ACM, 1977: 238-252. 被引量:1
  • 3Shankar U, Talwar K, Foster J S, et al. Detecting format string vulnerabilities with type qualifiers [C] //Proc of the 10th USENIX Security Symp. Berkeley: USENIX, 2001: No 16. 被引量:1
  • 4Foster J S, Terauchi T, Aiken A. Flow sensitive type qualifiers [C] //Proc of the ACM SIGPLAN'02 Conf on Programming Language Design and Implementation (PLDI). New York: ACM, 2002: 1-12. 被引量:1
  • 5Foster J S, Fahndrich M, Aiken A. A theory of type qualifiers [C] //Proe of the ACM SIGPLAN'99 Conf on Programming Language Design and Implementation (PLDI). New York: ACM, 1999:192-203. 被引量:1
  • 6Ceara D. Deteeting software vulnerahilities static taint analysis [D]. Bucharest, Romania: Politehnica University of Bucharest, 2009. 被引量:1
  • 7Jovanovic N, Kruegel C, Kirda E. Pixy: A static analysis tool for detecting Web application vulnerabilities [C] //Proe of the 2006 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 2006: 263-268. 被引量:1
  • 8Cifuentes C, Scholz B. Parfait: Designing a scalable bug checker [C]//Proc of the 2008 Workshop on Static Analysis. New York: ACM, 2008, 4-11. 被引量:1
  • 9Scholz B, Zhang Chenyi, Cifuentes C. User-Input dependence analysis via graph reachability, SMLI TR-2008- 171 [R]. Menlo Park, CA.. Sun Microsystems Laboratories, 2008. 被引量:1
  • 10Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software [C] //Proc of the 12th Annual Network and Distributed System Security Symposium. San Diego, CA: Internet Society, 2005:134-150. 被引量:1

共引文献8

同被引文献9

引证文献1

二级引证文献6

计算机应用研究
2014年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部