本文關(guān)鍵詞： 靜態(tài)分析 漏洞檢測 可擴展框架 污點分析　出處：《南京大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：軟件漏洞是威脅計算機系統(tǒng)安全的重要因素。有一類漏洞是由外部輸入的處理不當引發(fā)的,特別是在C/C++程序中,程序員可能會忽略程序中部分與外部輸入相關(guān)的安全關(guān)鍵操作(如除法、數(shù)組訪問、內(nèi)存訪問等)的合法性檢查,從而導(dǎo)致了潛在的安全漏洞(如除零錯誤、數(shù)組越界、內(nèi)存訪問越界等)。靜態(tài)分析技術(shù)能夠在源代碼中查找各種漏洞,且相比動態(tài)分析,無需執(zhí)行待測程序,而且不需要準備待測程序的測試用例,節(jié)省了很多工作,執(zhí)行效率也更高。而且,靜態(tài)分析可以掃描待測程序的全部代碼,而不像動態(tài)分析每次只能檢測執(zhí)行起來的部分代碼。但現(xiàn)有的靜態(tài)分析工具只能檢測預(yù)先設(shè)定的漏洞,出現(xiàn)新的漏洞時,需要開發(fā)新的漏洞檢測工具,代價高、周期長。本文聚焦于外部輸入未經(jīng)合法性檢查導(dǎo)致的C/C++程序漏洞,提出了一個基于污點分析的靜態(tài)漏洞檢測可擴展工具框架。論文的主要工作包括:1.提出了 C/C++程序的靜態(tài)污點分析方法。基于C/C++語言的簡化模型,定義了污點類型推導(dǎo)規(guī)則,提出了靜態(tài)污點分析方法和流程,包括過程內(nèi)分析和過程間分析。2.提出了基于污點分析的可擴展漏洞檢測框架�？蚣芏x了基于外部輸入攻擊安全關(guān)鍵操作防護不足的代碼漏洞統(tǒng)一檢測方法:程序結(jié)構(gòu)分析與安全關(guān)鍵操作定位、污點數(shù)據(jù)分析、防范攻擊的合法性檢查缺失檢測。該框架提供了兩方面的可擴展功能:1)提供了基于定制規(guī)則的污點分析方法;2)提供了可擴展的安全關(guān)鍵操作合法性檢查缺失的檢測方法。用戶只需配置安全關(guān)鍵操作的相關(guān)信息,就能自動檢測該類操作是否存在安全檢查缺失的漏洞。3.基于上述工作,實現(xiàn)了可擴展漏洞檢測框架的原型工具,并進行了實例研究。在Clang平臺上實現(xiàn)了程序結(jié)構(gòu)分析、污點分析和合法性檢查缺失檢測等模塊,基于該框架實現(xiàn)了3類漏洞的自動檢測:數(shù)組下標越界檢測、除零檢測和內(nèi)存操作API越界檢測,并應(yīng)對大規(guī)模程序?qū)崿F(xiàn)了針對污點信息的存儲和AST存儲的優(yōu)化策略;我們選取了若干程序進行了實驗,從污點分析的準確性、性能、優(yōu)化效果等方面進行了評估。
[Abstract]:Software vulnerabilities are important threats to the security of computer systems. Some vulnerabilities are caused by improper handling of external inputs, especially in C / C programs. Programmers may ignore legitimate checks for some of the security-critical operations related to external input (such as division, array access, memory access, etc.) in the program, resulting in potential security vulnerabilities such as zero exception errors. The static analysis technology can find various vulnerabilities in the source code, and compared with the dynamic analysis, it does not need to execute the program to be tested, and does not need to prepare the test cases of the program to be tested. It saves a lot of work and is more efficient. Moreover, static analysis can scan the whole code of the program to be tested. But the existing static analysis tools can only detect pre-set vulnerabilities, when new vulnerabilities appear, it is necessary to develop new vulnerability detection tools, which is costly. Long cycle. This article focuses on C / C program vulnerabilities caused by external input without legitimacy checks. This paper presents an extensible tool framework for static vulnerability detection based on stain analysis. The main work of this paper includes: 1. A static stain analysis method for C / C program is proposed. Simplified model of language. The derivation rules of stain type are defined, and the static stain analysis method and process are proposed. Including intra-process analysis and inter-process analysis. 2. An extensible vulnerability detection framework based on stain analysis is proposed. The framework defines a unified method for code vulnerability detection based on inadequate protection against key operations of external input attacks. :. Program structure analysis and safety key operation positioning. The framework provides two extensible functions: 1) provides a method of stain analysis based on custom rules; 2) provides an extensible method to detect the lack of security critical operation legitimacy check. Users only need to configure the relevant information of security critical operation. Based on the above work, the prototype tool of extensible vulnerability detection framework is implemented. The program structure analysis, the stain analysis and the detection of the lack of validity are implemented on the Clang platform. Based on this framework, automatic detection of three kinds of vulnerabilities is implemented: array subscript crossing detection, zero removal detection and memory operation API crossing detection. And the optimization strategy for the storage of stain information and AST storage is realized for large scale programs. Several programs are selected for experiments, and the accuracy, performance and optimization effect of stain analysis are evaluated.
【學(xué)位授予單位】：南京大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP309

【相似文獻】

相關(guān)期刊論文 前10條

1 ;漏洞檢測代表產(chǎn)品[J];每周電腦報;2003年46期

2 楊闊朝,蔣凡;模擬攻擊測試方式的漏洞檢測系統(tǒng)的設(shè)計與實現(xiàn)[J];計算機應(yīng)用;2005年07期

3 龍銀香;一種新的漏洞檢測系統(tǒng)方案[J];微計算機信息;2005年05期

4 賈永杰,王恩堂;一種新的漏洞檢測系統(tǒng)方案[J];中國科技信息;2005年09期

5 劉完芳;;基于網(wǎng)絡(luò)的漏洞檢測系統(tǒng)的設(shè)計[J];湘潭師范學(xué)院學(xué)報(自然科學(xué)版);2006年03期

6 金怡;蔡勉;王亞軍;;基于中間件的漏洞檢測系統(tǒng)設(shè)計[J];信息安全與通信保密;2007年04期

7 花青;高嶺;張林;;分布式漏洞檢測系統(tǒng)的設(shè)計與實現(xiàn)[J];東南大學(xué)學(xué)報(自然科學(xué)版);2008年S1期

8 張林;高嶺;湯聲潮;楊e，

本文編號：1451895