基于信息流的整数漏洞插装和验证
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家自然科学基金(61170070,90818022,61021062);国家科技支撑计划(2012BAK26B01);国家高技术研究发展计划(863)(2011AA1A202)


Statically Detect and Run-Time Check Integer-Based Vulnerabilities with Information Flow
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    为降低整数漏洞插装验证的运行开销,提出基于信息流的整数漏洞插装方法.从限定分析对象范围的角度出发,将分析对象约减为污染信息流路径上的所有危险整数操作,以降低静态插装密度.在GCC平台上,实现了原型系统DRIVER(detect and run-time check integer-based vulnerabilities with information flow).实验结果表明,该方法具有精度高、开销低、定位精确等优点.

    Abstract:

    An approach to detecting integer-based vulnerabilities is proposed based on information-flow analysis in order to improve the run-time performance. In this approach, only the unsafe integer operations on tainted information flow paths, which can be controlled by users and involved in sensitive operations, need to be instrumented with run-time check code, so that both the density of static instrumentation and performance overhead are reduced. Based on this approach, a prototype system called DRIVER (detect and run-time check integer-based vulnerabilities with information flow) is implemented as an extension to the GCC compiler and tested on a number of real-world applications. The experimental results show that this approach is effective, scalable, light-weight and capable of locating the root cause.

    参考文献
    相似文献
    引证文献
引用本文

孙浩,李会朋,曾庆凯.基于信息流的整数漏洞插装和验证.软件学报,2013,24(12):2767-2781

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2012-08-31
  • 最后修改日期:2012-12-03
  • 录用日期:
  • 在线发布日期: 2013-12-04
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号