【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)的快速發(fā)展和開(kāi)源思想的普及,網(wǎng)絡(luò)上開(kāi)源代碼、算法和功能模塊等與軟件開(kāi)發(fā)相關(guān)的信息不斷豐富著計(jì)算機(jī)軟件的開(kāi)發(fā)工作,并且一些軟件在一定程度上會(huì)借鑒或引用網(wǎng)絡(luò)上的相關(guān)開(kāi)源代碼或者開(kāi)源框架以減少開(kāi)發(fā)復(fù)雜度和提高開(kāi)發(fā)效率。但是,網(wǎng)絡(luò)上的這些開(kāi)源代碼和功能模塊可能存在著各種潛在的缺陷,如:安全漏洞、后門(mén)代碼和木馬病毒等,在軟件開(kāi)發(fā)過(guò)程中,如果軟件源代碼中引用了有缺陷問(wèn)題的代碼,該軟件就很可能把缺陷代碼的缺陷問(wèn)題引入到開(kāi)發(fā)的軟件中。這種軟件安全問(wèn)題,是當(dāng)前安全領(lǐng)域研究的熱點(diǎn),也是本論文研究的重點(diǎn)。論文介紹了源代碼同源比對(duì)及缺陷分析相關(guān)技術(shù),在此基礎(chǔ)上,首先對(duì)抽象語(yǔ)法樹(shù)比對(duì)技術(shù)進(jìn)行了改進(jìn),提出了基于抽象語(yǔ)法樹(shù)剪枝比對(duì)算法。該算法能夠有效地發(fā)現(xiàn)一些針對(duì)底層數(shù)據(jù)修改的同源代碼,在一定程度上提高了源代碼同源比對(duì)結(jié)果的準(zhǔn)確度。其次,把源代碼程序依賴(lài)圖技術(shù)應(yīng)用到缺陷代碼檢測(cè)之中,改進(jìn)了靜態(tài)污點(diǎn)分析技術(shù)的相關(guān)算法,提出了基于程序依賴(lài)關(guān)系的缺陷檢測(cè)算法。該算法能夠在程序依賴(lài)圖結(jié)構(gòu)基礎(chǔ)上結(jié)合源代碼靜態(tài)污點(diǎn)分析技術(shù)來(lái)實(shí)現(xiàn)針對(duì)缺陷代碼的檢測(cè)。論文設(shè)計(jì)和實(shí)現(xiàn)了一種基于源代碼同源比對(duì)的缺陷檢測(cè)系統(tǒng),該系統(tǒng)使用了基于文本和抽象語(yǔ)法樹(shù)的同源比對(duì)技術(shù),通過(guò)將參與檢測(cè)的源代碼文本同系統(tǒng)缺陷代碼庫(kù)中缺陷代碼進(jìn)行同源比對(duì)來(lái)實(shí)現(xiàn)針對(duì)源代碼的缺陷檢測(cè);系統(tǒng)支持缺陷代碼庫(kù)的管理功能,用戶(hù)能夠根據(jù)自身需要選擇、添加和刪除相應(yīng)的缺陷代碼庫(kù)。通過(guò)測(cè)試,驗(yàn)證了系統(tǒng)開(kāi)發(fā)過(guò)程中所用到的相關(guān)技術(shù)的有效性,對(duì)系統(tǒng)進(jìn)行了整體驗(yàn)證,取得了很好的效果。
[Abstract]:With the rapid development of computer network and the popularization of open-source ideas, the information related to software development, such as open source code, algorithms and function modules, is enriching the work of computer software development. And to some extent, some software will use or reference the related open source code or open source framework on the network to reduce the development complexity and improve the development efficiency. However, these open source code and functional modules on the network may have a variety of potential defects, such as security vulnerabilities, backdoor code and Trojan viruses, in the process of software development, If the source code of the software refers to the defective code, the software is likely to introduce the defect problem of the defect code into the developed software. This kind of software security is a hot topic in the field of security, and it is also the focus of this paper. This paper introduces the related technologies of source code homology alignment and defect analysis. On this basis, the abstract syntax tree alignment technology is improved, and the pruning matching algorithm based on abstract syntax tree is proposed. The algorithm can effectively find some source code modified for the underlying data, and improve the accuracy of source code homology alignment to a certain extent. Secondly, the source code dependency graph technology is applied to defect code detection, and the related algorithms of static stain analysis are improved, and a defect detection algorithm based on program dependency is proposed. The algorithm can detect the defect code based on the structure of the program dependency graph and the static stain analysis technology of the source code. A defect detection system based on source code homology alignment is designed and implemented in this paper. The system uses the technology of homology alignment based on text and abstract syntax tree. The source code text involved in the detection is compared with the defect code in the system defect code base to realize the defect detection for the source code, the system supports the management function of the defect code base, and the user can choose according to his own needs. Add and delete the defect code base. The validity of the related technologies used in the development of the system is verified through the test. The system is verified as a whole and good results are obtained.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 朱雪梅;王興起;方景龍;王大全;;二進(jìn)制程序整型符號(hào)轉(zhuǎn)換缺陷的動(dòng)態(tài)檢測(cè)方法[J];計(jì)算機(jī)工程與應(yīng)用;2015年18期

2 羅琴靈;蔣朝惠;;多策略軟件代碼缺陷檢測(cè)方法研究[J];貴州大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年03期

3 李鄭;李姝;王俊;劉士進(jìn);;基于抽象語(yǔ)法樹(shù)分析的版本控制分支合并算法[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2015年03期

4 陳翔;鞠小林;文萬(wàn)志;顧慶;;基于程序頻譜的動(dòng)態(tài)缺陷定位方法研究[J];軟件學(xué)報(bào);2015年02期

5 徐濟(jì)惠;;基于Simhash算法的海量文檔反作弊技術(shù)研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2014年09期

6 劉鑫;;論計(jì)算機(jī)軟件安全技術(shù)分析[J];民營(yíng)科技;2014年04期

7 秦曉軍;甘水滔;陳左寧;;一種基于一階邏輯的軟件代碼安全性缺陷靜態(tài)檢測(cè)技術(shù)[J];中國(guó)科學(xué):信息科學(xué);2014年01期

8 劉麗霞;張志強(qiáng);;基于Trie樹(shù)的相似字符串查找算法[J];計(jì)算機(jī)應(yīng)用;2013年08期

9 楊軼;蘇璞睿;應(yīng)凌云;馮登國(guó);;基于行為依賴(lài)特征的惡意代碼相似性比較方法[J];軟件學(xué)報(bào);2011年10期

10 李虎;劉超;劉楠;李曉麗;;Java源代碼字節(jié)碼剽竊檢測(cè)方法及支持系統(tǒng)[J];北京航空航天大學(xué)學(xué)報(bào);2010年04期

相關(guān)博士學(xué)位論文 前2條

1 陸華彪;網(wǎng)絡(luò)惡意代碼協(xié)同識(shí)別與特征提取研究[D];國(guó)防科學(xué)技術(shù)大學(xué);2013年

2 趙云山;基于符號(hào)分析的靜態(tài)缺陷檢測(cè)技術(shù)研究[D];北京郵電大學(xué);2012年

相關(guān)碩士學(xué)位論文 前2條

1 吳太文;基于缺陷分析的軟件體系結(jié)構(gòu)退化研究[D];中南大學(xué);2013年

2 梁北海;基于污點(diǎn)分析的Java Web程序脆弱性檢測(cè)方法研究[D];華中科技大學(xué);2013年

，

本文編號(hào)：2222716