期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种发现C程序中缓冲区溢出漏洞的算法 被引量:1

THE ALGORITHM OF FINDING VULNERABILITIES IN C CODE
在线阅读 下载PDF
导出
摘要 提出了一种基于类型检查的分析算法,可用于分析C语言编写的源程序来进行缓冲区漏洞检查。这个算法通过添加了若干用户自定义的类型标识符来扩展C语言中的类型系统,编程人员可以通过在程序中增加这些定义,然后系统将通过类型检查来分析这些定义是否正确。算法提高了缓冲区漏洞发现率及降低了漏洞误报率。最后给出了通过类型匹配算法进行检测潜在漏洞的实验分析结果。 This paper presents the arithmetic which is a type-based analysis arithmetic for finding the vulnerabilities in C code. It extends the type system of C with extra user-defined type qualifiers. The programmer annotates their program in a few places, and it performs qualifier inference to check whether the annotations are correct. At the end of article,the result of test analysis used type-based arithmetic is given.
作者 唐福华 朱鸿宇 刘瑰
机构地区 上海交通大学计算机科学与工程系 江南计算技术研究所 解放军信息工程大学
出处 《计算机应用与软件》 CSCD 北大核心 2006年第7期104-107,共4页 Computer Applications and Software
关键词 缓冲区溢出 类型匹配 限定符 声明 过程相关 多态 Buffer overflow Type match Qualifiers Annotate Flow-sensitivity Polymorphism
分类号 TP393.08 [自动化与计算机技术—计算机应用技术] TP391.41 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Thomas A.Henzinger,Ranjit Jhala,Rupak Majumdar,Gregoire Sutre.Lazy Abstraction[C].ACM Symposium on Principles of Programming Languages(POPL),2002.
  • 2Thomas A.Henzinger,Ranjit Jhala,Rupak Majumdar,George Necula,Westley Weimer,Gregoire Sutre.Temporal-safety Proofs for Systems Code[C].Proceedings of the 14th Conference on Computer-Aided Verification(CAV),2002.
  • 3Thomas A.Henzinger,Ranjit Jhala,Rupak Majumdar,and Shaz Qadeer.Thread-modular Abstraction Refinement[C].Proceedings of the 15th International Conference on Computer-Aided Verification(CAV),Lecture Notes in Computer Science,Springer-Verlag,2003.
  • 4Ben Liblit,Alex Aiken,Alice X.Zheng,and Michael I.Jordan.Sampling User Executions for Bug Isolation[C].In Workshop on Remote Analysis and Measurement of Software Systems (RAMSS).Portland,Oregon.May,2003.
  • 5Ben Liblit,Alex Aiken,Alice X.Zheng,and Michael I.Jordan.Bug Isolation via Remote Program Sampling[C].In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI 2003).San Diego,California.June,2003.
  • 6Alice X.Zheng,Michael I.Jordan,Ben Liblit,and Alex Aiken.Statistical Debugging of Sampled Programs[C].To appear in the Seventeenth Annual Conference on Neural Information Processing Systems(NIPS 2003).Vancouver and Whistler British Columbia,Canada.December,2003.
  • 7George C.Necula,Scott McPeak,Westley Weimer CCured:Type-Safe Retrofitting of Legacy Code[C].In Proceedings of the 29th ACM Symposium on Principles of Programming Languages(POPL02),pp.128~139,Oregon,January 2002.
  • 8Jeremy Condit,Matthew Harren,George C.Necula Scott McPeak,Westley Weimer.CCured In The Real World[C].In Proceedings of the Programming Language Design and Implementation(PLDI03).pp.232~244,California,June 2003.
  • 9C.Cowan et al.Stackguard:Automatic adaptive detection and prevention of buffer-overflow attacks[C].In Proceeding of the Seventh USENIX Security Symposium,pages 63~77,San Antonio,TX 1998.
  • 10D.Wagner,J.Foster,E.Brewer,and A.Aiken.A first step towards automated detection of buffer overrun vulnerabilities[C].In Proceedings of the Year 2000 Network and Distributed System Security Symposium(NDSS),pages 3~17,San Diego,CA,2000.

同被引文献4

引证文献1

计算机应用与软件
2006年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部