[1]王 冲,孙 毅,仵 俊.面向大规模源代码的内存安全性动态分析技术[J].计算机技术与发展,2021,31(07):92-96.[doi:10. 3969 / j. issn. 1673-629X. 2021. 07. 016]
 WANG Chong,SUN Yi,WU Jun.Dynamic Analysis Technology of Memory Security for Large-scale Source Code[J].,2021,31(07):92-96.[doi:10. 3969 / j. issn. 1673-629X. 2021. 07. 016]
点击复制

面向大规模源代码的内存安全性动态分析技术()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
31
期数:
2021年07期
页码:
92-96
栏目:
网络与安全
出版日期:
2021-07-10

文章信息/Info

Title:
Dynamic Analysis Technology of Memory Security for Large-scale Source Code
文章编号:
1673-629X(2021)07-0092-05
作者:
王 冲孙 毅仵 俊
南京航空航天大学 计算机科学与技术学院,江苏 南京 211100
Author(s):
WANG ChongSUN YiWU Jun
School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China
关键词:
动态分析大规模 C 程序内存安全性源代码插桩基于指针
Keywords:
dynamic analysislarge-scale C programmemory safetysource code instrumentationpointer-based
分类号:
TP311
DOI:
10. 3969 / j. issn. 1673-629X. 2021. 07. 016
摘要:
随着软件规模越来越大,如何保证程序的可靠性和安全性越来越受到人们的关注。 由于 C 语言缺乏内存安全检测的机制,导致使用 C 语言编写的程序容易存在安全漏洞,所以针对 C 语言的可靠性研究也很越来越多。当前,软件可靠性和安全性常用的验证方法是静态分析和动态分析,动态分析由于能真实反映程序中存在的问题而得到广泛应用。 目前针对程序内存安全性的分析工具对较小规模的程序能够正确检测,但是在大规模程序中无法有效地对程序进行插桩和检测。 针对此问题,该文在基于指针技术的内存安全分析技术的基础上,采用源代码插桩实现了大规模 C 程序内存分析工具 Movec,并对其进行了有效性和性能实验。 通过实验表明,该方法可以有效且高效地对大规模程序进行安全性分析。
Abstract:
With the increasing scale of software,how to ensure the reliability and security of the program has attracted more and more attention. Due to the lack of memory security detection mechanism in C language,programs written in C language are prone to security vulnerabilities,so there are more and more researches on the reliability of C language. At present, the commonly used verification methods for software reliability and security are static analysis and dynamic analysis. Dynamic analysis, which can truly reflect the problems in the program,is widely used. Current analysis tools for program memory security can correctly detect small-scale programs,but they can’t effectively instrument and detect the program in a large scale. In response to this problem,on the basis of the memory security analysis technology based on pointer technology,we use source code instrumentation to implement the large-scale C program memory analysis tool Move and test its effectiveness and performance. Experiment shows that the proposed method can effectively and efficiently analyze the safety of large-scale programs.

相似文献/References:

[1]崔伟勇 邬丽红 曹翀.一种基于关注点的用例模型的逆向恢复方法[J].计算机技术与发展,2008,(09):34.
 CUI Wei-yong,WU Li-hong,CAO Chong.An Approach of Recovering Use Case Models Based on Concerns[J].,2008,(07):34.
[2]徐建. 移动僵尸网络检测方法研究[J].计算机技术与发展,2016,26(12):117.
 XU Jian. Investigation on Mobile Botnets Detecting[J].,2016,26(07):117.
[3]李红灵[],詹翊[]. Android恶意程序常用权限分析及统计研究[J].计算机技术与发展,2017,27(11):132.
 LI Hong-ling[],ZHAN Yi[]. Statistics Analysis and Research on Common Permissions of Android Malwares[J].,2017,27(07):132.

更新日期/Last Update: 2021-07-10