摘要
C语言因其在运行速度及内存控制方面的优势而被广泛应用于系统软件和嵌入式软件的开发。指针的强大功能使得它可以直接对内存进行操作,然而C语言并未提供对内存安全性的检测,这就使得指针的使用会导致内存泄露、缓冲区溢出、多次释放等内存错误,有时这些错误还会造成系统崩溃或内部数据破坏等的致命伤害。当前已存在多种能够对C程序进行内存安全漏洞检测的技术。其中动态分析技术通过插桩源代码来实现对C程序的运行时内存安全检测,但是只有当程序执行到错误所在路径时才能发现错误,因此它依赖于程序的输入;而模糊测试是一种通过向程序提供输入并监视程序运行结果来发现软件漏洞的方法,但是无法检测出没有导致程序崩溃的内存安全性错误,也无法提供错误所在位置等详细信息。除此之外,由于C语言的语法比较复杂,在对一些大型复杂项目进行分析时,动态分析工具经常无法正确处理一些不常见的特定结构,导致插桩失败或者插桩后的程序无法被正确编译。针对上述问题,通过将动态分析技术与模糊测试技术结合,并对已有方法进行改进后,提出了一种能够对包含特定结构的C程序进行内存安全检测的方法。文中进行了可靠性和性能的实验,结果表明,在增加对C语言中特定结构的处理方法之后,能对包含C语言中特定结构的程序进行内存安全检测,并且结合模糊测试技术后具有更强的漏洞检测能力。
C language is widely used in the development of system software and embedded software due to its high speed and precise control of memory through pointers,and is one of the most popular programming languages.The power of pointers makes it possible to operate directly on memory.However,C does not provide detection of memory security,which makes the use of poin-ters can lead to memory errors like memory leaks,buffer overflows,multiple releases,and sometimes these errors can cause fatal damage such as system crashes or internal data corruption.At present,there are some techniques that can detect memory security vulnerabilities in C programs.Among them,dynamic analysis technique can detect memory safety of C programs at runtime by staking the source code,but it can only find the error when the program executes to the path where the error is located,so it relies on the program’s input.While fuzzy testing is a method to find software vulnerabilities by providing input to the program and monitoring the program’s operation results,but it cannot detect memory safety errors that do not cause the program to crash,nor can it provide detailed information such as the location of the error.It also does not provide detailed information such as the location of the error.In addition,due to the complex grammar of the C language,dynamic analysis tools often fail to correctly handle some uncommon specific structures when analyzing large and complex projects,resulting in stubbing failures or stubbed programs not being compiled correctly.To address these problems,this paper proposes a method that can detect the memory safety of C programs containing specific structures by combining dynamic analysis techniques with fuzzy testing techniques and improving existing methods.The reliability and performance experiments show that with the addition of C-specific structures,the memory safety of programs containing C-specific structures can be detected,and the combination of the fuzzy testing technique can have stronger vulnerability detectio
作者
马莺姿
陈哲
殷家乐
毛瑞琪
MA Yingzi;CHEN Zhe;YIN Jiale;MAO Ruiqi(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China)
出处
《计算机科学》
CSCD
北大核心
2024年第2期352-358,共7页
Computer Science
基金
国家自然科学基金(62172217)
国家自然科学基金委员会-中国民航局民航联合研究基金(U1533130)
中央高校基本科研业务费人工智能+专项(NZ2020019)。
关键词
内存安全
源代码插桩
动态分析
模糊测试
内存错误
Memory safety
Source-level instrumentation
Dynamic analysis
Fuzzing
Memory errors
