[关键词]
[摘要]
基于流和上下文敏感的SSA(static single assignment)信息流分析技术,提出了一种细粒度、可扩展的污点传播检测方法.利用控制流和数据流的相关信息,跟踪污染数据及其传播路径,可以检测缓冲区溢出、格式化串漏洞等程序脆弱性.分析过程在潜在问题点自动插装动态验证函数,在无需用户干预的情况下保证了程序的运行时安全.在GCC 编译器的基础上实现了分析系统,实验结果表明,该方法具有较高的精确度和时空效率.
[Key word]
[Abstract]
In this paper, based on a flow and context-sensitive SSA (static single assignment) information-flow analysis, a fine-grained and scalable approach is proposed for taint propagation analysis, which can not only track tainted data and its propagation path with control and data-flow properties, but also detect the vulnerabilities such as buffer overflow and format string bugs successfully. During the analysis, pieces of code considered vulnerable are instrumented with dynamic verification routines, so that runtime security is guaranteed in the absence of user intervention. The analysis system is implemented as an extension of GCC compiler, and the experiments have proven that this approach is efficient, holding both optimized accuracy and time-space cost.
[中图分类号]
[基金项目]
国家自然科学基金(60773170, 60721002, 90818022, 61021062); 国家高技术研究发展计划(863)(2006AA01Z432);高等学校博士学科点专项科研基金(200802840002); 江苏省科技支撑计划(BE2010032); 上海市信息安全综合管理技术研究重点实验室开放课题(AGK2008003)