摘要
针对数据流分析常面临的高误报率等问题,提出基于图模型的C程序数据流分析方法,构建包含抽象语法树、控制流信息、程序依赖信息及函数调用信息的多维图模型,从安全敏感程序点(sink)溯源得到所有相关的外界可控输入源(source),通过基于图模型的过程内和过程间定值分析,实现对污点型缺陷的检测.结果表明,依赖完备的代码属性指导和区间运算支撑,可以有效降低数据流分析的误报率,减少人工审计代码的工作量.
A dataflow analysis method based on graph model for C program was proposed to solve theproblem of high false positive rate. A multi-dimensional property graph that includes abstract syntax tree,control flow graph, program dependence graph and function call graph was constrcheted. From thesecurity sensitive program point (sink), the related external controllable input point (source) could betraced. The tainted-style vulnerabilities could be detected through intra-procedural and inter-proceduraldefine analysis. Results show that the false positive rate of data flow analysis was effectively reducedrelying on the complete code property guidance and interval operation support, The method can reduce theworkload of manual code audit.
作者
常超
刘克胜
谭龙丹
贾文超
CHANG Chao LIU Ke-sheng TAN Long-dan JIA Wen-chao(Electronics Engineering Institute of PLA, Hefei 230037, Chin)
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2017年第5期1007-1015,1050,共10页
Journal of Zhejiang University:Engineering Science
基金
国家自然科学基金资助项目(61272491)
关键词
数据流分析
污点型漏洞
多维属性图
定值分析
data-flow analysis
taint-style vulnerability
multidimensional property graph
definition anal-ysis
